AWS CloudFormation is a service provided by Amazon Web Services (AWS) that allows you to define and provision infrastructure resources in a predictable and automated manner. It follows an infrastructure-as-code (IaC) approach, where you can use a JSON or YAML template to describe the desired state of your infrastructure. CloudFormation then takes care of provisioning and managing those resources in a reliable and consistent manner.
CloudFormation consists of the following main components:
Template: A CloudFormation template is a JSON or YAML file that defines the resources and their configuration. It serves as the blueprint for your infrastructure. The template describes the relationships between resources and their properties. You can author the template from scratch or use pre-existing templates as a starting point.
Stack: A stack is an instance of a CloudFormation template. When you create a stack, CloudFormation provisions and manages the specified resources according to the template. Each stack has a unique name and represents a set of resources that are created and managed together as a single unit.
Resource: A resource is an AWS service component that CloudFormation provisions and manages. Examples of resources include Amazon EC2 instances, Amazon S3 buckets, AWS Lambda functions, and more. Each resource is declared in the template with its type, properties, and any dependencies it may have on other resources.
Parameter: Parameters allow you to customize your CloudFormation templates at the time of stack creation. They provide flexibility by allowing you to pass input values to your template, such as instance sizes, subnet IDs, or IP addresses. Parameters make your templates more reusable and configurable.
Output: Outputs in CloudFormation allow you to extract and display useful information from your stack. For example, you can output the URL of a deployed application, the ARN (Amazon Resource Name) of a created resource, or any other relevant information. Outputs can be used to pass information between stacks or to external systems.
Mapping: Mappings enable you to define a set of key-value pairs within your CloudFormation template. They allow you to create conditional logic and retrieve values based on input parameters or other conditions. Mappings are useful for defining different configurations based on regions, environments, or any other criteria.
Condition: Conditions allow you to define conditional logic within your CloudFormation templates. They determine whether certain resources or properties are created or updated based on the evaluation of conditions. Conditions can be based on input parameters, resource properties, or other values.
Stack Policy: A stack policy is a JSON document that specifies the update permissions for resources within a stack. It provides fine-grained control over how resources can be modified or replaced during stack updates. Stack policies help prevent accidental or unauthorized changes to critical resources.
By leveraging CloudFormation, you can automate the process of provisioning and managing AWS resources, ensuring consistency and reducing manual effort. It also enables you to version-control your infrastructure, make changes through code, and easily replicate and scale your infrastructure across environments.
Hands-on Lab overview
The hands-on lab creates a basic WordPress blog that uses a single Amazon EC2 instance with a local MySQL database for storage. The template used in the alb also creates an Amazon EC2 security group to control firewall settings for the Amazon EC2 instance.
Important:
AWS CloudFormation is free, but the AWS resources that CloudFormation creates are live (and not running in a sandbox). You will incur the standard usage fees for these resources until you terminate them in the last task in this tutorial. The total charges will be minimal. For information about how you might minimize any charges, go to http://aws.amazon.com/free/.
CloudFormation template
You can view the JSON or YAML WordPress sample template. You don't need to download it because you will use the template URL later in this guide. For more information about the template formats, see AWS CloudFormation template formats.
A template is a JSON or YAML text file that contains the configuration information about the AWS resources you want to create in the stack. For this walkthrough, the sample template includes six top-level sections: AWSTemplateFormatVersion
, Description
, Parameters
, Mappings
, Resources
, and Outputs
; however, only the Resources
section is required.
An AWS CloudFormation template is a JSON or YAML file that describes the desired state of your infrastructure. It consists of several main components:
AWSTemplateFormatVersion: This component specifies the version of the CloudFormation template format being used. It ensures compatibility and provides backward compatibility if there are changes to the template format in the future.
Description: The description is an optional component that allows you to provide a human-readable description of your CloudFormation template. It can include information about the purpose of the template, its resources, or any other relevant details.
Metadata: Metadata is an optional component where you can include additional information about the template. It can be used to provide information about the author, license, or any other custom metadata that you want to associate with the template.
