This document provides an overview of AWS CloudFormation including:
- How it allows for the creation and management of AWS resources through templates
- The components of CloudFormation including templates, stacks, and the CloudFormation API
- How to work with templates, create stacks, update stacks, and delete stacks
- Details on working with AWS resources and parameters within templates
- How to reference properties of other resources and input parameters
- Techniques for bootstrapping applications and handling updates within stacks
2. A technical deep dive beyond the basics
Help educate you on how to get the best from AWS technologies
Show you how things work and how to get things done
Broaden your knowledge in ~45 mins
Masterclass
3. An easy way to create & manage a collection of AWS resources
Allows orderly and predictable provisioning and updating of resources
Allows you to version control your AWS infrastructure
Deploy and update stacks using console, command line or API
Available at no additional charge, you only pay for the resources you create
AWS CloudFormation
4. CloudFormation
Don’t reinvent the wheel Declarative & Flexible
Transparent and Open
No Extra Charge
Integration Ready
Customized via Parameters
5. Template CloudFormation Stack
JSON formatted file
Parameter definition
Resource creation
Configuration actions
Configured AWS services
Comprehensive service support
Service event aware
Customisable
Framework
Stack creation
Stack updates
Error detection and rollback
CloudFormation – Components & Technology
6. Creating Templates
Using a Template to Create and Manage a Stack
Working with the CloudFormation API
Working with AWS Resources
Bootstrapping Applications and Handling Updates
8. CloudFormation Templates
Familiar JSON Format
ReusableManage Relationships
Automate Generation Avoid Collisions
Provide Feedback
Write & GoLook Up Resources
9. {
"Description" : "A text description for the template usage",
"Parameters": {
// A set of inputs used to customize the template per deployment
},
"Resources" : {
// The set of AWS resources and relationships between them
},
"Outputs" : {
// A set of values to be made visible to the stack creator
},
"AWSTemplateFormatVersion" : "2010-09-09”
}
High Level Template Structure
10. {
"Description": "Create an EC2 instance running the latest Amazon Linux AMI.",
"Parameters": {
"KeyPair": {
"Description": "The EC2 Key Pair to allow SSH access to the instance",
"Type": "String"
}
},
"Resources": {
"Ec2Instance": {
"Properties": {
"ImageId": "ami-dd925baa",
"InstanceType" : "m3.medium",
"KeyName": {
"Ref": "KeyPair"
}
},
"Type": "AWS::EC2::Instance"
}
},
"Outputs": {
"InstanceId": {
"Description": "The InstanceId of the newly created EC2 instance",
"Value": {
"Ref": "Ec2Instance"
}
}
},
"AWSTemplateFormatVersion": "2010-09-09"
}
A Simple Template that creates an EC2 Instance
11. {
"Description": "Create an EC2 instance running the latest Amazon Linux AMI.",
"Parameters": {
"KeyPair": {
"Description": "The EC2 Key Pair to allow SSH access to the instance",
"Type": "String"
}
},
"Resources": {
"Ec2Instance": {
"Properties": {
"ImageId": "ami-dd925baa",
"InstanceType" : "m3.medium",
"KeyName": {
"Ref": "KeyPair"
}
},
"Type": "AWS::EC2::Instance"
}
},
"Outputs": {
"InstanceId": {
"Description": "The InstanceId of the newly created EC2 instance",
"Value": {
"Ref": "Ec2Instance"
}
}
},
"AWSTemplateFormatVersion": "2010-09-09"
}
A Simple Template that creates an EC2 Instance
You will be asked to enter values for these
parameters when you create your stack
12. {
"Description": "Create an EC2 instance running the latest Amazon Linux AMI.",
"Parameters": {
"KeyPair": {
"Description": "The EC2 Key Pair to allow SSH access to the instance",
"Type": "String"
}
},
"Resources": {
"Ec2Instance": {
"Properties": {
"ImageId": "ami-dd925baa",
"InstanceType" : "m3.medium",
"KeyName": {
"Ref": "KeyPair"
}
},
"Type": "AWS::EC2::Instance"
}
},
"Outputs": {
"InstanceId": {
"Description": "The InstanceId of the newly created EC2 instance",
"Value": {
"Ref": "Ec2Instance"
}
}
},
