4. YAML Crash Course
So YAML is what we use all across AWS for many types, also for confirmation. And so cloud formation supports YAML and JSON. And these are basically some scripting languages or data languages that you can use for confirmation. And to be honest, I’ll be very, very honest with you, jason is absolutely horrible for cloud formation. It is unreadable. It is unwritten. And YAML is so great in so many ways ways. And this is what the language will be used at the exam to show you some CloudFormation templates. And this is what I’ve been using so far. So let’s learn a little bit about it. Even though we’ve been in touch with it so many times, now is the time, I think, to formalize how is YAML.
And so this is a YAML file. And so YAML file has a lot of key and values and they’re called key value pairs. And to me they’re very readable objects. Okay? On the left hand side, we can just look at it and make sense. If I ask you what’s the invoice number? You don’t need to be a genius to tell me that the invoice number is 34843. And so this is great. If I tell you what is the date, you can also tell me the dates. If I ask you, hey, what are the quantities of the product we’ve ordered? You can look at products and then you can look within the product. There’s a list of quantity and we have four and one. So you get the idea, right? With YAML, we’re able to have key value pairs at top level, but also nested objects. It has a support for array.
So if we look at product, you can see here that there is a little minus sign and that means array. So the product is an array of SKU, quantity, description, et cetera. And then we can look at, for example, build two. Within it there’s a nested object called Given Chris family Demarz. And then your dress also has a nested object within it, which is called line, city, Post, state and Postal. You know, if we look at also lines, we can see that there is a multiline string support. So we have a small vertical bar right here, and this is called a multiline string. So we can easily add multiline string through YAML. And we can also include comments, although they’re not shown on this page.
So YAML to me is a great way of reading and writing stuff. Obviously, some YAML files can be quite complicated, but overall we get the idea. If we have a look at the confirmation we’ve had, let’s just look at the simple one. We can see this one that we had a YAML file. The first top level key was resources. Then there is a second nested object within it called My Instance, which has more nested stuff within it, such as type and properties. And properties was again nested as key value pairs. If we look at the other one, we can see we had the parameters, top level, the resource, top level, more netsystem. And if we look at security groups, because there’s a little minus sign right here, it was a list.
So we have a list of security groups that we’ve defined right here. The first security group and the second security group. So you can navigate through this and really understand that it looks like we can read this YAML template just using the small concepts we’ve learned from before. I encourage you to go online and learn a little bit more about YAML and even practice converting JSON documents to YAML. But overall, it is something that I think it’s quite easy to read. And what you really should understand is that you can nest objects separated by the column. You get the key and the value, and using the minus sign, you get to assign a list. So that’s it for Yemen. I hope this makes more sense to you now, and I will see you in the next lecture.
5. CloudFormation Resources
Let’s talk about resources. So resources, they’re your core of your confirmation templates and they’re mandatory. Your confirmation template cannot work without the resources block. And the resources as the name indicates, represent the different apex components. It’s just a synonym that will be created and configured and the resources are declared and they can reference each other. So you can link the resources together. For example, you can link a security group and an EC two instance AWS will figure out the creation updates and deletion of the resources for us, which is super nice. And you should know there are over 224 types of resources.
So I cannot teach you all of them, right? But any resource have the following form the AWS, then the product name and then the data type name. So usually reading this Identifier you’re able to figure out what they were going to create. So how do I find all these resources? Documentation? Well, there’s this great link that has all of them. So I can’t teach you all the resources, but I can teach you how to find a link that resources that shows them. And so then you just read the doc and for example we’re going to read the doc together just for the EC Two instance just to get a feeling for it. So the first web page I referenced to you is called the AWS resource type references and this contains all the references that are supported by cloud formation.
And the resource naming convention is here. And if you scroll down you can see there are a lot of resources. Honestly you could count them too many. So we can see that we can create a resource for pretty much everything. Let’s scroll down and see if there is something we know. Yes, auto scaling. We’ve know how to create auto scaling group. We’re able to create auto scaling group scaling policies, launch configuration all through this confirmation resources. If we scroll down we’re able to do good builds code, commit, could deploy good pipeline. So all these things we’ve seen before, we’re able to do them. And if we scroll down we can see there is the EC two instances, the elastic IP and then the security group.
So let’s have a look at EC two instance because I think that’s the one we’re the most familiar with. So the AWS EC Two instance creates an easy to instance because that’s pretty obvious. Now basically we can scroll down and look at the syntax of how to declare this easy to instance. We have a JSON form which to me is a little bit unreadable. But we scroll down and we get the YAML form which to me is much clearer. So this is the YAML form for an easy two instance. It must be of type AWS, EC two and an instance and it will have some properties. So when you create a resource, must have a type, must have properties and properties are going to be key value pairs. So, as you can see here, you can customize a lot of things for your EC two instance.
For example, if you wanted to customize the IAM instance profile, we click on this and we get teleported to the documentation for that and it says, okay, you need a string, it’s not required. And if you update this, there’s no interruption. So that means that your EC Two instance won’t get terminated and recreated, it will just attach the instance profile to it. But if we change the image ID, for example, which is also string but not required, then we in terms, if we update it, basically it will do a replacement. That means that it will terminate the old instance and replace it with a new one. So let’s go scroll back up. And so here we understand that there are so many things we can customize and to know what we should specify, we should just look through the documentation.