Parameters: Parameters enable you to customize your CloudFormation template when you create a stack. They allow you to specify input values that can be passed into the template, such as instance sizes, AMI IDs, or security group names. Parameters make your template more flexible and reusable.
Mappings: Mappings are optional key-value pairs that allow you to define conditional values in your template. You can use mappings to create different configurations based on different criteria such as regions, instance types, or environment types. They provide a way to retrieve specific values based on input parameters or conditions.
Conditions: Conditions enable you to define conditional logic within your template. You can use conditions to control whether resources are created or updated based on certain criteria. For example, you can define conditions based on parameter values, resource properties, or other conditions. Conditions help make your template more dynamic and adaptable.
Resources: Resources are the core component of a CloudFormation template. They define the AWS resources that you want to provision and manage, such as EC2 instances, S3 buckets, RDS databases, or IAM roles. Each resource is declared with a logical name, a type that corresponds to an AWS service, and properties that specify the desired configuration of the resource.
Outputs: Outputs allow you to extract and display useful information from your CloudFormation stack. They provide a way to retrieve values generated during stack creation or update, such as URLs, resource IDs, or IP addresses. Outputs can be used to pass information between stacks, provide information to users, or integrate with external systems.
These main components work together to define the desired infrastructure state, including resource types, properties, and relationships. CloudFormation uses this template as a blueprint to create, update, and delete resources in a consistent and automated manner.
Here's an example of a simple CloudFormation template in YAML format:
AWSTemplateFormatVersion: '2010-09-09'
Description: Example CloudFormation Template
Parameters:
InstanceType:
Type: String
Description: EC2 instance type
Default: t2.micro
Resources:
MyInstance:
Type: AWS::EC2::Instance
Properties:
ImageId: ami-0c94855ba95c71c99
InstanceType: !Ref InstanceType
Outputs:
InstanceId:
Description: ID of the created EC2 instance
Value: !Ref MyInstance
In this example:
The
AWSTemplateFormatVersion
specifies the version of the CloudFormation template format being used.The
Description
provides a description of the template.The
Parameters
section defines a parameter calledInstanceType
, allowing users to specify the EC2 instance type when creating the stack.The
Resources
section declares a resource namedMyInstance
of typeAWS::EC2::Instance
. It specifies the image ID of the Amazon Machine Image (AMI) and uses theInstanceType
parameter value for the instance type.The
Outputs
section defines an output namedInstanceId
that describes the ID of the created EC2 instance. It references theMyInstance
resource.
This template creates an EC2 instance using the specified parameters and outputs the instance ID for later use.
Step 2: Make sure you have prepared any required items for the stack
Before you create a stack from a template, you must ensure that all dependent resources that the template requires are available. A template can use or refer to both existing AWS resources and resources declared in the template itself. CloudFormation takes care of checking references to resources in the template and also checks references to existing resources to ensure that they exist in the region where you are creating the stack. If your template refers to a dependent resource that doesn't exist, stack creation fails.
The example WordPress template contains an input parameter, KeyName
, that specifies the key pair used for the Amazon EC2 instance that's declared in the template. The template depends on the user who creates a stack from the template to supply a valid Amazon EC2 key pair for the KeyName
parameter. If you supply a valid key pair name, the stack creates successfully. If you don't supply a valid key pair name, the stack is rolled back.
Make sure you have a valid Amazon EC2 key pair and record the key pair name before you create the stack.
To see your key pairs, open the Amazon EC2 console, then choose Key Pairs in the navigation pane.
Note:
If you don't have an Amazon EC2 key pair, you must create the key pair in the same region where you are creating the stack. For information about creating a key pair, see Getting an SSH key pair in the Amazon EC2 User Guide for Linux Instances.
Now that you have a valid key pair, let's use the WordPress template to create a stack.
Step 3: Create the stack
You will create your stack based on the WordPress-1.0.0 file discussed earlier. The template contains several AWS resources, such as an EC2 instance.
