1. CloudFormation Overview
We are getting to the fascinating section of CloudFormation and cloud formation is one of my favorite topic in AWS. It is something I could talk about for hours and hours, but I’ll try to make it short for you and for this exam. So, infrastructure is good, what is it? Well, currently we’ve been doing a hell of a manual work. I mean, we’ve been doing manual work, we’ve automated it a little bit with elastic beanstalk. We set up our pipelines to be able to automate our CI CD using code bill, et cetera, and code pipeline. But all this manual work that we’ve been is kind of tough to reproduce, right? If we want to reproduce it in another region, here we go again. We click, click, click everywhere and that’s a bit boring.
If you wanted to do it in another AWS account, that would be even more painful. Or even if someone went ahead in my company and deleted everything for me to recreate all in my region, that would be a nightmare. So what we like to have really is our infrastructure to be code. And so that’s a new concept and this is quite a new phenomenon, a new train in the It world called infrastructure as code. And so that means that this code that we’re going to write, we’ll be able to deploy it and it will in turn create, update and delete our infrastructure. This is where cloud formation comes in. Cloud formation is going to be a declarative way of outlining your able infrastructure for any kind of resources. And most of them are supported.
For example, let’s take like a high level pseudo cloud formation template and we say I want a security group and I want two Http machines using this group, I want two Elastic IPS for these machines and I want an SJ bucket and by the way, I want a load balancer that is connected to these machines. So we say in a declarative way because this is declarative what we want cloud formation to do. And then confirmation creates all these things for us in the right order with the exact configuration that we specify. And so that’s kind of nice. So benefits of cloud formation, but I guess you already get a good idea of them, is that, number one, we get our infrastructure as code so no resources will be manually created, which is excellent for control.
All the code can be version controlled, for example, using Git, so we can version control our cloud formation, which is nice. And all the changes to the infrastructure will be reviewed through code review, which is also very nice. In terms of cost, cloud formation itself is free, but each stack that you create has an Identifier and so you can easily track the cost of a stack and you can estimate the cost of your resources using the confirmation templates itself. So if you want to have a savings strategy using cloud formation right in your development environment or your small aus account, you could automate the deletion of all the templates at 05:00. P. m and then recreate them at 08:00 a. m safely.
And so because your infrastructure is code, everything will come back up and you save a lot of money. Other benefits of cloud formation is going to be productivity. So you’re able to destroy and recreate your infrastructure on the fly as many times as you want. You can automate the generation of diagram for your templates, which is quite nice if you create presentations and it’s declarative programming. So you don’t need to figure out what goes before what in terms of ordering or orchestration cloud formation tracks and does that for you. There’s a true separation of concern as well. So you can have as many tags as you want for many apps and many layers. And so it’s quite common to have a VPC confirmation stack that creates all the networks and the subnets.
There is an application stack, so for each application you’ll deploy, there’s going to be an application stack. And so that’s something we actually saw already with Elastic Beanstalk. Each time we created an environment in Elastic Beanstalk, it went ahead and created a Confirmation templates behind the scenes. And so the idea is that we want to reuse as much work out there, so we’re not going to reinvent the wheel. There’s a lot of cloud formation templates on the web that we can already leverage, and we can also leverage documentation, which is huge, by the way, and hard to navigate sometimes, but on the documentation there’s everything you will ever know.
So Confirmation, how do they work? Well, we’ll upload the templates in Amazon S Three behind the scenes and cloud formation pulls them from S Three. And so when we want to update a template, we actually can’t edit a previous template like we’ll see it in the next lecture anyway. But what we have to do is to re upload a new version of the template to AWS and then Confirmation will do difference and figure out what it needs to do to update from version one to version two. Stacks will be identified by a name and the names can be very long. And if you delete a stack, every single artifact thing that was created through the cloud formation stack will be deleted with it.
So it’s really nice because you can delete all these resources that have been created with one click, and so you’re sure that you’re not leaving anything behind. Now, to deploy Confirmation templates, there’s a manual way in which we edit templates into cloud formation designer and using the console to input parameters, and then the automated way which is to edit templates in a YAML file using a text editor, and then you use the Amazon CLI or command line interface to deploy the templates. It’s the recommended way when you want to have some automation out of your flow, but you’re free to choose either manual automated, I think they’re both fine. In terms of the billing blocks, you’re going to learn about those in this section quite a lot.
