CloudFormation Deep Dive
AWS Training Architect II in Content
This course will take a deep dive into AWS CloudFormation, with support from our interactive diagrams to assist the student in learning. Early on, the course will focus on the basics of CloudFormation, such as templates and scripting languages to write templates: JSON and YAML. After gaining a thorough understanding of CloudFormation basics, the student will shift to deep dives on core concepts of CloudFormation, such as updating stacks and using bootstrapping techniques to provision instances launched within the stacks. Various advanced topics will also be covered in depth, such as drift detection, cross-stack references, nested stacks, intrinsic functions, and condition functions. The course will take an in-depth look at how CloudFormation works with serverless technologies using custom resources, Lambda functions, AWS macros, and the Serverless Application Model (SAM). The sections of the course will start to build upon each other and culminate in the creation of a continuous integration pipeline using AWS Code Pipeline together with CloudFormation to automate the delivery of AWS templates. Finally, the course will wrap up with a look at troubleshooting techniques, best practices, and a focus on how CloudFormation can be a vital part of disaster recovery.
Interactive Diagram: https://interactive.linuxacademy.com/diagrams/CloudformationDeepDive.html
About the Training Architect
This is an introduction to the Training Architect, Craig Arcuri, for the CloudFormation Deep Dive.
AWS Free Tier: Usage Tracking and Billing Widget
This video provides some tips on the AWS free tier.
Introduction to CloudFormation
CloudFormation Introduction and Syllabus
This video provides and introduction to the course and an overview of each of the sections in the course.
This lesson provides the student with an introduction to the essential elements of CloudFormation. The lesson will walk through all of the components, at a high level, necessary to use CloudFormation Templates to build stacks. At the end of the lesson a CloudFormation Stack will be created. The lesson sets up the entire course and all of the Deep Dive concepts in the course are derived from this lesson.
Introduction to JSON
This lessons provides the student with an introduction to JSON. JSON and YAML are used for CloudFormation templates and JSON is very present in AWS, particularly in IAM Policies. The lesson takes a deep dive into the syntax and elements that compose JSON files. The lesson also looks in-depth at some IAM policies to prepare the student for starting to work with CloudFormation Templates in JSON.
Introduction to YAML
This lesson will introduces the student to YAML in preparation for working with YAML in CloudFormation Templates. CloudFormation Templates use both JSON and YAML, and YAML has several advantages including producing shorter more concise templates, readability, and inline commenting. The lesson will take a deep dive into the format and structure of YAML and provide a good foundation for upcoming lessons which will quickly ramp the student up on YAML in Templates.
CloudFormation and IAM Part 1
This lesson, the first of two parts on CloudFormation and IAM, introduces the student to the relationship between CloudFormation and IAM. When creating resources in CloudFormation, it is important to understand the permissions necessary and the responsibility that those permissions carry. A user creating CloudFormation Stacks from Templates not only needs permissions to CloudFormation but also to the resources being created in a particular stack. This lesson will explore the key concepts that allow IAM to govern CloudFormation.
CloudFormation and IAM Part 2
This lesson continues on working with IAM and its role in overseeing CloudFormation. The lesson will continue to work in the IAM Management console with roles and policies and applying permissions to CloudFormation templates, stacks, and the resources created by CloudFormation.
CloudFormation Resource Types
This lesson discusses the resources that CloudFormation currently supports. It is important to understand all of the resources available for use with CloudFormation as well as understanding that not all AWS resources are available in CloudFormation. The lesson will review available resources and the tools available to determine what properties to use for a resources and which are required. Memorizing all resources, properties, and requirements for these resources is not practical and it is important to understand the tools available to quickly configure a resource in CloudFormation.
CloudFormation Core Concepts
Template Format and Structure
This lesson provides a detailed review of CloudFormation template format and structure. The lesson looks at format and structure for both JSON and YAML templates and provides the foundational knowledge for the student to begin creating templates. The student will learn in-depth the role of each section of a template, and how they interact with other sections and resources.
