Understanding Cloudformation
- It is a AWS service
- Used to model and set up AWS resources
- create a template to describes AWS resources needed
- responsible for provisioning and configuring AWS resources
- It simplifies Infrastructure Management
- Cloud formation template describes all needed resources and their properties.
- Building block service to provision infra within AWS, Elastic Beanstalk uses CFN, JSON format, Stack (CFN unit of grouping infra), Template (JSON doc giving instructions for CFN on how to act and what to create/update), Stack Policy (IAM style policy governs what/who can change, can be added via CLI or UI, updated but can not be removed)
- Create CFN template -> Add template to CFN -> Create CFNStack -> Resources (200 per template) -> Update template/Stack -> Delete Stack
- Template Anatomy: Parameters (pass variables into a template), Mappings (allow processing of hash’s by CFN template), Resources, Outputs (results from template); Only Resources is mandatory. CFN can run scripts within instances, expand files within instances, stack id(unique).
- Use cases:
- Template for manual deployment of bespoke infra.
- create repeatable patterned environment (ex:wordpress site with DB)
- run automated testing for CI/CD environments (dev, test, prod)
- define an environment once, deployed
- manage infra config using software development style versioning and testing concepts.
- Template should be designed to work 1 or 1000 app in one or more regions.
- It provisions
- Auto Scaling group
- load balancer
- and database
- Can easily edit or delete resources
- manage a collection of resources as a single unit or stack.
- Quickly replicate infrastructure
- control and track changes to infrastructure
CloudFormation Working
- Easily create an infrastructure stack, with CloudFormation by
- making underlying service calls to AWS
- provision and configure AWS resources.
- calls are as per defined template.
- CloudFormation perform only actions having permission to do.
- CloudFormation template can be a JSON or YAML-formatted document
- After all resources have been created, AWS CloudFormation reports stack creation
- If stack creation fails, CloudFormation rolls back changes by deleting resources that it created.
Steps
- Design an CloudFormation template in AWS CloudFormation Designer or text editor.
- Save template locally or in an S3 bucket.
- Create an AWS CloudFormation stack by specifying location of template file
Change Sets
- It is a summary of proposed changes to stack
- Used to update stack for changes to running resources in stack
- Before making changes, generate a change set
- Change sets enables seeing impact of change on running resources, before implementing them.
- Updates can cause interruptions, depending on resource and properties being updated
- Change sets don’t indicate whether stack update will be successful.
- Example, changing Amazon RDS database instance name,
- CloudFormation will create a new database and delete old one and and will lose data in old database
- With change set, see changes on database to be replaced, and plan accordingly
Updating a Stack with Change Sets
- To update stack’s resources, modify stack’s template.
- Do not create new stack and delete old one.
- Instead, create change set by submitting a modified version of original stack template,
- CloudFormation compares modified with original template and generates a change set.
- Change set lists proposed changes.
- After reviewing changes, execute change set to update stack
Steps
- Modify CloudFormation stack template using CloudFormation Designer or a text editor.
- Save AWS CloudFormation template locally or in an S3 bucket.
- Create change set by specifying stack to update and location of modified template
- View change set to check CloudFormation will perform with changes
- Execute change set to apply to stack.