But there is the complex, the template components, and so we’ll get the resources and so the resources are basically the alias resources that we’ll declare in the template and that has to be a mandatory section. Okay, your confirmation template cannot work if you don’t specify resources. So resources can be easy to machines, elastic, IP, security groups, load, balancers, name, it, everything you can think of really, and parameters. So these are dynamic inputs that you can ask for your templates. So users will just reference those mappings which are static inputs for your templates, static variables, outputs which is basically saying okay, out of our template we can export some stuff and other templates can reference it conditionals, which are a list of conditions.
So if statements basically to control what gets created and metadata overall we’ll see a deep dive into all of those. So don’t worry too much, you’ll get to understand them in their own time. And for templates you get helpers. And so you can use references, so you can basically link your stuff within your template and you can use functions to transform data within your templates. So, high level overview again, but I just wanted to give you this 101. Now this is an introduction to confirmation. To me, it takes over 3 hours to properly learn and master cloud formation and I do teach it somewhere else. So this section is really meant for you to get a good idea of how it works, but not drill too deep into it because it’s not needed for the exam.
So it will be slightly less hands on than in other sections, but still hands on enough so you get a good idea of how things work. We’ll learn everything anyway to answer questions for the exam, so do not worry about this. And the exam does not require you to actually write cloud formation. It mostly will ask you about what features should you use in cloud formation to perform X-Y-Z and so you should be fine. So the exam though expects you to understand how to read cloud formation and we’re going to read a lot of cloud formation discourse. So that was a short introduction to cloud formation. In the next lecture we’ll go ahead with a small example to get an idea of how it actually works. So see you in the next lecture.
2. CloudFormation Create Stack Hands On
Let’s go and create our first CloudFormation template. And this template will create a simple EC two instance in our infrastructure. So we then will go and add an elastic IP to it and then we’re going to add two security groups to it. But not in this lecture. For now, let’s just forget about the code syntax for cloud formation. We’ll look at the structure of the files later on and understand exactly how they work. So we’ll see how in no time we’re able to get started with cloud formation and our EC two instances. So let’s go to the console. Okay, so let’s get started with cloud formation. So I’m going to go in the console of cloud formation. And in here I see three stacks, one for Code Star and two for elastic Beanstalk.
So we already had a glimpse of beanstalk and cloud formation before. So as you can see, this is my prod environment stack and this is my end environment stack. So I’m going to do prod one. And here in the resources we can see what was created by Beanstalk. So we can see 16 resources were created. That includes the auto scaling group, the launch configuration and so on. We’ve already done this once and we had a glimpse of confirmation when we’re in the Beanstalk console. But now let’s go to templates and see something really cool. So this is the template and this is JSON. This is actually horrible to read, but something we can do is click on View and Designer and this will take us to the cloud formation designer and the UI is also atrocious.
But here we go. In this URL we are able to view everything in our cloud formation template and how they relate to one another. So we can see a scaling policy and auto scaling group, your launch configuration, your alarm and your load balancer. And if I looked at the load balancer, for example, I can see the configuration of that load balancer in JSON or by converting it into YAML, I can see and of course it is lost. I can see here the load balancer security group, for example. And this is the entire configuration here. Okay, so this is just an introduction to cloud formation. But for now, I’m going to close this designer, get back to cloud formation, and we are all pleased if you want to do this hands on with me changing the region and we want to go to US East One, Northern Virginia.
The reason is all the cloud formation templates that we’re going to use in this section are meant to work in North Virginia. They could work somewhere else. But to make sure we are on the same page, all of us, please select the region US East One. Okay, so now let’s go through the creation of our first cloud formation stack. So this is great. We have no stacks. We’re going to create a stack and with new resources, which is a standard, but we could also use import resources so have existing resources into cloud formation templates. This is out of scope for the exam so the only way we’re going to do it right now is with the new resources, which is the same as clicking on the Create stack in the middle.