Template Sections In-Depth Part 1
This lesson takes a look at the sections that comprise a CloudFormation Template. A CloudFormation template can consist of 9 sections and this lesson looks at six of those sections.
Template Sections In-Depth Part 2
This lesson picks up where the previous lesson left off and takes an in-depth look at the remaining sections of a template. The lesson concludes with a walkthrough on building a stack from a template.
In this lesson, the student will be shown details on the CloudFormation Intrinsic function. Items covered include each Intrinsic Function, what they do, and the syntax and how to implement each function. Each function will be shown in JSON and YAML. This is the first of a two part lesson on Intrinsic Functions.
Intrinsic Function Examples
This lesson builds on the previous lesson, part 1 on Intrinsic Functions. In this lesson, the student will be shown examples of Intrinsic Functions in both JSON and YAML format. After reviewing this lesson the student will have a solid foundation in implementing Intrinsic Functions in their CloudFormation Templates.
CloudFormation Pseudo Paramaters
This lesson provides detail on CLoudFormation Pseudo Parameters. Pseudo Parameters are parameters in CloudFormation that can be referenced at any time in any stack. Common Pseudo Parameters include the AWS Region and the name of the current stack.
This lesson provides a deep dive on CloudFormation Condition Functions. Condition Functions are Intrinsic Functions which can be used in stacks to conditionally build resources. Using parameters as input, the condition function will make a deciion based on the input and build the appropriate resource.
Condition Functions Part 2
This lesson continues to provide a deep dive on CloudFormation Condition Functions. Condition Functions are Intrinsic Functions which can be used in stacks to conditionally build resources. Using parameters as input, the condition function will make a deciion based on the input and build the appropriate resource.
Templates to Stack
This lesson begins to look at CloudFormation Designer using a few simple templates which will provide a gentle introduction to Designer. CloudFormation Designer is an interface that allows construction and validation of templates, in both JSON and YAML, and also provides a graphical interface for viewing the resources in a template.
Using CloudFormation Designer
This lesson builds on the previous lesson which provided a gentle introduction to CloudFormation Designer. This lesson details how CloudFormation Designer can be used to not only create stacks, but also update stacks. The canvas of Designer can be used to view the resources in a stack and assist with updating the stack.
This lesson will instruct the student on working with CloudFormer. CloudFormer is an AWS CloudFormation Beta tool which can be used to create a CloudFormation template from existing resources. The resources do not have to have been created in CloudFormation and the user will have the opportunity to pick and choose which resources they would like in the template that CloudFormer will construct.
CloudFormation Templates For VPCs
This lesson takes an in-depth look at constructing CloudFormation Templates for VPCs and the infrastructure within and around VPCs to provide internet connectivity. This type of template is probably the most common template the student will encounter in the field. Using a checklist, the lesson will walk through the creation and use of a checklist to detail all of the resources needed for this type of template. The lesson is presented as an exercise for those new to CloudFormation Templates in an effort to really understand the construction of a template and the purpose of each resource in the template.
Template Best Practices
This lesson concludes the section on Templates by instructing the student on Best Practices for working with CloudFormation Templates.
A Deeper Dive Into Stacks
This lesson is the first lesson in the section 'Stack In-depth'. The lesson takes a deep dive into stacks and sets the stage for the rest of the section.
More Stack Details
This lesson continue an in-depth review on CloudFormation Stacks. It also provide a walkthrough on using Quick Create Stacks links. Quick Create Stacks enable adding parameters to a stack url to create stacks while bypassing stack creation screen in the CloudFormation Management Console.
Protecting Your Stacks
This lesson is the first of two lessons on protecting stacks. There are various ways to protect stacks after they are created and the lesson gives an overview on each of the techniques used to protect stacks. The lesson then goes into detail on Termination Protection and Stack Level policies.
Protecting Your Stacks Part 2
This lesson continues where part 1 of Protecting Your Stacks left off.