Limits
| Limit | Description | Value | Tuning Strategy |
| cfn-signal wait condition data | Maximum amount of data that cfn-signal can pass. | 4,096 bytes | To pass a larger amount, send data to an Amazon S3 bucket, and then use cfn-signal to pass Amazon S3 URL to that bucket. |
| Custom resource response | Maximum amount of data that a custom resource provider can pass. | 4,096 bytes | |
| Mappings | Maximum number of mappings that you can declare in AWS CloudFormation template. | 100 mappings | To specify more mappings, separate template into multiple templates by using, for example, nested stacks. |
| Mapping attributes | Maximum number of mapping attributes for each mapping that you can declare in AWS CloudFormation template. | 64 attributes | To specify more mapping attributes, separate attributes into multiple mappings. |
| Mapping name and mapping attribute name | Maximum size of each mapping name. | 255 characters | |
| Outputs | Maximum number of outputs that you can declare in AWS CloudFormation template. | 60 outputs | |
| Output name | Maximum size of an output name. | 255 characters | |
| Parameters | Maximum number of parameters that you can declare in AWS CloudFormation template. | 60 parameters | To specify more parameters, you can use mappings or lists in order to assign multiple values to a single parameter. |
| Parameter name | Maximum size of a parameter name. | 255 characters | |
| Parameter value | Maximum size of a parameter value. | 4,096 bytes | To use a larger parameter value, create multiple parameters and then use Fn::Join to append multiple values into a single value. |
| Resources | Maximum number of resources that you can declare in AWS CloudFormation template. | 200 resources | To specify more resources, separate template into multiple templates by using, for example, nested stacks. |
| Resources in concurrent stack operations | Maximum number of resources you can have involved in stack operations (create, update, or delete operations) in region at a given time. | Use DescribeAccountLimits API to determine current limit for an account in a specific region. | |
| Resource name | Maximum size of a resource name. | 255 characters | |
| Stacks | Maximum number of AWS CloudFormation stacks that you can create. | 200 stacks | To create more stacks, delete stacks that you don’t need or request an increase in maximum number of stacks in AWS account. |
| StackSets | Maximum number of AWS CloudFormation stack sets you can create in administrator account. | 100 stack sets | To create more stack sets, delete stack sets that you don’t need or request an increase in maximum number of stack sets in AWS account. |
| Stack instances | Maximum number of stack instances you can create per stack set. | 2000 stack instances per stack set | To create more stack instances, delete stack instances that you don’t need or request an increase in maximum number of stack instances in AWS account. |
| StackSets instance operations | Maximum number of stack instance operations you can run in each region at same time, per administrator account. | 3500 operations | |
| Template body size in a request | Maximum size of a template body that you can pass in a CreateStack, UpdateStack, or ValidateTemplate request. | 51,200 bytes | To use a larger template body, separate template into multiple templates by using, for example, nested stacks. Or upload template to an Amazon S3 bucket. |
| Template body size in an Amazon S3 object | Maximum size of a template body that you can pass in an Amazon S3 object for a CreateStack, UpdateStack, ValidateTemplate request with an Amazon S3 template URL. | 460,800 bytes | To use a larger template body, separate template into multiple templates by using, for example, nested stacks. |
| Template description | Maximum size of a template description. | 1,024 bytes |
CloudFormation Structure:
- Parameters – way of passing data into CFN template one or more values; ex: ip address, instance size, name, password etc;
- AWS::EC2::KeyPair:KeyName; Default value, Allowed values, Allowed Patterns, Min & MaxValue, Min & MaxLength;
- Outputs – way of displaying results of stack creation; A stack can have many outputs, each output can be constructed value, parameter references, pseudo parameters or an output from a function such as fn::GetAtt or Ref; Ref references resource provide primary value such as instance id; GetAtt provide alternate values such as private ip & public ip.
Intrinsic & Conditional Functions
- Intrinsic Fn – inbuilt function provided by AWS to help manage, reference, and condtionally act upon resources, situation & inputs to a stack.
- Fn::Base64 – Base64 encoding for User Data
- Fn::FindInMap – Mapping lookup
- Fn::GetAtt – Advanced reference look up
- Fn::GetAZs – retrieve list of AZs in a region
- Fn::Join – construct complex strings; concatenate strings
- Fn::Select – value selection from list (0, 1)
- Ref – default value of resource
- Conditional Functions – Fn::And, Fn::Equals, Fn::If, Fn::Not, Fn::Or
Enrich and Enhance your skills to become an AWS Certified Solutions Architect Associate with hundreds of Free Practice Test. Try Now!