Infrastructure as code (IaC) is a powerful and mature technology used by DevOps teams to automate resource provisioning on the cloud. The basic idea of IaC is that you can maintain a simple, human readable configuration file, called a “template”, defining a complex infrastructure.
Then, from this template, you can automatically provision this infrastructure, in a way that is highly reliable and repeatable. You can check the configuration file into source code and update it to improve or fine tune your infrastructure - essentially letting you manage “infrastructure as code”.
Amazon provides its own IaC platform called CloudFormation. This is not the only option for IaC on Amazon - you can also use third party automation platforms like Terraform, Puppet, and Chef.
In this article, we’ll explain the basics of CloudFormation, and show a number of ready-made configuration templates you can use to automate useful activities, such as auto scaling, provisioning of storage buckets, and creation of identity and access management (IAM) roles.
What Is AWS CloudFormation?AWS CloudFormation is a solution that facilitates modelling and setting up AWS resources, which helps you save time on management. CloudFormation provisions and configures resources based on a template you create, which specifies the resources you require (such as EC2 instances or RDS DB instances). There is no need to create or configure each resource individually.
The template you use in CloudFormation template will be a text file in JSON or YAML format. The file can be saved with various extensions (e.g. .json, .yaml, .txt or .template). You should choose the format that is most comfortable for you to work with. Take into account, for instance, that some features available in YAML cannot be found in JSON.
The YAML and JSON specifications supported by AWS CloudFormation include:
- Use of the ECMA-404 JSON standard
- Support for YAML Version 1.1 features—with some exceptions, including aliases, hash merges, and tags (omap, pairs, binary, set and timestamp)
How Does CloudFormation Work?Here are three fundamental CloudFormation concepts you should know about:
- Template—a JSON or YAML file that lets you define AWS resources declaratively. CloudFoundation uses templates as a blueprint when automatically configuring and deploying resources.
- Stack—a deployed template creates resources as a “stack”. When you update or delete resources the changes are applied to the entire stack.
- Change Set—you can run updates on your stack and then CloudFormation handles the changes. Change Sets can help you see the impact of these changes before the update is applied.
Here is how the process works:
- Use AWS CloudFormation Designer (or other text editor) to modify an existing CloudFormation template or create a new one. Alternatively, use a ready-made AWS template.
- Save the template—you can save it in an S3 bucket or locally.
- Specify the template file’s location to create a CloudFormation stack. For example, you can define paths on local computers or provide Amazon S3 URLs. Templates that contain parameters allow you to specify input values when you create a stack. These parameters can help users customize the resources they create.
Once your resources are set up, CloudFormation reports that the stack was created. At this stage, you can start using any resources in the stack. If the process of creating a stack fails, CloudFormation will undo your changes by deleting all resources it created.
AWS CloudFormation Template ComponentsAWS CloudFormation templates contain nine main objects:
- Format version—defines the version of the template format (currently only one option, 2010-09-09)
- Description—lets you specify comments about the template.
- Metadata—lets you use JSON or YAML objects to add information.
- Parameters—let you customize your template by adding or modifying custom values, before deployment and at runtime.
- Mappings—lets you map keys to corresponding named values, which you specify in conditional parameters. To retrieve values from a map, you can use the Fn:: FindInMap intrinsic function.
- Conditions—define the resources that are created and when their properties are assigned to values. This can happen during updates or stack creation.
- Transform—builds an easy-to-use declarative language for CloudFormation and lets you reuse template components. Each template lets you declare a single or multiple transforms.
- Resources—lets you declare which resources—such as 3 buckets or EC2 instances—should be used for the stack.
- Output—describes the output values allowed to be imported into other stacks or values that should be returned when you view stack properties.
What Is AWS CloudFormation Designer?CloudFormation Designer offers graphic functionality that helps you create, view, and modify CloudFormation templates. Designer lets you diagram template resources via a drag-and-drop interface. You can edit these details through an integrated YAML and JSON editor. Designer is highly useful for quickly finding interrelationship between the resources of a template and easily modifying the template.
Visualize Template ResourcesIt can be difficult to parse JSON or YAML text files to see all resources inside the template and the relationships between them. Designer can help you visualize these aspects, so you can better understand these processes. You can use it to:
- View a graphic representation of AWS resources specified in the template and their relationships
- View metadata-based diagrams. Designer saves changes in metadata, ensuring you see the most recent updates.
Simplify Template AuthoringWhen authoring template resources, you need to manually edit YAML or JSON files. This is an error-prone and tedious process. Instead, you can use Designer’s drag and drop interface to add new resources to a template, and drag connections to establish relationships. The tool automatically makes the relevant changes to the JSON or YAML files. Additionally, when you create a new template, Designer adds basic relationships that ensure you create a valid template.
Simplify Editing with the Integrated YAML and JSON EditorThe integrated editor enables you to make all template modifications from within the AWS CloudFormation console. You don’t have to use different text editors to change or save different templates. Additionally, the integrated editor offers an auto-complete functionality that lists all properties per resource, to ensure you don’t have to memorize or search for them. The integrated editor can also convert YAML templates to JSON and vice versa.
13 AWS CloudFormation Template ExamplesAWS provides a wide range of pre-built templates, which you can use directly to automate actions on AWS, or customize to create your own automations.
Auto ScalingThe following templates provide policies for creating an Auto Scaling group:
- Load-based auto scaling—uses scaling policies based on CPU usage to launch and stop EC2 instances across various Availability Zones. It provides email notifications of scaling events.
- Auto scaling with update policies—incorporates an update policy to keep two instances running when an update occurs.
- Scheduled auto scaling—uses schedules to adjust the number of EC2 instances in the scaling group at specified times.
Amazon ServicesThe following templates create AWS services:
- Instances in an EC2 security group—creates Amazon EC2 instances within an EC2 security group
- Amazon S3 bucket—creates an Amazon S3 bucket that is publicly accessible through websites. Provides a deletion policy that ensures the bucket is retained when you delete the stack.
- Automated deployment of Video on Demand—launches Video on Demand with all related components, including (by default) Lambda, S3 buckets, Step Functions, Elemental MediaConvert, DynamoDB and more. The template is customizable, so you can add features, for example leverage video APIs like Cloudinary or IBM Watson.
- Hello World AWS Batch—creates a Batch computing environment with a job queue and definition for a Hello World batch job. The job definition can be modified to run other batch scripts or Docker containers. Batches run on low-cost AWS spot instances.
- DocumentDB Cluster—creates Amazon DocumentDB clusters with primary instances.
- Lambda security group—uses AWS Lambda functions and customized resources to add security groups to an existing security group list. This allows you to dynamically build a list that includes both existing and new groups.
SecurityThe following templates use security policies to create and configure resources:
- Identity Access Management (IAM)—use various policies to create multiple AWS IAM groups and users.
- Simple Notification Service (SNS)—creates Amazon SNS topics for sending messages to IAM users and Amazon SQS queues (two of each). One user has publish access while the other has read access to view the messages.
- Amazon SQS queues with CloudWatch—creates SQS queues with alarms from CloudWatch to help you monitor the depth of your queues.
- AWS Config rules and delivery channel—launches an EC2 volume with AWS Config rules to ensure that all volumes have the necessary taga. Enables automatic I/O.
Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Samsung NEXT, NetApp and Imperva, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.
Want to write an article for our blog? Read our requirements and guidelines to become a contributor.