Infrastructure as code (CF) Flashcards
CloudFormation
CloudFormation defines logical resources within templates (using YAML or JSON).
CloudFormation Stacks
what gets created from a CF template
Parameters
Template parameters accept input form console ,CL, or API
when a stack is created or updated
Template Parameters
Default, or explicit values chosen
you set the values in the template
Parameters references are used by CloudFormation to provision physical resources
Pseudo Parameters
Parameters provided by AWS based on environment when creating the stack
CloudFormation Intrinsic functions: Fn::GettAtt
GetATT can be used to retrieve any attribute associated with the resource. Most Logical resources return detailed configuration of the physical resources.
CloudFormation Intrinsic Functions
AWS CloudFormation provides several built-in functions that help you manage your stacks. Use intrinsic functions in your templates to assign values to properties that are not available until runtime.
CloudFormation Intrinsic functions: Ref
using !Ref on template or pseudo parameters returns their value. When used with logical resources-the physical ID is usually returned
CloudFormation Intrinsic functions:
Fn::Join and Fn: Split
split or join strings
CloudFormation Intrinsic functions:
Fn::GetAZs and Fn::Select
!GetAZs and !Select, a template can be made portable. Rather than explicitly specifying AZ by using intrinsic functions resources can be launched or created in AZ1 AZ2
CloudFormation Intrinsic functions:
Fn::Basse64 & Fn::Sub
Fn::Base64 accepts plaintext .. and outputs Base64 encoded text
Fn::Sub substitutes variables in the input, which their actual runtime values. In the example the instanceid attribute of the instance logical resource.
CloudFormation Conditions
created in the optional ‘conditions’ section of a template
conditions are evaluated to True or False
processed before resources are created
user the other intrinsic function AND,EQUALS,IF,NOT, OR
associated with local resources to control if they are created or not
CloudFormation Intrinsic functions:
Fn::Cider
Fn::Cider is used to generate a number of smaller CIDR ranges for subnets, from a larger VPC range
CloudFormation Mappings
Templates can contain a mapping object which contains may mappings which maps keys to values , allowing lookup
can have one key, or Top & second level
Mappings use the !FindInMap intrinsic function
Common use.. retrieve AMI for given region & architecture
CloudFormation Outputs
Templates can have an optional output section values can be declared in this section visible as outputs when using CLI or console UI.
accessible from a parent stack when using nesting. can be exported , allowing cross-stack references.
CloudFormation DependsOn
Depends on let you explicitly define the dependency order
ex: if resources B and C depends on A both wait for A to complete before starting
CloudFormation Wait Condition, Creation Policy & cfn-signal
configure CloudFormation to hold → wait for ‘x’ number of success signals
wait for Timeout H:M:S for those signals(12hr Max)
can send success or fail signals
EC2 and to scaling groups(AWS resouces) → user a creationPolicy
EC2 or external Systems → used to get information from external system
CloudFormation Nested Stacks
used to overcome the 500 resource limit of one stack
modular template .. code reuse
Make the installation process easier
nested stack created by the root stack
you can only refence the outputs when using nested stacks you can’t reference the logical resources created in any of the nested stack
CloudFront Cross-Stack References
outputs are normally not visible from other stacks
Nested stacks can reference them
outputs can be exported… Making them visible from other stacks
Exports must have a unique name in the regions
Fn::Import can be used instead of Ref
CloudFormation StackSets
Deploy CFN stacks across many account & regions
stack sets are containers in a admin account
container stack instances .. which reference stacks
stack instance & stacks are in ‘target accounts’
each stack = 1 region in 1 account
Retain stack
allows you to remove stack instances from stack sets and by default it will remove the stacks in target accounts but can be set to retain Stack after removal.
Stack Failure Tolerance
the amount of individual deployment can fail before the Stack set is consider failed
Stack set operation options : Maximum concurrent accounts
how many stacks you want deployed in each region
When would you use CloudFormation StackSets
Enabling AWS config
Aws config Rules - MFA, EIPS,EBS encryption
create IAM Roles for cross-account access
CloudFormation DeletionPolicy
if you delete logical resource’s from a template the physical resources is also deleted which could cause data loss.
With deletion policy, you can define on each resource Delete(Default), Retain or (if supported) Snapshot.
What resources can an CloudFormation DeletionPolicy be used on ?
EBS volume, ElastiCache , Neptune ,RDS , Redshift
CF Stack Roles
CFN uses the permissions of the logged in identity
which means you need permission for AWS
CFN can assume a role to gain permissions
This lets you implement role separation
The identities creating the stack.. doesn’t need resource permission-only PassRole
CloudFormation cfn-init
Another way you can provide configuration information to an ec2 instance
simple configuration management system AWS::CloudFormation::Init part of logical resouces
Desired state -What(Cfn-init decides How)
Cfn-init helper-script -installed on EC2 OS(makes it so)
CloudFormation cfn-hup
if CloudFormation::Init is updated, it isn’t run
cfn-hup helper is a daemon which can be installed
detects changes in resources metadata
running configurable actions when a change is detected
Update Stack → update config on EC2 instances
CloudFormation Change Sets
changes to stacks could cause no interruptions, some interruption, or Replacement which cause interruptions.
change sets let you preview changes(A change set: over view of changes to a stack)
multiple different version(lots of change sets)
chosen changes can be applied by executing the change set
CloudFormation Custom Resources
Custom resources Lets CFN integrated with anything it doesn’t yet or doesn’t natively support
passes data to something and gets data back from something
CFN sends data to an endpoint that you define within the custom Resources that data gets sent to a lambada function or an SNS topic once created it then signals back to CFN
How does Cloud Formation work ? Explain the process ?
The logical resource defines the WHAT, and leaves the HOW up to the CFN product.
A CFN stack creates a physical resource for every logical resource - updating or deleting them as a template changes.
What some defaults that parameters can be configured with ?
can be configured with Defaults, AllowedValues, Min and Max length & Allowed Patterns, No Echo & Type
How can parameters influence the resources created ?
can be referenced from within Logical resources
which allows them influence physical resources and /or configuration