Manoj Patra

Cloud formation

# aws

PUBLISHED ON: Sunday, Jul 2, 2023

Cloud formation allows us to create, update and delete infrastructure in AWS using templates. It automates infrastructure and helps with change management.

A template can be written in either YAML or JSON.

Cloud formation is Infrastructure-as-Code (IaC).

#

Cloud formation template

  • If AWSTemplateFormatVersion is specified, then Description should immediately follow it.
  • Resources in a cloud formation template are called logical resources. They have two keys - Type and Properties.

    • Type has the format AWS::<service_name>::<type>.

    • Resources with no name specified have their physical ID when created as

      <stack_name>-<logical_id>-<random_numbers>.

  • Metadata controls the UI.
  • Conditions are used for decision making - "define" and "apply".
  • Outputs are used to output data after resources creation process is complete.
  • Mappings allow us to create lookup tables.

By default, when we are creating a CloudFormation stack, CloudFormation uses the permissions of our identity to interact with AWS, i.e., in addition to the permissions to create a stack, we also need permissions to create the resources that that stack creates.

❗ Instead of providing the permissions to create the resources directly to the user, a better approach would be to allow the user to have the ability to pass this role into CloudFormation using the PassRole method.