"Code your Cloud" using Cloudformation

Aren't we tired of manually creating resources in AWS? Let's consider the case of creating an Ec2 instance manually. We have to complete at least 7 steps to launch an instance ( any AMI). We can handle creating an instance or two. What if we have to launch/create 10 instances with different configurations. It will take almost 70 steps.

Do we have enough time to complete these steps manually?

AWS Cloudformation helps us to speed up cloud provisioning with infrastructure as code.It's not only for creating a single resource but can create an entire cloud infrastructure. Once, I created an infrastructure for remote desktops includes a VPC along with the NAT instance using Cloudformation. Isn't it fascinating!.

Infrastructure as Code

templates can either be in JSON or YAML format. This collection of resources is called a stack. We can create, update and delete these stacks. It is easy to deploy the stack with a single click. Also, we can reuse our code/template if we want to replicate the same infrastructure in multiple environments.

YAML template for creating an EC2 Instance

   Resources:
    SampleInstance:
     Type: AWS::EC2::Instance
     Properties:
       Tags:
           - Key: Name
             Value: SampleInstance
       ImageId: <Image id>
       InstanceType: <Instance Type>
       SubnetId: <Subnet id>
       SecurityGroupIds:
         - <Security Group Id>
       BlockDeviceMappings:
         - DeviceName: <DeviceName>
           Ebs:
             VolumeSize: <VolumeType>
             VolumeType: <VolumeType>
             DeleteOnTermination: true
       KeyName: <Key Name>
       

How it works

When you create a stack, Cloudformation makes some service calls to AWS to provision the resource specified in the stack. You may need IAM permissions for creating these resources. You will need similar permission for Cloudformation also (Create, Update, Delete, Describe). You can either assign a role (which is better) or assign those policies to yourself (IAM User).

Be aware of AWS pricing options. It may depend upon the services you use. AWS offers a free tier, which includes no cost in using certain services for a particular amount of time.

You can use any code editor to write the code(YAML/JSON). Once you are up with the template, you can upload it manually (using AWS Console) or you can leverage AWS CLI. I recommend you to go for CLI. When you are using the console, You have to go through certain steps such as naming the stack, adding tags, and so on. And each time you change the template you need to re-upload manually( Extra Steps). The reason for this re-upload is that once we upload a template, it uploads the file to an s3 bucket.

Look at these CLI commands.

aws cloudformation create-stack \
--stack-name $Cloudformation_TEMPLATE_NAME \
--template-body file://$Cloudformation_TEMPLATE_FILE \
--tags Key=env,Value=test \
--capabilities CAPABILITY_IAM

This is it. You have successfully created a stack using CLI with name, tags, and permission.

Likewise

aws cloudformation update-stack \
--stack-name $Cloudformation_TEMPLATE_NAME \
--template-body file://$Cloudformation_TEMPLATE_FILE \
--tags Key=env,Value=test \
--capabilities CAPABILITY_IAM

And

aws cloudformation delete-stack \
--stack-name $Cloudformation_TEMPLATE_NAME \
--template-body file://$Cloudformation_TEMPLATE_FILE

Advantages of using Cloudformation

Scaling up: Even if we didn't plan to deploy an entire infrastructure at the first attempt. Cloudformation allows us to scale up the resources when we need them. Remember we can always update the stack.

Consistency: Consider we need 5 instances with the same configuration. We can apply the same configuration repeatedly or we can create a launch template(much better). In this way, cloudformation ensures that our resources and services will always be consistent.

Security: Even though cloudformation isn't the service designed for taking security measures, It helps the developers to make sure that they have the right configuration including the right tags for the resources. We can use these tags for ABAC(Attribute-Based Access Control) or even help in filtering resources while monitoring the cost.

Terraform v/s Cloudformation

Ease of use: CloudFormation is confined to the services offered by AWS. But what if we want to write a code that spans multiple cloud platforms (GCP, Azure). Terraform is the solution.

Size: Cloudformation doesn't allow the developers to create files that are more than 51 Mb. They have to create nested templates.

Cost: Both are free. But terraform offers an enterprise version that has some more governance options.

Multi-cloud integration: For deploying the infrastructure in multiple cloud platforms (GCP, Azure, and many others). Cloudformation isn't the best choice. But if we want to deploy it entirely on AWS, such as creating AWS services, Cloudformation is the right one.

Published by

Unni Krishnan S I

Cloud Practitioner | System Administrator