This lesson provides the student with an in-depth look at Rollback Triggers. Rollback Triggers allow the user to set thresholds by which, if reached, the CloudFormation Stack will roll back. Rollback Triggers can work with CloudWatch alarms to oversee the creation of stacks.
Using AWS Config to Monitor Stacks
This lesson provides an in-depth look at how AWS Config can be used to monitor CloudFormation Stacks. AWS Config can be used to determine if the CloudFormation stack has drifted from its original configuration. Additionally, it can be used to enforce comlpliance regulations and in this lesson a walkthrough will enforce a comliance regulation on the use of SNS.
This lesson provides an in-depth look at CloudFormation Drift Detection. Drift occurs when a CloudFormation stack has changed from its original configuration and no longer matches the template which built it. Drift Detection can very quickly be run to determine if drift has occurred and steps can be taken to correct the issue.
Drift Detection from the CLI
This lesson focuses on detecting CloudFormation drift from the command line interface. Drift detection from the cli is full featured and can enable drift detection to be automated and also scheduled.
Drift Alerts via AWS Config
This lesson show how AWS Config can be used to provide alerts on when a stack has drifted from its original configuration. By implementing a config rule, the detection of drift can easily be automated using AWS Config.
This lesson will focus on drift remediation. After several lessons devoted to detecting drift, the lesson will focus on ways to bring a stack back in to compliance with the template which created it There are several ways to fix drift and the lesson will provide a walkthrough on elimintating drift.
VPC Endpoints For CloudFormation
This lesson focuses on VPC endpoints used with CloudFormation. Endpoints enable a private connection between a VCP and other AWS resources. Endpoints can be used with CloudFormation but also can be created in a CloudFormation template. This lesson provides a walkthrough on creating a VPC endpoint to work with an S3 bucket.
This lesson provides a recap of the section with a specific focus on all of the techniques available to protect stacks.
Updating Stacks: Part 1
This lesson provides an introduction to updating CloudFormation stacks. After detailing the different options for updating stacks, the lesson will provide a walkthrough on performing a simple stack update known as a direct update.
Updating Stacks: Part 2
This lesson continues the discussion on Updating Stacks. In the lesson, more complex operations are performed such as adding a stack policy to the stack and using a new template to update the stack.
This lesson will detail using Change Sets to update stacks. Change Sets provide additional information about how an update will affect resources in the stack and the opportunity to back out of the update. The lesson will conclude with a walkthrough on updating a stack with a change set.
This lesson provides an in-depth look at Cross-Stack references. Cross-Stack references enable the sharing of data between CloudFormation Stacks. This promotes template reuse and breaking up large templates into smaller, more manageable templates. The lesson concludes with a walkthrough on Cross-Stack references.
This lesson provides the student with a deep understanding of Nested Stacks. Nested stacks, like cross-stack references can be used to modularize templates and promote code reuse. The lesson will conclude with a walkthrough on Nested Stacks.
CloudFormation from the CLI
This lesson will walk through installing the AWS Command Line Interface.
This lesson walks through configuring the AWS CLI on an Amazon EC2 instance.
CloudFormation from the CLI
This lesson builds on the last two lessons which installed and configured the AWS CLI. In this lesson, working with CloudFormation from the CLI will be discussed. The lesson will conclude with a walkthrough on issuing commands for CloudFormation from the CLI.
Template Advanced Concepts
This lesson provides an introduction to the section which will cover in great detail the techniques used to provision EC2 instances after launch. The lesson then goes into specifics about bootstrapping and provides an overview on Helper Scripts which will be detailed in upcoming lessons.
This lesson provides an in-depth look at CloudFormation Wait Conditions. The lesson concludes with a walkthrough provisioning resources using a Wait Condition.
This lesson takes a closer look at Creation Policies. The differences and similarities between Creation Policies and Wait Conditions are discussed and the use cases for each. The lesson concludes with a walkthrough on provisioning an EC2 instance using a Creation Policy.
This lesson provides a deep dive on Update Policies. Update Policies provide techniques for updating instances in an auto scaling group. The lesson concludes with a walkthrough on using an Update Policy to perform updates on EC2 instances in an auto scaling group.
