INFRASTRUCTURE AS CODE (CLOUDFORMATION)
CloudFormation Physical & Logical Resources (7:30)
Physical Resource / Logical Resource - Template - Stack
CloudFormation - Architecture
CloudFormation - Stack Create/Update/Delete
[DEMO] Simple Non Portable Template - PART1 (10:28)
[DEMO] Simple Non Portable Template - PART2 (11:28)
CloudFormation Template and Pseudo Parameters (6:53)
Template/Pseudo Parameters - Overview
Template Parameters - Input for Cfn Template
Pseudo Parameters - Provided by AWS based on the Stack environment
mindmap
Parameters used in Cfn Template
Template **Parameter**
_Pseudo_ Parameter
_Public_ Parameter<br/>from AWS Systems Manager Parameter Store
what are the difference between _cfn - **pseudo parameters**_ and _aws systems manager - **public parameters**_
-
Cfn - Pseudo Parameters: Parameters predefined by AWS CloudFormation
e.g.
AWS::AccountIdAWS::RegionAWS::StackIdAWS::StackName
-
AWS Systems Manager Parameter Store - public parameters: Common artifacts published by some AWS services:
e.g.
- EC2: Information about AMIs:
ami-amazon-linux-latestami-windows-latest
- ECS:
/aws/service/ecs/optimized-ami/amazon-linux-2/recommended - EKS:
/aws/service/eks/optimized-ami/1.14/amazon-linux-2/recommended - AWS:
- Services
- Regions
- Availability Zone
- …
See
- EC2: Information about AMIs:
CloudFormation Intrinsic Functions (14:28)
Cfn - Intrinsic Functions
Cfn Intrinsic Functions: Ref & Fn::GetAtt
Cfn Intrinsic Functions: Fn:GetAZs & Fn:Select
Cfn Intrinsic Functions: Fn:Join & Fn:Split
Cfn Intrinsic Functions: Fn:Base64 & Fn:Sub
Cfn Intrinsic Functions: Fn:Cidr
note
| Function | YAML Syntax (Short form) | Example usage | Return |
|---|---|---|---|
Ref | !Ref logicalName | !Ref MyInstance | i-1234567891 |
Fn::GetAtt | !GetAtt logicalNameOfResource.attributeName | !GetAtt MyInstance.PublicIp | ec2-1.2.3.4.compute-1.amazonaws.com2 |
Fn::GetAZs | !GetAZs region | !GetAZs '' | [ "us-east-1a", "us-east-1b", "us-east-1c" ]3 |
Fn::Select | !Select [ index, listOfObjects ] | !Select [ "0", [ "apples", "grapes", "oranges" ] ] | "apples"4 |
!Select [ "0", !GetAZs '' ] | "us-east-1a" | ||
Fn::Join | !Join [ delimiter, [ comma-delimited list of values ] ] | !Join [ ":", [ a, b, c ] ] | "a:b:c" |
Fn::Split | !Split [ delimiter, source string ] | !Split [ ":" , "a:b:c" ] | [ a, b, c ] |
Fn::Base64 | !Base64 valueToEncode | !Base64 AWS CloudFormation | QVdTIENsb3VkRm9ybWF0aW9u5 |
Fn::Sub | !Sub String | !Sub "SSH security group for ${AWS::StackName}" | "SSH security group for STACK_NAME" |
Fn::Cidr | !Cidr [ ipBlock, count, cidrBits ] | !Cidr [ "10.16.0.0/16", 16, 12 ] | 16 CIDRs with a subnet mask /20 |
note
| Function | YAML Syntax | |
|---|---|---|
Ref | Short form | !Ref logicalName |
| Full form | Ref: logicalName6 | |
Fn::GetAtt | Short form | !GetAtt logicalNameOfResource.attributeName |
| Full form | Fn::GetAtt: [ logicalNameOfResource, attributeName ] | |
Fn::GetAZs | Short form | !GetAZs region |
| Full form | Fn::GetAZs: region | |
Fn::Select | Short form | !Select [ index, listOfObjects ] |
| Full form | Fn::Select: [ index, listOfObjects ] | |
Fn::Join | Short form | !Join [ delimiter, [ comma-delimited list of values ] ] |
| Full form | Fn::Join: [ delimiter, [ comma-delimited list of values ] ] | |
Fn::Split | Short form | !Split [ delimiter, source string ] |
| Full form | Fn::Split: [ delimiter, source string ] | |
Fn::Base64 | Short form | !Base64 valueToEncode |
| Full form | Fn::Base64: valueToEncode | |
Fn::Base64: !Sub string | ||
Fn::Sub | Short form | !Sub String |
| Full form | Fn::Sub: String | |
Fn::Cidr | Short form | !Cidr [ ipBlock, count, cidrBits ] |
| Full form | Fn::Cidr: - ipBlock - count - cidrBits | |
how to remember full form and short form?
Full form:Fn::FunctionName:Short form:! FunctionName
See Intrinsic function reference - AWS CloudFormation
CloudFormation Mappings (4:30)
Cfn Mappings (Template): Mappings section
mappings and key level
The Mappings section can have multiple mappings.
