AWS CloudFormation
CloudFormation is a service that helps to create and configure the resources and their properties. Developers/Customers can focus on their applications and spend less time to manage the resources. We are going to discuss about the following topics in this article. They are
- Concepts in CloudFormation
- How the CloudFormation works?
- Working with Templates
- Working with Stacks
- Working with StackSets
1. Concepts in CloudFormation
The Template is a text file that contains multiple statements. It describes the AWS resources that you mentioned in that. By using this template, the CloudFormation builds the resources for you based on your specified details in the template. You can save these files with the extensions of .template, .txt, .yaml, and .json.
Stack is a collection of AWS resources you want to deploy together as a group in the template.
Generally, If you want to change the resource in the stack, then CloudFormation will replace the new one with the old one. If you’re going to change the resource in the stack without deletion, you must update the stack by creating change sets. Change sets allow you to see how your changes affect the resources before implementing them.
StackSets used for create, update, or delete stacks across multiple accounts and AWS Regions with a single operation. A stack set is a regional resource. If you create a stack set in one AWS Region, you can only see or change it when viewing that Region.
2. How does AWS CloudFormation Work
2.1 Creating the stack Use the AWS CloudFormation designer (It is a graphic tool for creating, viewing, and modifying the template) or Your text editor to create and modify the CloudFormation template or custom template in JSON and YAML format. You can get more sample templates by using this URL. For Example: If you want to create the ec2 instance in t2.micro type. you can write in the template in JSON format.
{
“AWSTemplateFormatVersion”: “2010–09–09”,
“Description”: “A simple EC2 instance”,
“Resources”: {
“MyEC2Instance”: {
“Type”: “AWS::EC2::Instance”,
“Properties”: {
“ImageId”: “ami-0ff8a91507f77f867”,
“InstanceType”: “t2.micro”
} } }}
2.2 Updating stacks with change sets When you want to update the resources in your stack, you want to update the stack. The CloudFormation compares the updated stack with the old stack and generates the change sets. After seeing the change sets, you can create a new stack or update the stack depending on your needs. The CloudFormation indicates the status of the stack whether it is successful or failed. If successful you can continue to carry on your work. If failed to update the stack, the CloudFormation restores the changes of your last known working state.
Note: If you specify that your template is stored on the local computer the CloudFormation will automatically upload to the S3 bucket of your account. Change sets do not indicate the status of the stack whether it is successfully updated or failed. If your updating resources do not support updates (or) If you do have not enough permissions to update the stack. Then the stack will fail.
3. Working with Templates
Templates describe the resources that you want to provision in your AWS CloudFormation stacks which are formatted text files in JSON or YAML. If you’re unfamiliar with JSON or YAML, you can use AWS CloudFormation Designer. Template snippets provides examples that demonstrate how to write templates for a particular resource.
AWS recommends that you don’t add # YAML comments to your templates in Designer. If your YAML template has # comments, Designer doesn't preserve those comments when converting the template to JSON. In addition, if you modify your template in Designer (for example, if you move a resource on the canvas), your comments are lost. You can add comments to the AWS CloudFormation templates you create outside of Designer.
AWS CloudFormation Designer is a tool for visually creating and modifying templates. With Designer, you can diagram your template resources using a drag-and-drop interface, and then edit their details using the integrated JSON and YAML editor. AWS CloudFormation Designer (Designer) provides the following benefits of simplifying, template authoring and template editing.
4. Working with Stacks
You can create, update, and delete the template by creating, update, and delete the stack. If a resource can’t be created, AWS CloudFormation rolls the stack back and automatically deletes any resources that were created. For ex: You need to prepare 3 resources using stack, 2 resources are successfully created and 1 resource is failed to create. In this stage, cloudformation will rollback the failed stack and delete that resource. If a resource can’t be deleted, any remaining resources are retained until the stack can be successfully deleted. You are charged for the stack resources for the time they were operating (even if you deleted the stack right away). AWS CloudFormation provides two methods for updating stacks: direct update or creating and executing change sets.
Nested Stack are stacks created as part of other stacks. To use the resource in multiple templates, you can refer the resource only not the template. see the diagram below..
4.1 Stack failure options
It indicates 3 options when there is a failure in deploying the stack (or) in change set operation.
The Roll back all stack resources option will roll back all resources specified in the template when the stack status is CREATE_FAILED or UPDATE_FAILED.
For create operations, the Preserve successfully provisioned resources option preserves the state of successful resources, while failed resources will stay in a failed state until the next update operation is performed.
For update and change set operations, the Preserve successfully provisioned resources option preserve the state of successful resources while rolling back failed resources to the last known stable state.
4.2 Monitor and roll back stack operation using cloudwatch
Rollback triggers enable you to have AWS CloudFormation monitor the state of your application during stack creation and updating, and to roll back that operation if the application breaches the threshold of the alarms you’ve specified. You can set a monitoring time from 0 up to 180 minute. default time is 0 minute. If an alarm is in ALARM state during the creation or updating the stack, CloudFormation rolls back the entire stack operation. If an alarm goes to INSUFFICIENT_DATA state as well, edit the CloudWatch alarm to treat missing data as breaching.
4.3 Deleting the stack
When you delete all the resources in your stack, then only you can delete the stack. So the cloudFormation indicates that deletion is successful. If you want some resources while deleting the stack, you can use the Retain attribute in the Deletion Policy. The stack deletion operation can’t be stopped in DELETE_IN_PROGRESS state once the stack deletion has begun. Terminal protection is the option to prevent the stack from accidental protection. By default this is disabled, You can enable this option when creating the stack. You can change the user who can change the terminal protection on stack using cloudformation:UpdateTerminationProtection action.
5. Working with StackSets
StackSet is used to create, update, or delete stacks across multiple accounts and AWS Regions with a single operation. A stack set is a regional resource. If you create a stack set in one AWS Region, you can only see or change it when viewing that Region.
A stack instance is a reference to a stack in a target account within a Region. A stack instance can exist without a stack. For example, if the stack couldn’t be created for some reason, the stack instance shows the reason for stack creation failure. A stack instance associates with only one stack set.