"AWSTemplateFormatVersion": "2010-09-09"
}
A Simple Template that creates an EC2 Instance
Includes statically defined properties
(ImageID & Instance Type) plus a reference
to the KeyPair parameter. ImageID is the
AMI specific to the region that you will
launch this stack in
13. {
"Description": "Create an EC2 instance running the latest Amazon Linux AMI.",
"Parameters": {
"KeyPair": {
"Description": "The EC2 Key Pair to allow SSH access to the instance",
"Type": "String"
}
},
"Resources": {
"Ec2Instance": {
"Properties": {
"ImageId": "ami-dd925baa",
"InstanceType" : "m3.medium",
"KeyName": {
"Ref": "KeyPair"
}
},
"Type": "AWS::EC2::Instance"
}
},
"Outputs": {
"InstanceId": {
"Description": "The InstanceId of the newly created EC2 instance",
"Value": {
"Ref": "Ec2Instance"
}
}
},
"AWSTemplateFormatVersion": "2010-09-09"
}
A Simple Template that creates an EC2 Instance
These outputs will be returned once the
template has completed execution
41. aws cloudformation create-stack
--stack-name ec2InstanceCmdLineDemo
--template-url https://s3-eu-west-1.amazonaws.com/cf-templates-
1fhelryvrdrbr-eu-west-1/2014174d0r-ec2Instance.template
--parameters ParameterKey=KeyPair,ParameterValue=ManagementKeyPair
arn:aws:cloudformation:eu-west-
1:554625704737:stack/ec2InstanceCmdLineDemo/42cc6150-fad7-11e3-8f4d-
5017e1aef4e7
Using a template to create and manage a stack via the AWS CLI
Returns the details of the created stack, in the output format of your choice
43. cancel-update-stack get-stack-policy
create-stack get-template
delete-stack list-stack-resources
describe-stack-events list-stacks
describe-stack-resource set-stack-policy
describe-stack-resources update-stack
describe-stacks validate-template
$ aws cloudformation update-stack help
Other AWS CLI actions for CloudFormation
As usual, you can get more details via the AWS CLI
44. $ aws cloudformation update-stack help
SYNOPSIS
update-stack
--stack-name <value>
[--template-body <value>]
[--template-url <value>]
[--use-previous-template | --no-use-previous-template]
[--stack-policy-during-update-body <value>]
[--stack-policy-during-update-url <value>]
[--parameters <value>]
[--capabilities <value>]
[--stack-policy-body <value>]
[--stack-policy-url <value>]
[--notification-arns <value>]
Help via the AWS CLI
47. Designed to use your existing experience with AWS.
Each resource has a set of parameters with names
that are identical to the names used to create the
resources through their native API.
Working with AWS Resources
Template reference: docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-reference.html
48. Working with AWS Resources
"myVolume" : {
"Type" : "AWS::EC2::Volume",
"Properties" : {
"Size" : "10",
"SnapshotId" : "snap-7b8fd361",
"AvailabilityZone" : "eu-west-1a"
}
}
This example defines an Amazon EBS Volume with a logical name
‘myVolume’. Its type is "AWS::EC2::Volume”
If you’ve used EBS previously, the properties should look very familiar
49. Working with AWS Resources
"InstanceSecurityGroup" : {
"Type" : "AWS::EC2::SecurityGroup",
"Properties" : {
"GroupDescription" : "Enable SSH access via port 22",
"SecurityGroupIngress" : [ {
"IpProtocol" : "tcp",
"FromPort" : "22",
"ToPort" : "22",
"CidrIp" : "0.0.0.0/0"
} ]
}
}
Creating a Security Group resource
61. Working with non-AWS Resources
Defining custom resources allows
you to include non-AWS resources
in a CloudFormation stack
More on Custom Resources in ‘AWS CloudFormation under the Hood’ from re:Invent 2013: http://youtu.be/ZhGMaw67Yu0
AWS CloudFormation Custom Resource Walkthrough documentation:
docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/crpg-walkthrough.html
64. cfn-hup
cfn-signal
cfn-get-
metadata
Bootstrapping Applications & Handling Updates
Amazon EC2AWS CloudFormation
cfn-init
Option 2: AWS CloudFormation provides helper scripts for
deployment within your EC2 instances
Metadata Key — AWS::CloudFormation::Init
Cfn-init reads this metadata key and installs the packages listed in this key (e.g.,
httpd, mysql, and php). Cfn-init also retrieves and expands files listed as sources.
