Customizing Cloudformation

Customizing with CloudFormation

How CloudFormation Works

Define Resources: Define your resources in a template, or use a prebuilt template
Upload Template: Upload the template to CloudFormation, or point to a template stored in an Amazon S3 bucket
Create Stack: Run a create stack action - resources are created across multiple services in your AWS account as a running environment
Stack Management: The stack retains control of created resources. You can later update stack, detect drift, or delete stack

CloudFormation Service Coverage

CloudFormation offers broad support for AWS services. In cases where exact features aren’t available, you can invoke an AWS Lambda function during stack build that calls the AWS SDK to reach full service API coverage.

Stack as Resource Handle: After successful completion, AWS resources exist in your account and the stack object remains as a handle to all created resources. This enables future actions like updating the stack (creating additional resources or modifying existing ones) or deleting the stack (cleaning up and deleting stack-created resources).

CloudFormation Template Syntax

CloudFormation templates can be authored in either JSON or YAML.

YAML
JSON

AWSTemplateFormatVersion: 2010-09-09
Resources:
awsexamplebucket1:
  Type: AWS::S3::Bucket

YAML Advantages:

Optimized for readability
Less verbose (no braces, fewer quotation marks)
Supports embedded comments
Easier debugging (no missing commas or braces issues)

{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources" : {
  "awsexamplebucket1" : {
    "Type" : "AWS::S3::Bucket"
  }
}
}

JSON Advantages:

More widely used by other computer systems (APIs)
Usually less complex to generate and parse
Cross compatibility

Choose the language that best suits your use case, business needs, and experience. Treat templates as source code and store them in a code repository.

Anatomy of a CloudFormation Template

---
AWSTemplateFormatVersion: "version date"
Description: String
Metadata: template metadata
Parameters: set of parameters
Rules: set of rules
Mappings: set of mappings
Conditions: set of conditions
Transform: set of transforms
Resources: set of resources
Outputs: set of outputs

Section Descriptions

Format Version: CloudFormation template version the template conforms to
Description: Text string describing the template (must follow Format Version)
Metadata: Objects providing additional information about the template
Parameters: Values to pass to template at runtime during stack creation/update
Rules: Validates parameters or parameter combinations during stack operations
Mappings: Mapping of keys and associated values for conditional parameter values (lookup table)
Conditions: Controls whether certain resources are created or properties assigned during stack operations
Transform: For serverless applications, specifies AWS SAM version to use
Resources (required): Specifies stack resources and their properties
Outputs: Values returned when viewing stack properties

Resources Template Example

{
"Resources": {
  "Ec2Instance": {
    "Type": "AWS::EC2::Instance",
    "Properties": {
      "ImageId": "ami-9d23aeea",
      "InstanceType": "m3.medium",
      "KeyName": {"Ref": "KeyPair"}
    }
  }
},
"Outputs": {
  "InstanceId": {
    "Description": "InstanceId",
    "Value": {"Ref": "Ec2Instance"}
  }
}
}

Resources define what needs to be created in the AWS account (all you need). Outputs specify values returned after the stack is created.

AWS CloudFormation Designer

Designer is a graphic tool for creating, viewing, and modifying CloudFormation templates with a drag-and-drop interface.

Designer Components

Toolbar: Quick access to commands for opening/saving templates, undoing changes, creating stacks, and validating templates
Resource Types Pane: Lists all template resources categorized by AWS service name
Canvas Pane: Displays template resources as a diagram for adding/removing resources and creating relationships
Fit-to-Window Button: Resizes canvas to fit template diagram
View Buttons: Select full-screen canvas, full-screen editor, or split-screen views
Integrated JSON/YAML Editor: Specify template details like resource properties or parameters
Messages Pane: Displays success/failure messages and validation errors

Using Conditions

You can use the same CloudFormation template to create both production and development environments while maintaining consistency.

Example Use Case:

Production Environment: Configured to run across two Availability Zones
Development Environment: Runs in a single Availability Zone

These deployment-specific differences can be accomplished using conditions. Conditions help ensure that development, test, and production environments - though different in size and scope - are otherwise configured identically.

CloudFormation Change Sets

Preview Changes

Change sets allow you to preview changes before implementing them.

Change Set Workflow

Create Change Set: Submit changes for the stack you want to update
View Change Set: See which stack settings and resources will change
Execute Change Set: CloudFormation updates your stack with those changes

DeletionPolicy Attribute: Use to preserve or back up a resource when its stack is deleted or updated. If a resource has no DeletionPolicy attribute, CloudFormation deletes the resource.

Drift Detection

Drift detection identifies when deployed resources no longer match their template specifications.

Drift Detection Scenario

Application environment created by CloudFormation stack
Someone manually modifies security group outside CloudFormation context (opens new inbound TCP port)
Drift detection run on stack
All resources except security group show IN_SYNC, security group shows MODIFIED with details

Important Consideration: When deleting a stack with drift, the drift is not handled by CloudFormation resource cleanup process. Unresolved resource dependencies might cause delete stack action to fail, requiring manual resolution.

Scoping and Organizing Templates

Frontend Services

Web interfaces, mobile access, and analytics dashboard

Backend Services

Search, payments, reviews, and recommendations

Shared Services

CRM databases, common monitoring, alarms, subnets, and security groups

Network

VPCs, internet gateways, VPNs, and NAT devices

Security

IAM policies, users, groups, and roles

Strategy Recommendations:

Group resource definitions similar to organizing enterprise application functionality
Put tightly connected infrastructure components in same templates
Consider using nested stacks for common patterns
Treat templates as code requiring version control
Store templates in source control system

CloudFormation enables infrastructure as code through templates that can be version-controlled, reused across environments, and managed through automated change processes. This approach transforms infrastructure management from manual, error-prone processes to predictable, repeatable automation.