I have been watching this amazing show called ‘Queer Eye’ on Netflix these days. It has taught me so much. It is more than just a pass-time. Although it is a makeover show, but there is a life-lesson…
Infrastructure-as-Code (IaC)
In this article I am going to explain the AWS CloudFormation in detail from the beginning. The way I organize this article is basically question and answers format to save readers time. Okay, let’s dive in.
Before we look into “what is CloudFormation” first we need to know why do we even need this? Since AWS infrastructure can be created and customized using the AWS dashboard (GUI), CLI, or API. These methods may be able to build an infrastructure quickly as a one off; however, over a long period of time, if we used to create the same infrastructure in a different region to build Disaster Recovery (DR), or in a subsidiary AWS account, then those methods would be costly in time and money. Also, in terms of management, modification, and maintenance. So, CloudFormation helps to create the same environment without any errors.
I) What is a Template or CloudFormation Templates (CFTs)?
It’s the code that is used to create CloudFormation. AWS CFT describes all AWS resources and their properties in JSON or YAML format. Template extensions can be .txt or .json or .yaml.
You can upload a template using the browser button or directly into the S3 bucket and give the specified URL. Even if you upload it via the browser button it will get stored in the S3 bucket.
When you create a template, it is not necessary for you to identify AWS resources dependencies. CloudFormation automatically identifies the resource dependencies and creates them sequentially
Generally, it’s recommended to write a template for each layer of the architecture; for example, separate templates for networking components, database servers, and web servers.
II) What is a Stack:
A stack is created upon a successful execution of a template in CloudFormation. Limited to 2000 stacks per account (as of 2021)
During the template execution, if CloudFormation is unable to create any resource, the whole stack creation fails. When an execution fails it rolls back all of the execution steps and deletes any resources created during the process
III) What are the reason that Stack Creation get failed?
At the time of creating a stack from a template, AWS CloudFormation only checks for syntax errors in JSON/YAML notation. It doesn’t check whether the IAM user executing the template has sufficient privilege to complete the template execution or not. Additionally, it doesn’t check whether any resource creation soft-limits in AWS.
IV) How do you get charged for using CloudFormation?
AWS doesn’t charge for using CloudFormation Service. However, it charged for the services that you used in the CloudFormation
Ex: You create a CloudFormation template that is used to create VPC, RDS, and EC2. You only get charged for RDS and EC2. Not for VPC or CloudFormationService
3.1 What are Resources in CFTs?
Sample Examples of Templates for Creating various resources:
A. Creating an S3 bucket using JSON or YAML
B. Creating an S3 Bucket with Public Read Access Properties
C. Creating an EC2 instance
3.2 What are parameters in CFTs?
3.2.1 How to Define parameter in CFTs
The following example declares a parameter named InstanceTypeParameter. This parameter lets you specify the Amazon EC2 instance type for the stack to use when you create or update the stack.
3.2.2 How to use the parameters in the template?
You use the Ref intrinsic function to reference a parameter, and AWS CloudFormation uses the parameter’s value to provision the stack.
You can reference parameters from the Resources and Outputs sections of the same template.
Complete code segment
When you create a stack using the above template in the middle of the stack creation user needs to provide the input parameter as the following:
3.2.3. What are Pseudo parameters?
Pseudo parameters are parameters that are predefined by AWS CloudFormation. You don’t declare them in your template.
Use them the same way as you would a parameter
3.3 What is AWSTemplateFormatVersion in CFTs?
3.4 What is Description in CFTs?
3.5 What is Metadata in CFTs?
a. AWS::CloudFormation::Init
Defines configuration tasks for the cfn-init helper script
This is a more powerful and feature-rich way to provide configuration and perform instance bootstrapping from within CloudFormation.
b. AWS::CloudFormation::Interface
Defines the grouping and ordering of input parameters when they are displayed in the AWS CloudFormation console.
c. AWS::CloudFormation::Designer
Describes how your resources are laid out in AWS CloudFormation Designer (Designer)
3.6 What is Mappings in CFTs?
3.6.1 How to declare a MAP?
3.6.2 How to use the map in CFTs?
Here is the complete code:
3.7 What are Conditions in CFTs?
Conditions in a template can be modified only:
1. When resources are Added
2. When resources are Modified
3. When resources are Deleted
3.8 What is Transforms in CFTs?
3.9 What is Outputs in CFTs?
Description and export are optional parameters
It can automatically generate a CFT from an existing AWS resource in your AWS account. Stores the CFT in S3 bucket you specified
Use intrinsic functions in your template to assign values to properties that are not available until runtime.
Example:
FN::FindInMap: To return a named value from a specific key
!FindInMap [ MapName, TopLevelKey, SecondLevelKey]
Fn::ImportValue: Import values that are exported in the other templates
Fn::Join: Join values with delimiter
! join [deliter, [ comma-delimited values]]
Example: To create “a:b:c”
!Join [ “:”, [a, b, c] ]
Fn::Sub: Substitute values from a text
String must contain ${variableName} and will substitute them
Condition Functions:
Only to create resources based on the condition. We can use the following logical operations.
(Fn::And, Fn::If, Fn::Not, Fn::Equals, Fn::Or) : it’s covered in the above
Fn::GetAZs: Returns an array of availability zone strings
Fn::Select : Receives an array and an index to return a single element
Method 1: Using Fb::Base64 : We can pass the entire script for the user data through the function Fn::Base64
All the user data output will be in /var/log/cloud-init-output.log
Many people and organizations are confused about the difference between quality assurance (QA), quality control (QC), and testing. They are closely related, but they are different concepts. Since all…
Benefit from key insights about remote viewing that I wish I'd known when I was just getting started, hard-earned after years of study and professional practice
As a software developer with a philosophy degree, I often find myself being asked how my degree is relevant to my work. While to me it’s clear that my philosophy studies have been invaluable for my…