65. Bootstrapping Applications & Handling Updates
"Resources" : {
"WebServer": {
"Type": "AWS::EC2::Instance",
"Metadata" : {
"Comment1" : "Configure the bootstrap helpers to install the Apache Web Server and PHP",
"Comment2" : "The website content is downloaded from the CloudFormationPHPSample.zip file",
"AWS::CloudFormation::Init" : {
"config" : {
"packages" : {
"yum" : {
"mysql" : [],
"mysql-server" : [],
"mysql-libs" : [],
"httpd" : [],
"php" : [],
"php-mysql" : []
}
},
"sources" : {
"/var/www/html" : "https://s3.amazonaws.com/cloudformation-examples/CloudFormationPHPSample.zip"
}
}
}
}
67. Bootstrapping Applications & Handling Updates
"files" : {
"/tmp/setup.mysql" : {
"content" : { "Fn::Join" : ["", [
"CREATE DATABASE ", { "Ref" : "DBName" }, ";n",
"GRANT ALL ON ", { "Ref" : "DBName" }, ".* TO '", { "Ref" : "DBUsername" }, "'@localhost
IDENTIFIED BY '", { "Ref" : "DBPassword" }, "';n"
]]},
"mode" : "000644",
"owner" : "root",
"group" : "root"
}
}
The files key allows you to write files to the instance filesystem
68. Bootstrapping Applications & Handling Updates
"services" : {
"sysvinit" : {
"mysqld" : {
"enabled" : "true",
"ensureRunning" : "true"
},
"httpd" : {
"enabled" : "true",
"ensureRunning" : "true"
}
}
The services key allows you ensures that the services are not only
running when cfn-init finishes (ensureRunning is set to true); but that
they are also restarted upon reboot (enabled is set to true).
More on Deploying Applications with AWS CloudFormation:
docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/deploying.applications.html
69. Bootstrapping Applications & Handling Updates
Yes!
All that functionality is available for
your Windows instances too!
Bootstrapping AWS CloudFormation Windows Stacks:
docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-windows-stacks-bootstrapping.html
70. Bootstrapping Applications & Handling Updates
Find out more here: aws.amazon.com/cloudformation/aws-cloudformation-articles-and-tutorials/
What about Chef?
and/or
What about Puppet?
78. AWS Training & Certification
Certification
aws.amazon.com/certification
Demonstrate your skills,
knowledge, and expertise
with the AWS platform
Self-Paced Labs
aws.amazon.com/training/
self-paced-labs
Try products, gain new
skills, and get hands-on
practice working with
AWS technologies
aws.amazon.com/training
Training
Skill up and gain
confidence to design,
develop, deploy and
manage your applications
on AWS
80. We typically see customers start by trying our
services
Get started now at : aws.amazon.com/getting-started
81. Design your application for the AWS Cloud
More details on the AWS Architecture Center at : aws.amazon.com/architecture
Editor's Notes
CloudFormation templates have several advantages:
Follow a JSON familiar format: A CloudFormation template is simply a JSON (JavaScript Object Notation)-formatted text file that describes the AWS infrastructure needed to run an application or service along with any interconnection between them.
Manage relationships: Templates concisely capture resource relationships, such as EC2 instances that must be associated with an Elastic Load Balancing load balancer, or the fact that an EBS volume must be in the same EC2 Availability Zone as the instance to which it is attached.