So now we can use a template, either the template is ready or we can use a template, several template, or design one in the designer. But right now all our templates are ready. So we’re going to click on Template is ready and then we have two ways of doing it. Either we upload a template file or we go and specify an Amazon and straight URL. So in our case we’re going to upload a template file, choose a file and choose a file called Zero, just EC Two. And for now we’re not looking at the code inside of that file. And then we’ll click on Next. We need to enter a stack name. So I’ll call it for example, first Stack. And this is just our first Stack. And then there are no parameters, so we can just click on Next here.
There are no tags so that’s fine. We don’t have any specified permissions. Stack policy rollback, configuration notification options and Stack creation options are all advanced options out of scope for the exam. So I’m just going to go and click on Next. Okay, so here we go. We have our template URL right here that has been uploaded onto Amazon S Three and then no parameters, no stack options and we can just go all the way down and click on Create Stack. Now what this will do is that it will go ahead and create our first cloud formation stack for us. And so what we can see is that we are in a different view and we are under the Events tab. So under the Events tab, what we can see is that right now we are in Create in Progress.
So whenever we create a confirmation stack, this is going to be the first state. Now if I refresh this, you can see that now there are new events, one called My instance and the Create is in progress. And then there was a new event, the resource creation was initiated. So that means that my EC Two instance is actually being created. So if I want to do a sneak peek and go to the EC Two console now I’m the EC Two console for the US East one. So this is perfect. Go to Instances and in here I can see my EC Two instance already running and if I look at the tags, it’s very cool, we can see that from the tags of that EC Two instance. We are getting some confirmation information including the logical ID.
So My Instance, the stack name that it belongs to for a Stack and the Stack ID, which is the full ARN to my cloud formation stack in here. So this is perfect. My instance has now been created and if I just refresh, we are now in the create complete state. So that means my cloud formation stack has successfully created my EC Two instance. Pretty neat, right? Then we can go to resources and this shows everything that was created by our cloud formation stack. So we have a direct link into the EC Two console for our EC Two instance. So very handy to have shortcuts like this output we currently have nothing. Parameter is nothing. Templates is the template that we created and that we use. Sorry.
So this is a very simple template and we’ll be able to understand it very very soon. And then finally we can go in the designer to look at our confirmation template and see what I was creating. So as we can see, and I’m going to zoom out to find where it is. Here’s my instance. As we can see, we have created an easy to instance. Here is the corresponding YAML file and this is a very simple template in the CloudFormation designer. So that’s it for this introduction lecture to Confirmation. We have created our first cloud formation stack and it has created an easy to instance for us and we start seeing the power of infrastructure as good. That’s it for me. I will see you in the next lecture.
3. CloudFormation Update and Delete Stack Hands On
So if we look at the first template we’ve been using called Zero just EC Two YAML, we’ve been saying it’s a very simple template and we’ll look at the structure of it in details in the future lectures. But just from reading it, I think it’s quite clear. We are creating resources called my instance of type EC Two instance. And in terms of properties, we specify the Availability Zone, the Image ID, so the AMI ID and this is why we have to use US east and because of all so specify the Availability Zone specifically and finally the instance type T two micro. Now what we want to do is to update the stack. And so I’ve created a second stack called EC Two with security group EIP.
So that means that here we’re going to have a lot more complicated templates. I won’t go over it too much, but we are adding a parameter, we’re changing a little bit, that easy. To instance, we’re adding an Elastic IP, we’re adding a security group and a second security group. So we can expect a lot of updates. So let’s see how we can go in Confirmation and apply this update. So we’ll go in here and then click on Updates. And then you have to choose how you want to update. Do you want to use the current template, replace it or edit it? I’m going to replace the template, upload a new file and this time I’m going to upload the file one EC Two with Sgeip.
So the file is being loaded, it’s uploaded onto Amazon spray and then I can click on Next. Now I get prompted with entering the value of a parameter. That’s because we have defined a new section in our template. And so we’ll say this is a cool security group and this is intended to become my security group description. So I click on Next and then in terms of tag options, we’ll leave the tags, permissions and so on. As is we’re not showing anything here and now we’ll review everything. So the template, the pair measures value. So this is great. We scroll down and at the bottom we have something called a Change set preview. So this is Confirmation figuring out from the original templates.
