AWS Cloudformation deep dive

What is AWS Cloudformation

AWS pseudo parameters


AWS CloudFormation
is a service that allows you to create and manage a collection of related AWS resources, such as EC2 instances, EBS volumes, and RDS databases, in an orderly and predictable fashion.

  • Infrastructure as Code (IaC) is a methodology that treats infrastructure as code, allowing you to define your infrastructure in a file that can be version controlled and deployed like any other code. This makes it easier to manage your infrastructure, as you can track changes and roll back to previous versions if necessary.

With AWS CloudFormation, you can use a template to describe the infrastructure you want to create. The template can be written in either JSON or YAML, and it defines the resources you want to create, as well as their properties. AWS CloudFormation then uses the template to create and manage the resources for you.

AWS pseudo parameters

When we initiate stack deployment, CloudFormation will replace the pseudo parameter with an actual value. For AWS::AccountId, the value will be the account where the stack is being created.

Below are list of pseudo parameters.

  • AWS::AccountId
  • AWS::NotificationARNs
  • AWS::NoValue
  • AWS::Region
  • AWS::StackId
  • AWS::StackName
  • AWS::URLSuffix
  • AWS::Partition

Example

AdminRole:

Type: “AWS::IAM::Role”

Properties:

AssumeRolePolicyDocument:

Version: “2012-10-17”

Statement:

– Effect: Allow

Action:

– sts:AssumeRole

Principal:

AWS: !Ref “AWS::AccountId”

ManagedPolicyArns:

Example

  AdminRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          -  Effect: Allow
             Action:
               - sts:AssumeRole
             Principal:
               AWS: !Ref "AWS::AccountId"
      ManagedPolicyArns:
        - "arn:aws:iam::aws:policy/AdministratorAccess"
"Parameters": {
    "KeyName": {
        "Description": "Name of an existing EC2 KeyPair to enable SSH access to the instances",
        "Type": "AWS::EC2::KeyPair::KeyName",
        "ConstraintDescription": "must be the name of an existing EC2 KeyPair."
    },
    "InstanceType": {
        "Description": "WebServer EC2 instance type",
        "Type": "String",
        "Default": "t2.small",
        "AllowedValues": [
            "t1.micro",
            "t2.nano",
            "t2.micro",
            "t2.small"
        ],
        "ConstraintDescription": "must be a valid EC2 instance type."
    },
    "SSHLocation": {
        "Description": "The IP address range that can be used to SSH to the EC2 instances",
        "Type": "String",
        "MinLength": "9",
        "MaxLength": "18",
        "Default": "0.0.0.0/0",
        "AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
        "ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x."
    },
}
Look at the parameters which is used in json cloudformation template
  • Parameters in AWS CloudFormation make templates reusable by acting as variables for stacks.
  • They can be used to define CIDR ranges for VPCs and subnets, instance types for EC2 and RDS instances, and more.
  • Parameters enable the creation of different stacks without modifying the template resources.
  • They provide flexibility and customization options when deploying CloudFormation templates.
Scroll to Top