AWS CloudFormation

AWS CloudFormation

AWS CloudFormation is an AWS service that gives developers and businesses an easy way to create a collection of related AWS and third party resources and provision them in an orderly and predictable fashion. AWS CloudFormation enables customers to use programming languages or a simple text file to model and provision in an automated and secure manner.

  • Using AWS CloudFormation sample templates or by creating their own templates, AWS clients can describe the AWS resources, and any associated dependencies or runtime parameters, required to run any application.
  • AWS CloudFormation automates and simplifies the task by creating groups of related resources, and interconnecting all these resources to power customers applications.
  • AWS CloudFormation provisions customers application resources in a safe, repeatable manner, that enables them to build and rebuild their infrastructure and applications, without having to perform manual actions or write custom scripts.
  • AWS CloudFormation allows customers to model their entire infrastructure and application resources with either a text file or programming languages. The AWS CloudFormation Registry and CLI enables to manage third party resources with CloudFormation. 

AWS CloudFormation features

AWS CloudFormation template is a template that describes all of AWS customers resources and their properties. When creating a template in AWS CloudFormation stack, AWS CloudFormation  provisions the Auto Scaling group, load balancer, and database. Once the stack has been successfully created and AWS resources are up and running, customers can delete the stack, that deletes all the resources in the stack.

  • By using AWS CloudFormation, AWS customers can easily manage a collection of resources as a single unit.
  • When provisioning the infrastructure in AWS CloudFormation, the AWS CloudFormation template describes exactly what resources are provisioned and their settings. Because these templates are text files, customers can simply track differences in their templates to track changes to their infrastructure, similar to the way developers control revisions to source code. 

With the AWS Cloud Development Kit (AWS CDK) customers can define their application using TypeScript, Python, Java, and .NET. AWS CDK is an open source software development framework that helps customers model their cloud application resources using familiar programming languages, and then provision their infrastructure using AWS CloudFormation directly from their IDE. CDK provides you with high-level components that preconfigure cloud resources with proven defaults.

  • It provides you with high-level components that preconfigure cloud resources with proven defaults,
  • AWS CDK provisions customers resources in a safe, repeatable manner through AWS CloudFormation.
  • It enables customers to compose and share their own custom components that incorporate their organization’s requirements, helping them to start new projects faster.

AWS CloudFormation Designer (Designer) is a graphic tool for creating, viewing, and modifying AWS CloudFormation templates. With Designer, AWS customers can diagram their template resources using a drag-and-drop interface, and then edit their details using the integrated JSON and YAML editor.

  • For those, who are a new or an experienced AWS CloudFormation user, AWS CloudFormation Designer can help them quickly see the interrelationship between a template’s resources and easily modify templates.
  • Designer enables customers to see graphic representations of the resources in their template
  • It simplifies template authoring, and template editing.

Continuous delivery is a release practice in which code changes are automatically built, tested, and prepared for release to production. With AWS CloudFormation and CodePipeline, customers can use continuous delivery to automatically build and test changes to your AWS CloudFormation templates before promoting them to production stacks. 

  • Continuous delivery lets developers automate testing beyond just unit tests so they can verify application updates across multiple dimensions before deploying to customers.
  • These tests may include UI testing, load testing, integration testing, API reliability testing, etc., which enables  developers more thoroughly validate updates and pre-emptively discover issues.
  • Customers can discover and address bugs earlier before they grow into larger problems later with more frequent and comprehensive testing. 

When you use AWS CloudFormation, you work with templates (describe customers AWS resources and their properties) and stacks(provisions the resources that are described in customers template). 

  • The template, a JSON or YAML-format, text-based file that describes all the AWS resources customers need to deploy to run their application and the stack, the set of AWS resources that are created and managed as a single unit when AWS CloudFormation instantiates a template.
  • Customers can use JSON or YAML to describe what AWS resources they want to create and configure. Using use AWS CloudFormation Designer, customers can design visually and get started with AWS CloudFormation templates.
  • An AWS CloudFormation template is a JSON or YAML formatted text file. Customers can save these files with any extension, such as .json.yaml.template, or .txt. AWS CloudFormation uses these templates as blueprints for building your AWS resources.

A stack is AWS CloudFormation service that manage related AWS resources as a single unit. Customers can create, update, and delete a collection of resources by creating, updating, and deleting stacks. All the resources in a stack are defined by the stack’s AWS CloudFormation template.

  • Once customers created a template such as Auto Scaling group, Elastic Load Balancing load balancer, and an Amazon Relational Database Service (Amazon RDS) database instance, they can create a stack by submitting the template that they created, and AWS CloudFormation provisions all those resources.
  • AWS customers can work with stacks by using the AWS CloudFormation console, API, or AWS CLI.
  • Using a Change Sets (summary of the customer proposed changes), AWS CloudFormation will create a new template and delete the old one.
  • While creating an AWS CloudFormation stack, the AWS Management Console will automatically synthesize and present a pop-up dialog form for AWS customers to edit parameter values

Amazon ECS is integrated with AWS Cloud Map, that helps customers  discover and connect  their containerized services with each other.  Cloud Map enables customers to define custom names for application resources, and it maintains the updated location of these dynamically changing resources. 