Use over and over: Using template parameters enable a single template to be used for many infrastructure deployments with different configuration values, such as how many instances to deploy for the application.
Get helpful feedback: Templates also provide output properties for communicating deployment results or configuration information back to the user. For example, when instantiated, a template may provide the URL of the Elastic Load Balancing endpoint the customer should use to connect to the newly instantiated application.
Avoid collisions: All AWS resources in a template are identified using logical names, allowing multiple stacks to be created from a template without fear of naming collisions between AWS resources.
Write and go: Use any method to launch a stack without having to register the template with AWS CloudFormation beforehand.
Look up resources: AWS CloudFormation retains a copy of the stack template so you can use the AWS Management Console, the command line tools or the APIs to look up the precise resource configurations that were applied during stack creation.
Automate: You have the option to automate template generation using a programming language or a tool of your choice. You also have the option to automate stack creation from the templates using the CloudFormation API, AWS SDKs, or AWS CLI.
Q: What are the elements of an AWS CloudFormation template?
AWS CloudFormation templates are JSON formatted text files that are comprised of five types of elements:
An optional list of template parameters (input values supplied at stack creation time)
An optional list of output values (e.g. the complete URL to a web application)
An optional list of data tables used to lookup static configuration values (e.g., AMI names)
The list of AWS resources and their configuration values
A template file format version number
With parameters, you can customize aspects of your template at run time, when the stack is built. For example, the Amazon RDS database size, Amazon EC2 instance types, database and web server port numbers can be passed to AWS CloudFormation when a stack is created. Each parameter can have a default value and description and may be marked as “NoEcho” in order to hide the actual value you enter on the screen and in the AWS CloudFormation event logs. When you create an AWS CloudFormation stack, the AWS Management Console will automatically synthesize and present a pop-up dialog form for you to edit parameter values.
Output values are a very convenient way to present a stack’s key resources (such as the address of an Elastic Load Balancing load balancer or Amazon RDS database) to the user via the AWS Management Console, or the command line tools. You can use simple functions to concatenate string literals and value of attributes associated with the actual AWS resources.
Intrinsinc fuctions:
The intrinsic function Fn::Base64 returns the Base64 representation of the input string. This function is typically used to pass encoded data to Amazon EC2 instances by way of the UserData property.
The intrinsic function Fn::FindInMap returns the value corresponding to keys into a two-level map declared in the Mappings section.
The intrinsic function Fn::GetAtt returns the value of an attribute from a resource in the template.
The intrinsic function Fn::GetAZs returns an array that lists all Availability Zones for the specified region.
The intrinsic function Fn::Join appends a set of values into a single value, separated by the specified delimiter.
The intrinsic function Fn::Select returns a single object from a list of objects by index.
The intrinsic function Ref returns the value of the specified parameter or resource.
Pseudo parameter:
AWS::NotificationARNs: Returns the list of notification Amazon Resource Names (ARNs) for the current stack.
AWS::Region Returns a string representing the AWS Region in which the encompassing resource is being created.
AWS::StackId Returns the ID of the stack as specified with the cfn-create-stack command.
AWS::StackName Returns the name of the stack as specified with the cfn-create-stack command.
And you can use all of these functions and parameters in your templates to customize your templates and make them more reusable by removing hardcoded values like Azs, region names, ...
AWS CloudFormation provides the following helpers to allow you to deploy your application code or application and OS configuration at the time you launch your EC2 instances:
cfn-init: Used to retrieve and interpret the resource metadata, installing packages, creating files and starting services.
cfn-signal: A simple wrapper to signal a CloudFormation WaitCondition allowing you to synchronize other resources in the stack with the application being ready.
cfn-get-metadata: A wrapper script making it easy to retrieve either all metadata defined for a resource or path to a specific key or subtree of the resource metadata.
cfn-hup: A daemon to check for updates to metadata and execute custom hooks when the changes are detected.