Join our community of over 8,800 readers delving into AWS. We highlight real-world best practices through easy-to-understand visualizations and one-pagers. Expect a fresh newsletter edition every two weeks.
ποΈ AWS CloudFormation: Constructing Robust Cloud Environments
π This is not properly displayed? Read all of our issues online! π‘
Hi Reader ππ½
Thank you for staying with us on this hopefully enlightening journey. We hope youβre making great progress in your quest to master the ever-evolving world of the AWS cloud. π
In this issue, we will unpack the intricacies of AWS CloudFormation, a service that has revolutionized how we deploy and manage resources in the cloud.
By allowing us to define and provision a collection of related AWS and even third-party resources, CloudFormation enables us to automate and replicate entire environments in a predictable and controlled manner. ποΈ
Did you know that AWS CloudFormation allows you to manage a stack of up to 500 resources with a single stack? This level of orchestration can significantly streamline your infrastructure management. π‘
Another guessing question to get you hooked:
Stay tuned until the end of this newsletter to find out if your guess is correct!
But now let's finally get started with the content of this issue π
β
Introduction
AWS CloudFormation is a service that automates the provisioning of cloud infrastructure. It uses templates, which can be written in JSON or YAML, to describe the desired resources and their configurations. When you provide CloudFormation with these templates, it takes on the responsibility of setting up or modifying your infrastructure according to the specifications you've outlined.
- π The process is declarative - you specify what your infrastructure should look like, and CloudFormation figures out how to achieve that state. This means you don't have to manually detail the steps to create each resource.
- ποΈ Templates can be submitted to CloudFormation through an S3 bucket, directly uploaded, or even via git - Once submitted, CloudFormation will begin applying the infrastructure.
As with other Infrastructure-as-Code (IaC) tools: CloudFormation simplifies infrastructure management significantly.
For example, consider a web application infrastructure that includes a DynamoDB table, a REST backend utilizing API Gateway and Lambda, and a front-end single-page application hosted in an S3 bucket with a CloudFront distribution.
You can create a CloudFormation template for this setup, launch it, and if necessary, delete all associated services with a π¨single action within CloudFormation.
This service also makes it easy to duplicate architectures for different purposes, such as setting up separate development, staging environments, or one or multiple redundant regions using the same template.
β
The Concepts
CloudFormation is built around three core ideas:
- π Templates
- ποΈ Stacks
- π Change Sets
Templates
Starting with Templates, they are essentially the blueprint for the CloudFormation application.
A template...
- ...outlines the resources to be created/managed, like a Lambda function and a DynamoDB table, and
- ... provides outputs like the function's or table's ARN.
Stacks
Stacks represent the collection of resources that can be managed as a single unit. In the context of our earlier example, the S3 bucket would be a stack.
Once the template is uploaded and named in CloudFormation, the service takes over and sets up the resources.
With Stacks, you can perform a range of tasks, including deleting them or checking for drift, which compares the live infrastructure against the template to identify differences.
Stacks can be created using the AWS CLI with the command aws cloudformation create-stack or through the AWS Management Console by clicking the "Create Stack" button.
Change Sets
Change Sets, however, are all about updating existing infrastructure. They allow you to modify your setup without overhauling everything. For example, you don't have to scrap the entire database if you need to activate backups for an RDS instance.
Instead, you can use a Change Set to apply just that specific change. This ensures that you can enable backups while preserving your data, a capability that is also utilized by more modern frameworks like the CDK or Serverless Framework, which are also powered by CloudFormation. β‘οΈ
β
Nested Stacks
When developing large-scale applications, you might end up managing hundreds or even thousands of cloud resources. Managing these resources in a single CloudFormation stack can become unwieldy, difficult to manage, and risky, as updates could impact the entire infrastructure.
As the infrastructure expands, it's common to see the same elements used across various templates. To streamline this process and enhance manageability, it's beneficial to isolate these recurring elements into distinct templates. These can then be incorporated as nested stacks in the primary CloudFormation template.
AWS CloudFormation provides the nested stack functionality, enabling the creation of stacks within stacks through the AWS::CloudFormation::Stack resource. This feature simplifies the management of shared configurations.
Consider a scenario where you have a set of configurations that are created across several stacks, such as an Application Load Balancer setup, Security Group rules, Network Access Control lists, Target Group settings, and an Elastic Container Service configuration for running applications on Fargate using Docker images.
Rather than replicating these configurations in every template, you can create a specialized template for this particular infrastructure segment. This specialized template can then be used as a nested stack within your other CloudFormation templates.
Nested stacks can be further organized into a hierarchy, with the possibility of having nested stacks within other nested stacks. At the top of this hierarchy is the root stack, which contains all other nested stacks. Each nested stack is connected to a parent stack, which could be another nested stack or the root stack itself.
β
Conclusion
CloudFormation is an integral part of the AWS ecosystem and you'll easily find yourself within a project that uses CloudFormation as its primary IaC tool.
The declarative approach to infrastructure as code ensures consistency and repeatability in resource provisioning.
While tools like Pulumi, CDK, Serverless Framework, and Terraform bring their strengths, CloudFormation's direct alignment with AWS resources, detailed state management, and drift detection capabilities make it a great choice for many AWS-centric organizations.
It stands as a reliable option for those who prefer a JSON or YAML-based template approach to define their infrastructure.
Nevertheless, before deciding on a tool, it's important to thoroughly try it out to ensure it meets your needs. βοΈ
Thank you for reading & see you in the next issue!
Sandro & Tobi π
β
P.S.: The solution to the introductory question is 2,000 stacks per region! β‘οΈ ποΈ
π‘ As a subscriber, you can get our e-book with a 15% discount at all times.
Still hungry for AWS content? Have a look at our blog! π β
AWS for the Real World
Join our community of over 8,800 readers delving into AWS. We highlight real-world best practices through easy-to-understand visualizations and one-pagers. Expect a fresh newsletter edition every two weeks.
Hey Reader ππ½ This issue will be about a recent real-world experience that just went off right with the new year! π Once upon a time... π¦ It all started in September 2024 where Edgio, the main CDN provider we used for one of my large enterprise projects, filed for bankruptcy. Edgio was natively integrated into Azure, allowing you to use it without leaving the Azure ecosystem. It also featured a powerful rules engine (allowing for all kinds of conditions, redirects and rewrites) and didnβt...
β Reading time: 13 minutes π Main Learning: How to Run Apps on Fargate via ECS πΎ GitHub Repository βοΈ Read the Full Post Online π Hey Reader ππ½ When building applications on AWS, we need to run our code somewhere: a computation service. There are a lot of well-known and mature computation services on AWS. Youβll often find Lambda as the primary choice, as itβs where you donβt need to manage any infrastructure. You only need to bring your code - itβs Serverless β‘οΈ. However, more options can be...
β Reading time: 10 minutes π Main Learning: Running Postgres on Aurora DSQL with Drizzle πΎ GitHub Repository βοΈ Read the Full Post Online π Hey Reader ππ½ With re:Invent 2024, AWS finally came up with an answer to what many people (including us) asked for years: "What if there were something like DynamoDB but for SQL?" With Amazon Aurora DSQL, this is finally possible. Itβs not just a βscales-to-zeroβ solution like Aurora Serverless V2. It is a true distributed, serverless, pay-per-use...