  • Service mesh makes it easy to build and run complex microservices applications by standardizing how every microservice in the application communicates.
  • Amazon Elastic Container Service supports Docker networking and integrates with Amazon VPC to provide isolation for containers. 
  • Amazon ECS is integrated with Elastic Load Balancing, allowing customers to distribute traffic across your containers using Application Load Balancers or Network Load Balancers.
  • Amazon ECS allows clients to specify an IAM role for each ECS task. This allows the Amazon ECS container instances to have a minimal role

CloudFormation advantages

Follow a familiar format: A CloudFormation template is simply a JSON (JavaScript Object Notation) or YAML-formatted text file that describes the AWS infrastructure needed to run an application or service along with any interconnection between them.

Manage relationships: Templates concisely capture resource relationships, such as EC2 instances that must be associated with an Elastic Load Balancing load balancer, or the fact that an EBS volume must be in the same EC2 Availability Zone as the instance to which it is attached.

Use over and over: Using template parameters enable a single template to be used for many infrastructure deployments with different configuration values, such as how many instances to deploy for the application.

Get helpful feedback: Templates also provide output properties for communicating deployment results or configuration information back to the user. For example, when instantiated, a template may provide the URL of the Elastic Load Balancing endpoint the customer should use to connect to the newly instantiated application.

Avoid collisions: All AWS resources in a template are identified using logical names, allowing multiple stacks to be created from a template without fear of naming collisions between AWS resources.

Write and go: Use any method to launch a stack without having to register the template with AWS CloudFormation beforehand.

Visualize your stack: CloudFormation Designer allows customers to visualize their templates in a diagram. Customers can view the AWS resources and their relationships, and arrange their layout so that the diagram makes sense to you. They can edit the templates using the drag-and-drop interface and the integrated JSON editor. 

Look up resources: AWS CloudFormation retains a copy of the stack template so you can use the AWS Management Console, the command line tools or the APIs to look up the precise resource configurations that were applied during stack creation.

Automate: You have the option to automate template generation using a programming language or a tool of your choice. You also have the option to automate stack creation from the templates using the CloudFormation API, AWS SDKs, or AWS CLI.

CloudFormation StackSets

STACK SET

Using a stack set AWS customers can create stacks in AWS accounts across regions by using a single AWS CloudFormation template. All the resources included in each stack are defined by the stack set’s AWS CloudFormation template. 

  • Once the stack set is defined, customers can create, update, or delete stacks in the target accounts and Regions they specify.
  • While creating, updating, or deleting a stacks, customers may also specify operation preferences, such as the order of regions, the failure tolerance, and the number of accounts in which operations are performed on stacks concurrently.

STACK INSTANCES

stack instance is a reference to a stack in a target account within a Region. A stack instance can exist without a stack. These are the status codes for stack instances within stack sets

  • CURRENT The stack is currently up to date with the stack set.
  • OUTDATED The stack is not currently up to date with the stack set for one of the following reasons. A CreateStackSet or UpdateStackSet operation on the associated stack failed. The stack was part of a CreateStackSet or UpdateStackSet operation that failed, or was stopped before the stack was created or updated.
  • INOPERABLE A DeleteStackInstances operation has failed and left the stack in an unstable state. Stacks in this state are excluded from further UpdateStackSet operations. You might need to perform a DeleteStackInstances operation, with RetainStacks set to true, to delete the stack instance, and then delete the stack manually.

STACK SET OPERATION OPTIONS

Maximum concurrent accounts:- This setting is available in create, update, and delete workflows, and it also allows customers to specify the maximum number or percentage of target accounts in which an operation is performed at one time.

  • A lower number or percentage means that an operation is performed in fewer target accounts at one time.
  • For large deployments, under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service throttling.

Failure tolerance:- This setting is available in create, update, and delete workflows, and it also enables customers to specify the maximum number or percentage of stack operation failures that can occur, per Region, beyond which AWS CloudFormation stops an operation automatically.

  • A lower number or percentage means that the operation is performed on fewer stacks, but you are able to start troubleshooting failed operations faster.

Retain stacks:- This setting is available in delete stack workflows, lets you keep stacks and their resources running even after they have been removed from a stack set. When customers retain stacks, AWS CloudFormation leaves stacks in individual accounts and Regions intact. Stacks are disassociated from the stack set, but the stack and its resources are saved. 

ADMINISTRATOR AND TARGET ACCOUNTS

An administrator account is the AWS account in which you create stack sets. A stack set is managed by signing in to the AWS administrator account in which it was created.

  • A target account is the account into which you create, update, or delete one or more stacks in your stack set.
  • In order to use a stack set to create stacks in a target account, customers need set up a trust relationship between the administrator and target accounts.

PERMISSIONS MODELS

self-managed permissions enable customers to create an IAM roles required by StackSets to deploy across accounts and Regions.

