Join our community of over 9,300 readers delving into AWS. We highlight real-world best practices through easy-to-understand visualizations and one-pagers. Expect a fresh newsletter edition every two weeks.
ποΈ AWS CloudFormation: Constructing Robust Cloud Environments
π This is not properly displayed? Read all of our issues online! π‘
Hi Reader ππ½
Thank you for staying with us on this hopefully enlightening journey. We hope youβre making great progress in your quest to master the ever-evolving world of the AWS cloud. π
In this issue, we will unpack the intricacies of AWS CloudFormation, a service that has revolutionized how we deploy and manage resources in the cloud.
By allowing us to define and provision a collection of related AWS and even third-party resources, CloudFormation enables us to automate and replicate entire environments in a predictable and controlled manner. ποΈ
Did you know that AWS CloudFormation allows you to manage a stack of up to 500 resources with a single stack? This level of orchestration can significantly streamline your infrastructure management. π‘
Another guessing question to get you hooked:
Stay tuned until the end of this newsletter to find out if your guess is correct!
But now let's finally get started with the content of this issue π
β
Introduction
AWS CloudFormation is a service that automates the provisioning of cloud infrastructure. It uses templates, which can be written in JSON or YAML, to describe the desired resources and their configurations. When you provide CloudFormation with these templates, it takes on the responsibility of setting up or modifying your infrastructure according to the specifications you've outlined.
- π The process is declarative - you specify what your infrastructure should look like, and CloudFormation figures out how to achieve that state. This means you don't have to manually detail the steps to create each resource.
- ποΈ Templates can be submitted to CloudFormation through an S3 bucket, directly uploaded, or even via git - Once submitted, CloudFormation will begin applying the infrastructure.
As with other Infrastructure-as-Code (IaC) tools: CloudFormation simplifies infrastructure management significantly.
For example, consider a web application infrastructure that includes a DynamoDB table, a REST backend utilizing API Gateway and Lambda, and a front-end single-page application hosted in an S3 bucket with a CloudFront distribution.
You can create a CloudFormation template for this setup, launch it, and if necessary, delete all associated services with a π¨single action within CloudFormation.
This service also makes it easy to duplicate architectures for different purposes, such as setting up separate development, staging environments, or one or multiple redundant regions using the same template.
β
The Concepts
CloudFormation is built around three core ideas:
- π Templates
- ποΈ Stacks
- π Change Sets
Templates
Starting with Templates, they are essentially the blueprint for the CloudFormation application.
A template...
- ...outlines the resources to be created/managed, like a Lambda function and a DynamoDB table, and
- ... provides outputs like the function's or table's ARN.
Stacks
Stacks represent the collection of resources that can be managed as a single unit. In the context of our earlier example, the S3 bucket would be a stack.
Once the template is uploaded and named in CloudFormation, the service takes over and sets up the resources.
With Stacks, you can perform a range of tasks, including deleting them or checking for drift, which compares the live infrastructure against the template to identify differences.
Stacks can be created using the AWS CLI with the command aws cloudformation create-stack or through the AWS Management Console by clicking the "Create Stack" button.
Change Sets
Change Sets, however, are all about updating existing infrastructure. They allow you to modify your setup without overhauling everything. For example, you don't have to scrap the entire database if you need to activate backups for an RDS instance.
Instead, you can use a Change Set to apply just that specific change. This ensures that you can enable backups while preserving your data, a capability that is also utilized by more modern frameworks like the CDK or Serverless Framework, which are also powered by CloudFormation. β‘οΈ
β
Nested Stacks
When developing large-scale applications, you might end up managing hundreds or even thousands of cloud resources. Managing these resources in a single CloudFormation stack can become unwieldy, difficult to manage, and risky, as updates could impact the entire infrastructure.
As the infrastructure expands, it's common to see the same elements used across various templates. To streamline this process and enhance manageability, it's beneficial to isolate these recurring elements into distinct templates. These can then be incorporated as nested stacks in the primary CloudFormation template.
AWS CloudFormation provides the nested stack functionality, enabling the creation of stacks within stacks through the AWS::CloudFormation::Stack resource. This feature simplifies the management of shared configurations.
Consider a scenario where you have a set of configurations that are created across several stacks, such as an Application Load Balancer setup, Security Group rules, Network Access Control lists, Target Group settings, and an Elastic Container Service configuration for running applications on Fargate using Docker images.
Rather than replicating these configurations in every template, you can create a specialized template for this particular infrastructure segment. This specialized template can then be used as a nested stack within your other CloudFormation templates.
Nested stacks can be further organized into a hierarchy, with the possibility of having nested stacks within other nested stacks. At the top of this hierarchy is the root stack, which contains all other nested stacks. Each nested stack is connected to a parent stack, which could be another nested stack or the root stack itself.
β
Conclusion
CloudFormation is an integral part of the AWS ecosystem and you'll easily find yourself within a project that uses CloudFormation as its primary IaC tool.
The declarative approach to infrastructure as code ensures consistency and repeatability in resource provisioning.
While tools like Pulumi, CDK, Serverless Framework, and Terraform bring their strengths, CloudFormation's direct alignment with AWS resources, detailed state management, and drift detection capabilities make it a great choice for many AWS-centric organizations.
It stands as a reliable option for those who prefer a JSON or YAML-based template approach to define their infrastructure.
Nevertheless, before deciding on a tool, it's important to thoroughly try it out to ensure it meets your needs. βοΈ
Thank you for reading & see you in the next issue!
Sandro & Tobi π
β
P.S.: The solution to the introductory question is 2,000 stacks per region! β‘οΈ ποΈ
π‘ As a subscriber, you can get our e-book with a 15% discount at all times.
Still hungry for AWS content? Have a look at our blog! π β
AWS for the Real World
Join our community of over 9,300 readers delving into AWS. We highlight real-world best practices through easy-to-understand visualizations and one-pagers. Expect a fresh newsletter edition every two weeks.
Newsletter Header AWS FOR THE REAL WORLD β±οΈ Reading time: 7 minutes π Main Learning: Saving Lambda Costs βοΈ Blog Post Hey Reader ππ½ This newsletter edition is all about saving Lambda costs. I (Sandro is writing this one) was recently involved in saving Lambda costs for a client. So, I thought writing down my thought process was a good idea. Have fun with it! If you need help saving AWS costs or improving your infrastructure, just reply to this email! Now let's save some costs. Understand your...
β Reading time: 8 minutes π Main Learning: Federated Authentication with Cognito πΎ GitHub Repository βοΈ Read the Full Post Online π Hey Reader ππ½ Federated Authentication lets users sign in to your app using their existing accounts - most prominently Google! This approach eliminates the need to create and remember new credentials (which most users are very happy for! β¨), improving user experience and likely increasing conversion rates. π With OAuth 2.0 and Google as an identity provider, we...
Hey Reader ππ½ This issue will be about a recent real-world experience that just went off right with the new year! π Once upon a time... π¦ It all started in September 2024 where Edgio, the main CDN provider we used for one of my large enterprise projects, filed for bankruptcy. Edgio was natively integrated into Azure, allowing you to use it without leaving the Azure ecosystem. It also featured a powerful rules engine (allowing for all kinds of conditions, redirects and rewrites) and didnβt...