This lesson is the first of a two part lesson on Helper Scripts. Helper Scripts are used in CloudFormation Templates to help provision EC2 instances upon launch. The lesson will review the various helper scripts available as well as taking a look at helper scripts in detail in two CloudFormation templates. The lesson will set the stage for a walkthrough in lesson two.
Helper Script Walkthrough
This lesson continues looking deep into the details of helper scripts. Additionally, a flowchart is used to detail the steps performed when helper scripts are working to provision software on an instance. Finally, a walkthrough of stack creation will tie everything together to conclude the two part lesson.
Systems Manager Parameter Store
This lesson details how Systems Manager Parameter store can be used to abstract paramters out of CloudFormation templates. In doing so, this will make templates more secure and promote reusability of templates. The lesson will conclude with a walkthrough on how to integrate Parameters with a template.
This lesson provides detailed information on Dynamic References. Dynamic References enable use of parameters from Parameter Store and Secrets Manager within our templates. With Dynamic References, we can access these parameters from other areas of our template such as the resources section. The lesson concludes with a walkthrough of how to use Dynamic References in a template.
Handling of Secrets
This lesson takes an in-depth look at AWS Secrets Manager. With Secrets Manager, much like Parameter Store, you can abstract secrets out of your template and store and reference them from Secrets Manager. The lesson includes a walkthrough on using a CloudFormation Template to create a secret in Secrets Manager.
This lesson will take a look at CloudFormation Macros. And in doing so, the lesson will provide a preview of the next section on Custom Resources, Lambda Functions, and the Serverless Application Model (SAM). A template and template snippets will be reviewed which implement Macros.
CloudFormation Custom Resources
Introduction to Custom Resources
This lesson provides an introductory look at Custom Resources and sets the stage for the rest of the lessons in the section. The lesson will detail how to configure and implement a custom resource and provides a checklist on the necessary elements to implement a custom resource. The lesson will use two templates that will be used in the section to discuss the implementation of Custom Resources.
Introduction to Lambda
This lesson provides an introductory look at AWS Lambda. Upcoming lessons will rely heavily on Lambda and this lesson ventures over to the AWS Lambda console to dig into the details of Lambda. The lesson sets the stage for the next lessons which provide walkthroughs on Lambda Functions.
Custom Resources by Example: AMI Selection
This lesson examines in detail a CloudFormation template which is used to dynamically retrieve an AMI ID for the launch of an EC2 instance. The template uses a Lambda Function which retrieves the AMI ID, and its use enables the removal of hardcoded AMI IDs from the template. This promotes reuse of templates also provides a more robust solution which is not subject to the change of an AMI ID by AWS. The lesson concludes with a walkthrough using the template.
Custom Resources by Example: Password Checker
This lesson takes an in-depth look at a CloudFormation template which is used to create an IAM User. The template also contains a Lambda Function which is ued to provide a second confirm password field. The lambda function will not allow the user to be created unless the passwords match. The lesson will conclude with a walkthrough using the template.
Serverless Application Model Part 1
This lesson creates a basic Lambda function in the Lambda Management Console.The Lambda function is then exported and the exported file is a SAM Template. This template will be used in part two of the lesson on deploying SAM functions.
Serverless Application Model Part 2
This lesson uses CloudFormation CLI commands to package and deploy the SAM template created in part 1 of this lesson. The commands used in this walkthrough will in a sense create a manual deployment pipeline and set the stage for upcoming lesson which will automate a continuous delivery deployment process.
Provisioning at Scale
This lesson opens the section on Stack Sets by discussing the problems encountered when trying to Provision your infrastructure at scale. Scaling across multiple AWS accounts, and within each account, across multiple regions came become extremely diffuclt to manage. This lesson sets the stage for the solution, Stack Sets, and goes on to give an overview of Stack Sets in the CloudFormation Management Console.
