Intro to AWS CloudFormation

Read More >

AWS CloudFormation is an Infrastructure as Code (IaC) service that enables AWS cloud teams to model and set up related AWS and third-party resources in a testable and reproducible format. 

The platform helps cloud teams focus on the application by abstracting away the complexities of provisioning and configuring resources. You also have access to templates to declare resources; CloudFormation then uses these templates to organize and automate the configuration of resources as well as AWS applications. It supports various services of the AWS ecosystem, making it efficient for both startups and enterprises looking to persistently scale up their infrastructure. 

CloudFormation Features

Declarative Configuration with JSON/YAML

Cloud teams can easily model cloud environments in simple text files called templates. You can build these in either a YAML or JSON format, both of which are universally accepted and can be used to provision the resource stacks of any cluster. 

Preview Environment Changes

With the creation of change sets, you can preview proposed infrastructure changes before applying them. This helps you analyze and remediate any adverse effect a new change might have on running resources. Teams can view the summary of changes in JSON format on the CloudFormation Management Console, as well as access additional details from the AWS CLI and the CloudFormation API.

Stack Management Actions for Dependency Management

By relying on accurately formatted templates, CloudFormation follows the correct sequence of actions to manage dependencies when creating and monitoring AWS stacks. The ListImports and ListStackInstances actions provide cloud administrators with information on resources and instances associated with a particular stack. Tagging resources also helps you set and manage dependencies in larger deployments.

Cross-Region/Account Management

AWS StackSets lets cloud and DevOps professionals deploy a common set of resources in multiple regions and accounts using a single template. StackSets facilitates the provisioning, updating, and deleting of multi-region/multi-account stacks while following security best practices.

CloudFormation Pros

Centralized Configuration

Rather than storing the state of your infrastructure in a local file, CloudFormation is built to manage state out-of-the-box, automatically performing periodic drift detection on all provisioned services. The platform also determines the dependencies associated with a resource it is instructed to delete and fails the command if dependencies exist. 

While the CloudFormation service performs state management tasks, it allows users to manage the resource stack via service roles defined in the configuration templates. This allows for centralized configuration management.

Extensibility

The macros feature enables developers and DevOps teams to use Lambda-based transformations to extend the capabilities of CloudFormation templates. Teams create a macro CloudFormation resource type that maps Lambda functions to the name of the macro being used; cloud teams can then codify infrastructure automation best practices for improved workflows.

Simple Integration with AWS Services

Being an AWS-centric service, CloudFormation can manage most resources and services in the AWS ecosystem. AWS also provides pre-made templates for all of its resources, making it simple to deploy, update, and delete all of Amazon’s PaaS and IaaS offerings.

Easy to Use

CloudFormation templates are simple text files built using the JSON and YAML formats. As these formats are extensively used in other IaC platforms and data structure representations, DevOps teams require minimal training to adopt CloudFormation services for deploying AWS infrastructure.

Innate Security

AWS implements various security controls and best practices to ensure safe and automatic infrastructure provisioning. The service includes rollback triggers that instruct CloudFormation to monitor specific CloudWatch alarms when deploying and updating the stack. When an alarm is triggered, the entire stack is rolled back to the last working state. CloudFormation also offers change sets, which eliminate the risk of breaking a running system while introducing a new change. 

CloudFormation Cons

There are three essential drawbacks of CloudFormation:

  • It is an AWS-centric platform.
  • It limits the number of resources you can define in a template.
  • Compared to Terraform, it is more complex to extend the configuration state across different environments.

 

Final Words

Despite the challenges listed above, CloudFormation is ideal for users who run deployments entirely on AWS and want to achieve full state management from the get-go. As a fully managed service, you’ll have the support of AWS as well as access to new AWS services as soon as they’re released.

If you’re looking for another option, check out our article introducing Hashicorp’s Terraform — a great open source IaC alternative.