Okay, so from this template right here to this new template right here, what is the difference, what are the differences and what needs to change? As we can see here, an Elastic IP needs to be added and the EC Two instance needs to be modified and there is replacement true. So that means that the previous EC Two instance will be terminated and a new one will be created. That’s because replacement is true. If replacement was false, that means the EC Two instance will stay in place. So as we can see, we have three new things an Elastic IP and two security groups. And we have the EC Two instance being modified and even replaced. So if we’re happy with this change set with these changes in advance, then we can click on Update Stack and we’re good to go.
So we go back into the events and as we can see now, the Stack is an update in progress, the status, and we need to just wait and see what happens. So I’m going to refresh this page and as we can see now, two security groups are created for me. So the create is complete. And then if I keep on refreshing, my EC Two instance will be updated. So as we can see, there is a new creation of a new physical EC Two instance because replacement was true. So we need to wait for this. So if I go back to my EC Two instance page and refresh, I should see yes, my second instance being created right now due to this update. And so a cool thing to see is that the EIP is not being created yet.
The reason is cloud formation. Even though we haven’t specified an order of which resources should be created, knows from the Stack templates what to create first. So it knew to create the first security groups, then to update the EC Two instance, and finally it will add an Elastic IP.So this is something confirmation does for you and figures out the right order for your template creation. So really, really cool. Now I need to wait for everything to be created. So my instance is now created. And now we are getting into the Elastic IP creation process. So the create is in progress and we should be done very, very soon. And so as soon as we’re done well, we expect the replacement to be complete.
So we expect our previous EC Two instance to be terminated. So let’s just refresh again to see how we are. Yes, the ESP has been created now the first tack is in update complete cleanup in progress. And during this cleanup, my previous EC Two instance is being deleted. So that means that my previous EC Two instance in here should be shutting down and then being terminated. So it’s really cool. This confirmation template did a lot of things for us based on just a few lines of code of YAML description code. Okay? So if we go into resources now, we can see we have a lot more things. We have a link to the Elastic IP, the EC Two instance, and those two security groups. And so if we check it out, let’s just click on the EC Two instance right now.
So I am taken to the EC Two instance directly and what I can see is that yes indeed, an Elastic IP is attached to it. So if I click on the Elastic IP, I can see it is right here. And if I look at this Elastic IP and look at the tags, for example, we can see it is again tagged by cloud formation. So just like my easy two instances. This one is tagged and we can also have a look at our security groups. So here we have two security groups. So I’m going to go into my security groups and I’m going to just look for the word stack. Here we go. We have two security groups created for me. So we have our SSH security group which contains an inbound rule for the SSH, and we also have a server security group which contains a rule for port 80.
Okay? And then finally, if we look at the description of this security group, it says this is a cool security group. So that means that the parameter somehow that we defined in here and we gave a value to was applied to the value of the description of that security group. And we’ll see how that works as well later on in this section. So very, very cool. We have created our cloud formation template and updating it. So now what we can do is look at deletion. So if we go into our confirmation stack and we’re happy where we are, one way we could do things is go into your instances, right click here and then terminate it.
But the problem with this is that as soon as you do this, then your other things that were created by cloud formation still remain. So that includes your security groups and that includes your EC to your Elastic IP address. So what we can do instead is to take this confirmation stack and then we can click on delete and by doing so, it will delete everything in our cloud formation stack. So I’ll just click on delete stack and then confirmation we’re going to delete in progress. And again, if we look at the event list, it knows what to delete first. So it is going to delete the Elastic IP first, then it will go ahead and delete the EC two instance and finally it will go ahead and delete the security groups.
And that’s the whole power of cloud formation. It is very easy to create resources, update them, but as well delete them without trying to figure out in which order to do things. So as soon as you go and do infrastructure as code, it is extremely important for you to understand that every resource creation update and delete has to happen through cloud formation. And when you get the hang of it, it becomes really, really handy and something you will not be able to go back to. So I’ll just wait for this tag to be deleted, but it should work on my end and I will see you in the next lecture shirt.