Introduction to Stack Sets
This lesson provides an introduction to CloudFormation Stack Sets. The student will learn about Stack Sets and their uses and configuration. Stack Sets rely upon and Administrative account and multiple Target accounts in which to deploy stacks. In order to deploy stacks to the Target accounts, service roles need to be created to establish a trust relationship between the Administrative account and each Target account. This trust relationship will be set up in this lesson.
Creating Stack Sets
This lesson will provide a walkthrough in the CloudFormation Management Console on creating Stack Sets. After having created a trust between the Administrative Account and the Trusted Account, a Stack Set can be created. Using one template, the Stackset can deploy stacks to multiple accounts and multiple regions for each account. This enables consistent and uniform deployments at a very large scale.
Updating Stack Sets
This provides a walkthrough on updating Stack Sets. After having created a Stack Set, the Stack Set can be updated at any time. When updating Stack Sets, the updates will be propogated out to all of the Target accounts associated with the Stack Set. Updating Stack Sets are very similar to regular Stack Sets and the interface will be familiar to the student who has updated stacks.
Adding Stacks To Stack Sets
Stack Sets are a very powerful tool for provisioning resources at scale. But if a company continues to grow and add accounts and operate in different regions, it becomes a necessity to add additional stacks to stack Sets. And this functionality will be demonstrated in this lesson as additional stacks are added to a Stack Set. Unlike an update, adding stacks to a stack set does not change the behavior of the stack set, but instead adds additional Target Accounts to the Stack Set.
Stack Set Override Parameters
This lesson will provide a walkthrough on overriding Stackset parameters. Override Parameters provide the ability to change the parameters that have been used in the initial creation of the stackset. Additionally, you have the abillity to pick and choose which sticks, based on account number and region, that you would like to override parameters on. In this way, you are able to customize the stacks in your stack set away from the original configuration.
Stack Set Best Practices and Deleting Stack Sets
This lesson will wrapup the section on Stacksets by reviewing stackset best practices and then deleting the stacksets that were created in the section. Stackset instances need to be deleted before stacksets can be deleted and the student will be given a walkthrough on this deletion process.
CloudFormation Deployment With Continuous Delivery
Continuous Delivery With CloudFormation And Code Pipeline Part 1
This is the first of a two part lesson on Continuous Delivery with CloudFormation and Code Pipeline. This lesson reviews all of the templates involved in creating the pipeline and sets the stage for part two where the pipeline will be implemented.
Continuous Delivery With CloudFormation And Code Pipeline Part 2
This lesson provides a walkthrough on creating a continuous delivery deployment pipeline using CloudFormation and Code Pipeline. The pipeline starts at the repository, in this case an S3 bucket, and the pipeline will automatically detect changes in the repository. The whole process of detecting repository changes and packaging and deploying those changes is automated.
CloudFormation Best Practices and Troubleshooting
Troubleshooting CloudFormation Part 1
This lesson is the first in a two part lesson on troubleshooting CloudFormation. The lesson focuses on the events tab in the CloudFormation stack to assist in troubleshooting. Additonally the lesson will take a look at stacks which have failed during the delete process and walk through completing the deletion of these stacks.
Troubleshooting CloudFormation Part 2
This lesson continues to focus on troubleshooting CloudFormation. The lesson performs a walkthrough which involves sending EC2 instance logs to CloudWatch. This is a highly effective way to troubleshoot EC2 instance installation issues without having to ssh into an EC2 instance.
CloudFormation Best Practices
This lesson focuses on CloudFormation Best Practices. The course is sprinkled with many of these best practices and the lesson should largely be a review.
CloudFormation for Disaster Recovery
This lesson provides on overview on Disaster Recovery techniques used in AWS. AWS has four patterns for Disaster Recovery: Backup and Restore, Pilot Light, Warm Standby, and Multi-site. With these patterns as a foundation, the lesson details how CloudFormation templates can be used as a key tool in Disaster Recovery.
This video provides the student with recommendations on what courses to take after completing the CloudFormation Deep Dive.