[ARTICLE]

AWS Cloudformation: An Introduction to the Automation Service

AWS CloudFormation (CF) is an automation service that can be used to model and deploy an Amazon Web Services resource stack based on a text-based template. A CloudFormation template describes all the AWS resources that you want (like Amazon EC2 instances, AWS Elastic Beanstalk environments, Amazon RDS DB instances, …). The CloudFormation service then uses the CF template to correctly provision and configure the requested resources and manage resource dependencies. Some of the key benefits of this template-driven model of managing infrastructure include simplifying management processes, allow version control of infrastructure changes, leverage existing templates to replicate infrastructure.

Automate and simplify management

Amazon Web Services provides many microservices that are commonly used together to support an application.  The graphic below shows the AWS resources for a LAMP-stack scalable web app. You can see a back-end database, load balancer, and autoscaling group, among other pieces that all work together to make this app work.

While you could manually interact with each AWS service to provision them in turn and then configure them to work together, CF provides a simpler way to do this. In the case of this particular example stack, you could use the existing CF LAMP stack framework template as is or modify it to match your requirements. CloudFormation automatically creates the Auto Scaling Group, load balancer, database, and security groups for you with the CF template. 

To emphasize all that CloudFormation is doing for you, consider the process of creating an Amazon Route53 (DNS) record and associate it with an EC2 instance. The EC2 instance needs to exist before the creation of the DNS record.  You could sit and wait, for instance, for creation to complete and then got to Route53 to create the DNS record. Or you might do something more clever and script something up with AWS API calls, some wait loops, and retry logic.  Or you could create a CF template and let CloudFormation’s built-in intelligence make sure that the resources are created in the correct order.

CloudFormation also helps with cleanup. If you want to delete a running stack, CloudFormation will automatically delete all the stack resources. In addition to simplifying management of the entire collection of resources as a single unit, CF automation also ensures that resources are not orphaned when cleaning up.

Version Control and Infrastructure-as-code

If you manage your AWS resources manually, interacting individually with each service to build your application environment, it becomes important to keep track of changes to your configurations if a new config causes a problem, and you wish to revert to the original state. Because the CloudFormation template is text-based (written either in JSON or YAML), it becomes easy to put your CF templates into version control.  (See a partial example of an EC2 CF template below or check out the full template.) 

With your infrastructure defined as a CloudFormation template, if you change up the EC2 instance types and suddenly apply performance issues with the new configuration, you can easily revert. Just rerun CloudFormation with the prior CF template to return to the prior acceptable state.  All of the other benefits of version control that apply to using it in software development apply to this infrastructure-as-code management model – you can review what changed, when, and who made the change.

Automate Infrastructure Replication

You’ve probably already figured this out, but it becomes simple to recreate your infrastructure in different zones or regions with an infrastructure template. This simplifies the dev-to-prod process as an approved dev CF template can be promoted and used to create your new production environment without worrying that manually recreating each resource introduces errors.  It also becomes trivial to set up additional environments in different regions for disaster recovery (DR) or high availability (HA) purposes. Automation for the win.

Understanding CloudFormation – a Simple Template Example

We took a look at this sample Amazon EC2 instance with a security group earlier, but let’s look a little closer. A CloudFormation template has six properties:

Here’s a short explanation of what each means with the important ones bolded:

  • AWSTemplateFormatVersion: Identifies the specific AWS CloudFormation template version.
  • Description: Text string description of the template.
  • Mappings: Keys: value mapping that can be used to specify conditional parameter values. 
  • Outputs: Stack’s properties visible in the AWS CloudFormation Console.
  • Parameters: The values that you can pass into your template at runtime.
  • Resources: Specifies the stack resources and their properties.

Parameters and Resources are critical as they are what make the template work. Let’s look at the EC2Instance resource:

While on the surface, this seems like a fairly trivial description of an EC2 server, the “Ref” notation references the specifics that this EC2Instance description aggregates. Below you can see the specifics of the “Instance Type” definition referenced in the “Properties” section.  You can see a default of “t2.small” is specified, and, while I’ve shrunk the list for this example, alternative allowed values that you could specify when launching the stack. As an exercise, look at the full template and see if you can find what the “InstanceSecurityGroup” references. You can dig deeper into the specifics of the pieces here in the CloudFormation EC2 instance resource definition.

Summary

If you are an SRE working in an AWS environment, CloudFormation can help you manage your infrastructure-as-code and automate away many manual processes that will not work at scale. CloudFormation provides a way to templatize, manage, and automate your infrastructure in an easily repeatable manner. 

This article tries to show that the basic concepts behind CloudFormation are not overly complex. The complexity that CloudFormation has a reputation for comes from its ability (and power) to automate many of the massive catalogs of cloud resources available from AWS. If you work in an AWS environment, the effort of learning to work with CloudFormation will pay you back in the elimination of toil, the low-value, repetitive manual actions that you will otherwise need to manage.