To create the WordPress stack
Sign in to the AWS Management Console and open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation.
Choose Create Stack.
In the Specify template section, select Amazon S3 Template URL to type or paste the URL for the sample WordPress template, and then choose Next:
Note:
AWS CloudFormation templates that are stored in an S3 bucket must be accessible to the user who is creating the stack, and must be located in the same region as the stack that is being created. Therefore, if the S3 bucket is located in the us-east-2
Region, the stack must also be created in us-east-2
.
In the Specify stack details section, enter a name in the Stack name field. For this example, use
MyWPTestStack
. The stack name can't contain spaces.In the Parameters section, you must provide values for all parameters that don't have default values, including DBUser, DBPassword, DBRootPassword, and KeyName. In the KeyName field, enter the name of a valid Amazon EC2 pair in the same region you are creating the stack.
Choose Next.
In this scenario, we won't add any tags. Choose Next. Tags, which are key-value pairs, can help you identify your stacks. For more information, see Adding tags to your CloudFormation stack.
Review the information for the stack. When you're satisfied with the settings, choose Submit.
Step 4: Monitor the progress of stack creation
After you complete the Create Stack wizard, CloudFormation begins creating the resources that are specified in the template. Your new stack, MyWPTestStack
, appears in the list at the top portion of the CloudFormation console. Its status should be CREATE_IN_PROGRESS. You can see detailed status for a stack by viewing its events.
If your AWS account doesn't have a default VPC in the eu-west-2 (EU London) region, you can create a new default VPC using the AWS Management Console or the AWS Command Line Interface (CLI). Here's how you can do it:
Using AWS Management Console:
Open the AWS Management Console and sign in to your AWS account.
Navigate to the Amazon VPC service.
In the left navigation pane, click on "Your VPCs."
Click on the "Create Default VPC" button at the top of the page.
Select the eu-west-2 (EU London) region from the dropdown menu.
Click on the "Create" button to create the default VPC.
Using AWS CLI:
Install and configure the AWS CLI on your local machine.
Open a terminal or command prompt.
Run the following command to create a default VPC in the eu-west-2 region:
aws ec2 create-default-vpc --region eu-west-2
After executing these steps, AWS will create a default VPC in the eu-west-2 region for your account. The default VPC will have all the necessary components like subnets, route tables, and internet gateway to enable connectivity to the internet.
Step 5: Use your stack resources
When the stack MyWPTestStack
has a status of CREATE_COMPLETE
, CloudFormation has finished creating the stack, and you can start using its resources.
The sample WordPress stack creates a WordPress website. You can continue with the WordPress setup by running the WordPress installation script.
To complete the WordPress installation
On the Outputs tab, in the WebsiteURL row, choose the link in the Value column.
The
WebsiteURL
output value is the URL of the installation script for the WordPress website that you created with the stack.On the web page for the WordPress installation, follow the on-screen instructions to complete the WordPress installation. For more information about installing WordPress, see https://wordpress.org/support/article/how-to-install-wordpress/.
After you complete the installation and log in, you are directed to the dashboard where you can set additional options for your WordPress blog. Then, you can start writing posts for your blog that you successfully created by using a CloudFormation template.
Step 6: Clean up
You have completed the CloudFormation getting started tasks. To make sure you aren't charged for any unwanted services, you can clean up by deleting the stack and its resources.
To delete the stack and its resources
From the CloudFormation console, select the
MyWPTestStack
stack.Choose Delete Stack.
In the confirmation message that appears, choose Yes, Delete.
The status for MyWPTestStack
changes to DELETE_IN_PROGRESS
. In the same way you monitored the creation of the stack, you can monitor its deletion by using the Event tab. When CloudFormation completes the deletion of the stack, it removes the stack from the list.
Congratulations! You successfully picked a template, created a stack, viewed, and used its resources, and deleted the stack and its resources. Not only that, you were able to set up a WordPress blog using a CloudFormation template. You can find other templates in the AWS CloudFormation sample template library