AWS CloudFormation Flashcards
What is AWS CloudFormation?
Infrastructure as Code.
CloudFormation is a declarative way of outlining your AWS Infrastructure, for any resources (most of them are supported)
Do you have to specify resource order in CF?
CloudFormation creates those for you, in the right order, with the exact configuration that you specify
How CloudFormation Works?
- Templates have to be uploaded in S3 and then referenced in CloudFormation
- To update a template, we can’t edit previous ones. We have to reupload a new version of the template to AWS
- Stacks are identified by a name
- Deleting a stack deletes every single artifact that was created by CloudFormation.
How can you deploy tempaltes to CF?
- manual way
- automated way -> cli upload
What the CF yaml file building blocks?
- Resources: your AWS resources declared in the template (MANDATORY)
- Parameters: the dynamic inputs for your template
- Mappings: the static variables for your template
- Outputs: References to what has been created
- Conditionals: List of conditions to perform resource creation
- Metadata
What are the CF Resources?
- Resources are the core of your CloudFormation template (MANDATORY)
- They represent the different AWS Components that will be created and configured
- Resources are declared and can reference each other
- AWS figures out creation, updates and deletes of resources for us
How does a CF Resource identifier look like?
AWS::aws-product-name::data-type-name, AWS::EC2::Instance
What are the CF Parameters?
- Parameters are a way to provide inputs to your AWS CloudFormation template
- You want to reuse your templates across the company
- Some inputs can not be determined ahead of time
When to use a CF Parameter?
- Ask yourself this:
- Is this CloudFormation resource configuration likely to change in the future?
- If so, make it a parameter
What are the CF Parameter settings?:
- Type:
– String
– Number
– CommaDelimitedList
– List<Type>
-- AWS Parameter (to help catch invalid values – match against existing values in the AWS Account)</Type> - Description
- Constraints
- ConstraintDescription (String)
- Min/MaxLength
- Min/MaxValue
- Defaults
- AllowedValues (array)
- AllowedPattern (regexp)
- NoEcho (Boolean)
How to reference a CF Parameter in the tempalte?
!Ref {parameter}
What are Pseudo Parameters in CF?
- AWS offers us pseudo parameters in any CloudFormation template.
- These can be used at any time and are enabled by default
1. AWS::AccountId
2. AWS::NotificationARNs
3. AWS::NoValue
4. AWS::Region
5. AWS::StackId
6. AWS::StackName
What are Mappings in CF?
- Mappings are fixed variables within your CloudFormation Template.
- They’re very handy to differentiate between different environments (dev vs prod), regions (AWS regions), AMI types, etc
- All the values are hardcoded within the template
Describe an example Mapping for CF
Mappings:
Mapping01:
Key01:
Name: Value01
Key02:
Name: Value02
How to use the Mapping is CF templates?
- We use Fn::FindInMap to return a named value from a specific key
- !FindInMap [ MapName, TopLevelKey, SecondLevelKey ]
What are Outputs in CF?
- The Outputs section declares optional outputs values that we can import into other stacks (if you export them first)!
- It’s the best way to perform some collaboration cross stack, as you let expert handle their own part of the stack
- You can’t delete a CloudFormation Stack if its outputs are being referenced by another CloudFormation stack
What is Cross Stack Reference in a CF template?
Use !ImportValue {otherStackOutput} to reference other stack
What are conditions used for in CF?
- Conditions are used to control the creation of resources or outputs
based on a condition. - Conditions can be whatever you want them to be, but common ones
are: - Environment (dev / test / prod)
- AWS Region
- Any parameter value
- Each condition can reference another condition, parameter value or
mapping
How to define a condition in a CF template?
Conditions:
CreateProdRes: !Equals [ !Ref EnvType, prod]
- The intrinsic function (logical) can be any of the following:
- Fn::And
- Fn::Equals
- Fn::If
- Fn::Not
- Fn::Or
What can Fn:Ref retrive in CF templates?
- Parameters => returns the value of the parameter
- Resources => returns the physical ID of the underlying resource (ex: EC2 ID)
What can Fn:GetAtt retrive in CF templates?
Attributes are attached to any resources you create
Whats the usage of Fn::Join in CF templates?
Join values with a delimiter
!Join [ delimiter, [ coma-delimited list of values]]
Whats the usage of Fn::Sub in CF templates?
Fn::Sub, or !Sub as a shorthand, is used to substitute variables from a
text. It’s a very handy function that will allow you to fully customize your
templates
What are the Rollback options in CF?
- Stack Creation Fails:
– Default: everything rolls back (gets deleted). We can look at the log
– Option to disable rollback and troubleshoot what happened - Stack Update Fails:
– The stack automatically rolls back to the previous known working state
– Ability to see in the log what happened and error messages
What are ChangeSets in CF?
- When you update a stack, you need to know what changes before it happens for greater confidence
- ChangeSets won’t say if the update will be successful
- List the changes thats gonna happen by the update
What are Nested stacks in CF?
- Nested stacks are stacks as part of other stacks
- They allow you to isolate repeated patterns / common components in separate stacks and call them from other stacks
- Nested stacks are considered best practice
- To update a nested stack, always update the parent (root stack)
What are StackSets in CF?
- Create, update, or delete stacks across multiple accounts and regions with a single operation
- Administrator account to create StackSets
- Trusted accounts to create, update, delete stack instances from StackSets
- When you update a stack set, all associated stack instances are updated throughout all accounts and regions.
What is Drift in CF?
You can check what manual changes has been done compared to the original template.
What are Stack Policies in CF?
- During a CloudFormation Stack update, all update actions are allowed on all resources (default)
- A Stack Policy is a JSON document that defines the update actions that are allowed on specific resources during Stack updates
- Protect resources from unintentional updates
- E.g: Allow updates on all resources except the ProductionDatabase