  • These roles are necessary to establish a trusted relationship between the account customers administering the stack set from and the account they deploying stack instances to.
  • Using this permissions model, StackSets can deploy to any AWS account in which the customer have permissions to create an IAM role.

service-managed permissions allow customers to deploy stack instances to accounts managed by AWS Organizations.

  • If customers are using this permissions model, you don’t necessarily have to create  IAM roles; StackSets creates the IAM roles on their behalf.
  • With this model, clients are able for automatic deployments to accounts that are added to their businesses or organizations in the future.

STACK SET OPERATIONS

Create stack set:- Creating a new stack set includes specifying an AWS CloudFormation template that customers want to use to create stacks, specifying the target accounts in which they want to create stacks, and identifying the AWS Regions in which they want to deploy stacks in their target accounts.

  • A stack set ensures consistent deployment of the same stack resources, with the same settings, to all specified target accounts within the Regions you choose.

Update stack set:- AWS customers can update a stack set in one of the following ways. Customers can change existing settings in the template or add new resources, such as updating parameter settings for a specific service, or adding new Amazon EC2 instances.

  • Customers are able to Replace the template with a different template.
  • They can add stacks in existing or additional target accounts, across existing or additional Regions.
  • Template updates always affect all stacks; Customers can’t selectively update the template for some stacks in the stack set, but not others.

Delete stacks:- Deleting a stacks means removing a stack and all its associated resources from the target accounts customers specify, within the Regions they select. 

Delete stack set:- AWS customers have the abilty to delete their stack set only when there are no stack instances in it.

Stack

stack is a collection of resources that result from instantiating a template, and it can created by supplying a template and any required parameters to AWS CloudFormation.  AWS CloudFormation determines what AWS resources need to be created and in what order, based on the template and dependencies specified on it. To update a stack, customers need to provide a template with the desired configuration of all of the resources in their stack.

  • They can modify properties of the existing resources in their stack to react to changes in the environment or new application requirements.
  • The changes will be made without affecting customers running application. However, if a change cannot be made dynamically (such as updating the AMI on an EC2 instance), AWS CloudFormation will create a new resource and rewire it into the stack, deleting the old resource once the service has determined that the full update will be successful.

AWS CloudFormation will create or update a stack it in its entirety. If a stack cannot be created or updated in its entirety, AWS CloudFormation will roll it back. For debugging purposes, the rollback operation can be disabled and the stack create or update can be manually retried at a later time.

  • Using AWS CloudFormation Designer, customers can create or modify a stack’s template and then submit it to AWS CloudFormation to create or update the stack.
  • AWS CloudFormation Designer is available within the AWS Management Console.
  • AWS CloudFormation can be easily accessed through the AWS Management Console, which is a point-and-click, web-based interface to deploy and manage stacks. Customers are allowed to create, delete, and update an application from inside the AWS Management Console in a few simple steps.

BOOTSTRAPPING APPLICATIONS AND HANDLING

AWS CloudFormation provides a number of helper scripts that can be deployed to your EC2 instances. These scripts provide a simple way to read resource metadata from customers stack and use it to configure their application, deploy packages and files to the instance that are listed in the template, and react to stack updates such as changes to the configuration or updates to the application. Here are some of the scripts that are available:

  • cfn-get-metadata: Retrieve metadata attached to your resources in the template.
  • cfn-init: Download and install packages and files described in your template.
  • cfn-signal: Signal to the stack creation workflow that your application is up and running and ready to take traffic.
  • cfn-hup: A daemon to listen for stack updates that were initiated through the AWS console, command line tools or API directly and execute your application-specific hooks to react to those changes.

Customers can use CloudFormation scripts on their own or in conjunction with CloudInit, a feature available on the Amazon Linux AMI and some other Linux AMIs. For more details of bootstrapping applications and updating configuration, see the AWS CloudFormation developer resources.

AWS CLOUDFORMATION API

AWS CloudFormation provides a simple set of APIs that are easy to use and highly flexible. Some of the most commonly used APIs and their functionality are listed below:

CreateStack: Starts the creation of a new stack. The input parameters to the call include the stack name and a file name (or Amazon S3 URL) for the source template. 

ListStacks: Lists all stacks in customers account. Customers are able to use ListStacks to view the set of stacks and their current status, such as whether the stack is being created or updated.

ListStackResources: Lists all the AWS resource names and identifiers that were created as part of creating a stack. In addition to providing customers information, this call can be used by an AWS CloudFormation-aware application to understand its environment.

DescribeStackEvents: Lists all AWS CloudFormation generated operations and events for a stack so that customers can see how creation or deletion is progressing.

UpdateStack: Starts the update process for an existing stack. The input parameters to the call include the stack name and a file name (or Amazon S3 URL) for the updated template. 

AWS CloudFormation is integrated with the Amazon Simple Notification Service (Amazon SNS), that enables customers to receive notifications as the creation, update and deletion of the stack progresses. 

© 2021