AWS for the Real World

πŸ—οΈ AWS CloudFormation: Constructing Robust Cloud Environments

Published 2 months agoΒ β€’Β 4 min read

πŸ‘€ This is not properly displayed? Read all of our issues online! πŸ’‘

Hi Reader πŸ‘‹πŸ½

Thank you for staying with us on this hopefully enlightening journey. We hope you’re making great progress in your quest to master the ever-evolving world of the AWS cloud. πŸ’›

In this issue, we will unpack the intricacies of AWS CloudFormation, a service that has revolutionized how we deploy and manage resources in the cloud.

By allowing us to define and provision a collection of related AWS and even third-party resources, CloudFormation enables us to automate and replicate entire environments in a predictable and controlled manner. πŸ—οΈ

Did you know that AWS CloudFormation allows you to manage a stack of up to 500 resources with a single stack? This level of orchestration can significantly streamline your infrastructure management. πŸ’‘

Another guessing question to get you hooked:

How many stacks can you create in a single region?

Stay tuned until the end of this newsletter to find out if your guess is correct!

But now let's finally get started with the content of this issue πŸ“š



AWS CloudFormation is a service that automates the provisioning of cloud infrastructure. It uses templates, which can be written in JSON or YAML, to describe the desired resources and their configurations. When you provide CloudFormation with these templates, it takes on the responsibility of setting up or modifying your infrastructure according to the specifications you've outlined.

  1. πŸ“ The process is declarative - you specify what your infrastructure should look like, and CloudFormation figures out how to achieve that state. This means you don't have to manually detail the steps to create each resource.
  2. πŸ—οΈ Templates can be submitted to CloudFormation through an S3 bucket, directly uploaded, or even via git - Once submitted, CloudFormation will begin applying the infrastructure.

As with other Infrastructure-as-Code (IaC) tools: CloudFormation simplifies infrastructure management significantly.

For example, consider a web application infrastructure that includes a DynamoDB table, a REST backend utilizing API Gateway and Lambda, and a front-end single-page application hosted in an S3 bucket with a CloudFront distribution.

You can create a CloudFormation template for this setup, launch it, and if necessary, delete all associated services with a πŸ”¨single action within CloudFormation.

This service also makes it easy to duplicate architectures for different purposes, such as setting up separate development, staging environments, or one or multiple redundant regions using the same template.


The Concepts

CloudFormation is built around three core ideas:

  • πŸ“ Templates
  • πŸ—οΈ Stacks
  • πŸ”€ Change Sets


Starting with Templates, they are essentially the blueprint for the CloudFormation application.

A template...

  • ...outlines the resources to be created/managed, like a Lambda function and a DynamoDB table, and
  • ... provides outputs like the function's or table's ARN.


Stacks represent the collection of resources that can be managed as a single unit. In the context of our earlier example, the S3 bucket would be a stack.

Once the template is uploaded and named in CloudFormation, the service takes over and sets up the resources.

With Stacks, you can perform a range of tasks, including deleting them or checking for drift, which compares the live infrastructure against the template to identify differences.

Stacks can be created using the AWS CLI with the command aws cloudformation create-stack or through the AWS Management Console by clicking the "Create Stack" button.

Change Sets

Change Sets, however, are all about updating existing infrastructure. They allow you to modify your setup without overhauling everything. For example, you don't have to scrap the entire database if you need to activate backups for an RDS instance.

Instead, you can use a Change Set to apply just that specific change. This ensures that you can enable backups while preserving your data, a capability that is also utilized by more modern frameworks like the CDK or Serverless Framework, which are also powered by CloudFormation. ⚑️


Nested Stacks

When developing large-scale applications, you might end up managing hundreds or even thousands of cloud resources. Managing these resources in a single CloudFormation stack can become unwieldy, difficult to manage, and risky, as updates could impact the entire infrastructure.

As the infrastructure expands, it's common to see the same elements used across various templates. To streamline this process and enhance manageability, it's beneficial to isolate these recurring elements into distinct templates. These can then be incorporated as nested stacks in the primary CloudFormation template.

AWS CloudFormation provides the nested stack functionality, enabling the creation of stacks within stacks through the AWS::CloudFormation::Stack resource. This feature simplifies the management of shared configurations.

Consider a scenario where you have a set of configurations that are created across several stacks, such as an Application Load Balancer setup, Security Group rules, Network Access Control lists, Target Group settings, and an Elastic Container Service configuration for running applications on Fargate using Docker images.

Rather than replicating these configurations in every template, you can create a specialized template for this particular infrastructure segment. This specialized template can then be used as a nested stack within your other CloudFormation templates.

Nested stacks can be further organized into a hierarchy, with the possibility of having nested stacks within other nested stacks. At the top of this hierarchy is the root stack, which contains all other nested stacks. Each nested stack is connected to a parent stack, which could be another nested stack or the root stack itself.



CloudFormation is an integral part of the AWS ecosystem and you'll easily find yourself within a project that uses CloudFormation as its primary IaC tool.

The declarative approach to infrastructure as code ensures consistency and repeatability in resource provisioning.

While tools like Pulumi, CDK, Serverless Framework, and Terraform bring their strengths, CloudFormation's direct alignment with AWS resources, detailed state management, and drift detection capabilities make it a great choice for many AWS-centric organizations.

It stands as a reliable option for those who prefer a JSON or YAML-based template approach to define their infrastructure.

Nevertheless, before deciding on a tool, it's important to thoroughly try it out to ensure it meets your needs. ✌️

Thank you for reading & see you in the next issue!

Sandro & Tobi πŸ‘‹


P.S.: The solution to the introductory question is 2,000 stacks per region! ⚑️ πŸ—οΈ

πŸ’‘ As a subscriber, you can get our e-book with a 15% discount at all times.

Still hungry for AWS content? Have a look at our blog! πŸ“š ↓

AWS for the Real World

by Tobi & Sandro

Join our community of over 8,800 readers delving into AWS. We highlight real-world best practices through easy-to-understand visualizations and one-pagers. Expect a fresh newsletter edition every two weeks.

Read more from AWS for the Real World

Hi Reader πŸ‘‹πŸ½ This week, we're diving headfirst into the deep end of AWS's pool of innovations with the IAC Generator β€” a tool that's been causing quite the buzz. The promise AWS gives us is quite bold: Generate AWS CloudFormation templates and AWS CDK apps for existing AWS resources in minutes. But does it really work? Let's find out together. This will be a hands-on πŸ‘·πŸ½β€β™€οΈ issue. For the impatient, TL;DR, in a nutshell, πŸ₯œ: Good for a start, but far away from usable in production. The...

6 days agoΒ β€’Β 5 min read

This is not properly displayed? Read all of our issues online! πŸ’‘ Hi Reader πŸ‘‹πŸ½ We've said it more than once and we still stand with it: AWS IAM is the most complete but still underlooked service out there. Overwhelmingly, engineers look at the way of least resistance via "Which permissions do I have to grant to make this work? πŸ€”" or directly using wildcards for actions and resources on all policies, instead of diving into all the aspects of the service and its possibilities. Nevertheless, it's...

21 days agoΒ β€’Β 4 min read

Hey Reader, amazing that you're interested in creating the CloudWatch Book together with us. This is the third CloudWatch Update. Coincidentally, Sandro (I'm writing this update) turned 30 last week πŸ₯³ In this update, we'll introduce you to our newly created web application: The GitHub Repository Tracker. While it is not the fanciest name it, the project will help you a lot in learning & understanding CloudWatch for the real world. We thought it would be much easier to show it in a video so...

29 days agoΒ β€’Β 6 min read
Share this post