AWS CloudFormation

Question 1

What is AWS CloudFormation?

Answer 1

Infrastructure as Code.
CloudFormation is a declarative way of outlining your AWS Infrastructure, for any resources (most of them are supported)

Question 2

Do you have to specify resource order in CF?

Answer 2

CloudFormation creates those for you, in the right order, with the exact configuration that you specify

Question 3

How CloudFormation Works?

Answer 3

• Templates have to be uploaded in S3 and then referenced in CloudFormation
• To update a template, we can’t edit previous ones. We have to reupload a new version of the template to AWS
• Stacks are identified by a name
• Deleting a stack deletes every single artifact that was created by CloudFormation.

Question 4

How can you deploy tempaltes to CF?

Answer 4

• manual way
• automated way -> cli upload

Question 5

What the CF yaml file building blocks?

Answer 5

1. Resources: your AWS resources declared in the template (MANDATORY)
2. Parameters: the dynamic inputs for your template
3. Mappings: the static variables for your template
4. Outputs: References to what has been created
5. Conditionals: List of conditions to perform resource creation
6. Metadata

Question 6

What are the CF Resources?

Answer 6

• Resources are the core of your CloudFormation template (MANDATORY)
• They represent the different AWS Components that will be created and configured
• Resources are declared and can reference each other
• AWS figures out creation, updates and deletes of resources for us

Question 7

How does a CF Resource identifier look like?

Answer 7

AWS::aws-product-name::data-type-name, AWS::EC2::Instance

Question 8

What are the CF Parameters?

Answer 8

• Parameters are a way to provide inputs to your AWS CloudFormation template
• You want to reuse your templates across the company
• Some inputs can not be determined ahead of time

Question 9

When to use a CF Parameter?

Answer 9

• Ask yourself this:
• Is this CloudFormation resource configuration likely to change in the future?
• If so, make it a parameter

Question 10

What are the CF Parameter settings?:

Answer 10

• Type:
  – String
  – Number
  – CommaDelimitedList
  – List<Type>
  -- AWS Parameter (to help catch invalid values – match against existing values in the AWS Account)</Type>
• Description
• Constraints
• ConstraintDescription (String)
• Min/MaxLength
• Min/MaxValue
• Defaults
• AllowedValues (array)
• AllowedPattern (regexp)
• NoEcho (Boolean)

Question 11

How to reference a CF Parameter in the tempalte?

Answer 11

!Ref {parameter}

Question 12

What are Pseudo Parameters in CF?

Answer 12

• AWS offers us pseudo parameters in any CloudFormation template.
• These can be used at any time and are enabled by default
  1. AWS::AccountId
  2. AWS::NotificationARNs
  3. AWS::NoValue
  4. AWS::Region
  5. AWS::StackId
  6. AWS::StackName

Question 13

What are Mappings in CF?

Answer 13

• Mappings are fixed variables within your CloudFormation Template.
• They’re very handy to differentiate between different environments (dev vs prod), regions (AWS regions), AMI types, etc
• All the values are hardcoded within the template

Question 14

Describe an example Mapping for CF

Answer 14

Mappings:
Mapping01:
Key01:
Name: Value01
Key02:
Name: Value02

Question 15

How to use the Mapping is CF templates?

Answer 15

• We use Fn::FindInMap to return a named value from a specific key
• !FindInMap [ MapName, TopLevelKey, SecondLevelKey ]

Question 16

What are Outputs in CF?

Answer 16

• The Outputs section declares optional outputs values that we can import into other stacks (if you export them first)!
• It’s the best way to perform some collaboration cross stack, as you let expert handle their own part of the stack
• You can’t delete a CloudFormation Stack if its outputs are being referenced by another CloudFormation stack

Question 17

What is Cross Stack Reference in a CF template?

Answer 17

Use !ImportValue {otherStackOutput} to reference other stack

Question 18

What are conditions used for in CF?

Answer 18

• Conditions are used to control the creation of resources or outputs
  based on a condition.
• Conditions can be whatever you want them to be, but common ones
  are:
• Environment (dev / test / prod)
• AWS Region
• Any parameter value
• Each condition can reference another condition, parameter value or
  mapping

Question 19

How to define a condition in a CF template?

Answer 19

Conditions:
CreateProdRes: !Equals [ !Ref EnvType, prod]

• The intrinsic function (logical) can be any of the following:
• Fn::And
• Fn::Equals
• Fn::If
• Fn::Not
• Fn::Or

Question 20

What can Fn:Ref retrive in CF templates?

Answer 20

• Parameters => returns the value of the parameter
• Resources => returns the physical ID of the underlying resource (ex: EC2 ID)

Question 21

What can Fn:GetAtt retrive in CF templates?

Answer 21

Attributes are attached to any resources you create

Question 22

Whats the usage of Fn::Join in CF templates?

Answer 22

Join values with a delimiter
!Join [ delimiter, [ coma-delimited list of values]]

Question 23

Whats the usage of Fn::Sub in CF templates?

Answer 23

Fn::Sub, or !Sub as a shorthand, is used to substitute variables from a
text. It’s a very handy function that will allow you to fully customize your
templates

Question 24

What are the Rollback options in CF?

Answer 24

• Stack Creation Fails:
  – Default: everything rolls back (gets deleted). We can look at the log
  – Option to disable rollback and troubleshoot what happened
• Stack Update Fails:
  – The stack automatically rolls back to the previous known working state
  – Ability to see in the log what happened and error messages

Question 25

What are ChangeSets in CF?

Answer 25

• When you update a stack, you need to know what changes before it happens for greater confidence
• ChangeSets won’t say if the update will be successful
• List the changes thats gonna happen by the update

Question 26

What are Nested stacks in CF?

Answer 26

• Nested stacks are stacks as part of other stacks
• They allow you to isolate repeated patterns / common components in separate stacks and call them from other stacks
• Nested stacks are considered best practice
• To update a nested stack, always update the parent (root stack)

Question 27

What are StackSets in CF?

Answer 27

• Create, update, or delete stacks across multiple accounts and regions with a single operation
• Administrator account to create StackSets
• Trusted accounts to create, update, delete stack instances from StackSets
• When you update a stack set, all associated stack instances are updated throughout all accounts and regions.

Question 28

What is Drift in CF?

Answer 28

You can check what manual changes has been done compared to the original template.

Question 29

What are Stack Policies in CF?

Answer 29

• During a CloudFormation Stack update, all update actions are allowed on all resources (default)
• A Stack Policy is a JSON document that defines the update actions that are allowed on specific resources during Stack updates
• Protect resources from unintentional updates
• E.g: Allow updates on all resources except the ProductionDatabase