- Each mapping is a
keyof theMappingssection. - Each mapping can have 2 level of keys.
Cfn Mappings: Fn::FindInMap
findinmap syntax
| Function | YAML Syntax | |
|---|---|---|
Fn::FindInMap | Short form | !FindInMap [ MapName, TopLevelKey, SecondLevelKey ] |
| Long form | Fn::FindInMap: [ MapName, TopLevelKey, SecondLevelKey ] | |
CloudFormation Outputs (3:37)
Cfn Outputs (Template): Views in CLI/Console - Used by parent-stack, cross-stack
Cfn Outputs: Example
[DEMO] Template v2 - Portable (13:34)
CloudFormation Conditions (7:24)
Cfn Conditions (Template): Only create resources if conditions meet
how cfn condition work?
You
- create a condition in the
Conditionssection - associate that condition to logical resources
- to control if they are created or not
why use cfn condition?
With Cfn Condition, you can reuse a template that can create resources in different contexts.
e.g. a test environment versus a production environment
Cfn Conditions: Example
CloudFormation DependsOn (7:14)
Cfn DependsOn (Resource): Explicitly define resources dependency order
Cfn DependsOn: Example
CloudFormation Wait Conditions, CreationPolicy & cfn-signal (11:52)
Cfn Provisioning - How do Cfn know that a resource successfully created/update?
note
By default, Cfn don’t wait for the resources to be configured/bootstrap and be ready to used.
👉 The stack creation/updating will be finished before all of its resources are ready to used.
Cfn Wait Conditions (Template): Tell Cfn to pause the creation of a stack and wait for a signal before it continues to create the stack
Cfn Creation Policy (Resource): Tell Cfn to wait on resource configuration actions before stack creation proceeds.
when to use wait conditions & create policy?
You
- Create Policy for EC2 and ASG or simple use cases (most situations)
- Wait Conditions in advance use cases.
cfn-signal: Signals CloudFormation to indicate whether Amazon EC2 instances have been successfully created/updated
CloudFormation Nested Stacks (13:55)
Single Stack - The Problem
Cfn Nested Stack: Stacks created as part of other stacks 👈️ Allow reusing template (code)
`nested stack`, `root stack`, `parent stack`?
-
Nested Stack: Stacks created as part of other stacks.
-
Root Stack: The top-level stack to which all the nested stacks ultimately belong.
-
Parent Stack: Each nested stack has an immediate parent stack.
Cfn Nested Stacks - When?
how are lifecycle of nested stacks?
The root stacks and all of its nested stacks share the same lifecycle.
CloudFormation Cross-Stack References (10:05)
Cfn Stacks are isolated and self-contained
Cfn Outputs Export: Make a stack visible to other stacks (Cross-Stack References)
Cfn Cross-Stack References - Fn::ImportValue: Import another stack’s Outputs Export
CloudFormation Deletion Policy (5:24)
Cfn DeletionPolicy - What happen to physical resource when its logical resource deleted?
Cfn DeletionPolicy - Delete (Default) / Retain / Snapshot (If supported)
CloudFormation Stack Sets (9:12)
Cfn StackSets - Concepts
Cfn StackSets - Architecture
Cfn StackSets - Key Points
CloudFormation Stack Roles (6:47)
Cfn Stack Roles - Overview
the identity creating the stack doesn't need permissions for resources.
It only needs permissions for:
- creating the stack
PassRoleto give Cfn the role with permissions for creating resources.
Cfn Stack Roles - Example
CloudFormation Init (cfn-init) (8:48)
cfn-init: Overview
aws::cloudformation::init vs cfn-init?
AWS::CloudFormation::Init: a part of the logical resource for EC2 (Metadatakey)cfn-init: a helper script in theProperties’sUserData, will run by the EC2 instance
cfn-init: config keys - configsets
See:
CloudFormation cfn-hup (4:13)
cfn-init: The problem
cfn-hup: Rerun config when change detected
what cfn-hup stands for?
cfn hot update.
See Update behaviors of stack resources
[DEMO] wait conditions, cfn-signal, cfn-init and cfn-hup-PART1 (12:51)
[DEMO] wait conditions, cfn-signal, cfn-init and cfn-hup-PART2 (14:42)
CloudFormation ChangeSets [NEW VERSION COMING SOON] (11:03)
Cfn ChangeSets: Preview changes before execute
Cfn ChangeSets: Example
CloudFormation Custom Resources (11:03)
Cfn Custom Resources: Let Cfn integrate with not-natively-support things
Cfn Custom Resources: Example
[DEMO] CloudFormation Custom Resources-PART1 (9:12)
[DEMO] CloudFormation Custom Resources-PART2 (13:27)
Value of the physical ID of the resource or the value of the parameter
Attribute’s value
The list of Availability Zones for the Region.
The selected object (0-index)
echo -n 'AWS CloudFormation' | base64
For Ref, the full form is more simple than the short form