Now, if we look at what we created from before, let’s just take an example as just EC Two. We have an availability zone, an image ID and an instance type. And so basically I knew how to fill those because if you click on AZ, then you see that you have to specify the name of the AZ where the instance is located. And so this is quite great and you can just keep on going with this as much as you want. So now we understand basically how this was created. For fun, you could go into the resources here and see we have an easy to instance, but also we have an EIP. And so if we look at EIP so let’s go back one up and then search for EIP on this page. Here we go. We have EIP here we can see that the syntax is much shorter.
We have an instance ID and a domain. And so the instance ID is what I have specified and the domain I have not specified. So here when we go back to our EIP, we can see that, yeah, it makes sense. I did specify the type to be an AWS EC two EIP. And in terms of properties, I only have specified the instance ID. We’ll see what this ref means in a second. Okay, but so the idea is that we are able to link the documentation to what we want to do. And so obviously for a security group, we need to provide the security group rules for ingress traffic. And because we can have many rules, they’re an array. So let’s go to security group documentation just to prove that point security group is right here and we go to YAML.
And if we look at security group ingress, we can see there is a list of Amazon EC Two group rules. And so if we click on easy to group rule and we click on it, we go to YAML, we get all the parameters that are available. So going back to the syntax, we get this little hyphen here that defines it to be an array and here we get the first rule and here we get the second rule. And so yeah, what we get out of this is that everything we configure through the UI can be written as code into your cloud formation templates. And this is how you know how to redact your cloud formation templates. So that’s it for resources. That’s honestly all you need to know. Just remember, there’s a type and there’s properties and all of this goes below the block called resources.
So you need to make sure there is a small indent underneath resources every time you declare a resource. Now the frequently asked questions for resources can I create a dynamic amount of resources? No, you cannot. Everything has to be declared so you cannot perform code generation, you can have dynamic type of code generation. And is every service supported? The answer is almost. There’s only a few small ones that are not there yet. And you can work around that using the AWS Lambda custom resources. Just a little bit of trivia here, just need to know about it. We will not write to customer Resources Lambda in this course. So that’s it for resources. Hope you enjoyed it, I hope that makes more sense now and I will see you in the next lecture.
6. CloudFormation Parameters
Now that we’ve seen resources, the second most important one is going to be parameters and parameters are a way to provide inputs to yours cloud formation template. They are super important to know about if you want to reuse your templates across the company or other elix accounts or regions and some inputs cannot be determined ahead of time. For example, the key pair you’re going to link to easy to instances. Parameters are very powerful, they can be controlled and they can prevent errors down the line happening in your templates thanks to types. So we’ve used parameters before in the first hands on in which we basically had to specify the security group description.
So this was a string and we were asked for the security group description and that was used in the security group itself. So you should use a parameter when basically you ask yourself the question is this cloud formation resource configuration likely to change in the future? If so, you can make it a parameter and by doing it as a parameter you don’t have to re upload a template to change its content. It’s a bit more stable and a bit modularized. If you do programming, and I hope you do, you know the advantages of parameters. Now, parameters can have different settings and they can be controlled in many different ways. I don’t think the exam requires you to know all of these, but for me, for your interest, I’m just going to name them.
You can have a typing string number, comma delimited list of a type and an AWS parameter. As far as description, you can have constraints, you can have a constraint description, a minimum and a max length for string, a minimum and a max value for numbers. You can have defaults allowed values when you want to restrict the number of values. A user can pick allowed pattern when you want to verify the input of a user using a regular expression and no echo if you want to pass in a secret, basically. So this is a lot of different optimizations and parameters you can do. For now, the only thing we’ve done is use a simple string parameter in our thing and that’s all you should know I think, for the exam.
So how do you reference a parameter? Well, like this you have to use the function called ref and so this is the first time we encounter ref and functions. But basically interesting functions in your templates allow you to supercharge it and to link things up and so the ref function is one of the most used and so you use it to reference parameters and this way you can use your parameters anywhere in your templates. So in your resources for any type of inputs and parameters and configs. So the shorthand for a reference function in the YAML is little exclamation point rest and this is why it’s just a way for us to have a much nicer syntax easier to recognize. You can use the FN colon colon ref as well, it’s whatever you want, but most likely it’s going to be this exclamation point ref for shorthand.
And the function can also be used to reference other elements within the template. So in the template we’ve been using in the parameters section, we had defined a parameter named security group description. Turns out that if we look all the way down, the security group description was used in this security group description key and so we used the ref function to reference it. So this ref function basically says whatever the user will put as a parameter value for this parameter key, you want to use this, reference it into the group description. So it’s very simple to think about, it’s just a reference. But this reference function can also be used somewhere else. It was used right here, for example for security groups.
So you can see this reference function also referenced the SSH security group that was created under resources. So the ref function can be used both to reference parameters like the one before or it can also be used to reference resources. So here we reference the two security groups and within the EIP we reference my instance. As you can see, the name of the reference is the exact same name as the logical value under Resources. Finally you have a concept of pseudo parameters and these are a list offered parameters that we can use and anytime they’re enabled by default. And we get just a bunch of values we may want to retrieve. So we can get an account ID and you can just give us the value of the account ID notification arns no value.
If we don’t want to return a value, we can also ask for the region in which our address confirmation template is being run at. So for example, us east two, we can also get a pseudo parameter for the stack ID or the stack name. Basically you don’t need to know about these too much. Maybe the first one, account ID is very important to get the value of the account ID if you try to construct some complicated ARN value in your confirmation template. But overall you should just know that there is this concept of pseudo parameters and again you can use them at any time. Just use a ref and you’re all set. I hope that was helpful, I hope you know how they work now in your cloud formation templates and I will see you in the next lecture.
