After getting my certifications for AWS, I had the feeling one of the most fundamental tools in working with AWS is CloudFormation (CF).
- It lets you define your whole infrastructure in code so that you can apply version control to it.
- It allows you to tear down all the resources with one command, so you don't pay for anything when you were playing around.
- It allows you to define your infrastructure in one account and reproduce it in another without much hassle.
On my journey to becoming a full-stack developer, I discovered a book by Agus Kurniawan called Learn CloudFormation.
What I liked about Learn CloudFormation
The book as a straightforward structure.
- Introducing AWS CloudFormation
- Building Your First AWS CloudFormation Project
- Developing AWS CloudFormation Templates
- AWS CloudFormation StackSets
- Building Lambda Functions Using AWS CloudFormation
- AWS CloudFormation Security
I liked that the book isn't too long, but gets the most critical parts down. Kurniawan doesn't waste much time and gets straight to business.
He stars with a short explanation of why someone should use CF and then motivates it with a simple S3 project. Then he explains the different methods of working with CF, like the AWS console and the CF CLI and always uses code-examples in JSON and YAML. While there are no specific chapters for the examples, every chapter has them.
The parts that stood out the most for me were chapter 4 and 5. Most books on CF I read didn't talk a bit about StackSets or AWS Lambda.
StackSets are a way to deploy resources to different AWS regions from one CF template. Multi-region deployment isn't a problem that many companies face, but it's nice to see a book address it.
My primary resource of learning AWS Lambda was through the special serverless frameworks AWS created, and they always try to abstract away most of the complicated CF code that needs to be written. While this book doesn't go much into detail about the configuration, it at least shows some good examples on how to get Lambdas set up. It even tells how to use them with StackSets.
What I didn't like about Learn CloudFormation
It's only my preference, but when writing a book for developers, I probably would have ignored the AWS console entirely and maybe focused on JSON or YAML and not both.
Since I wrote a book myself, I can understand the problem. On the one hand, you want to write concise, on the other side, most publishers won't sell a book that only has 50 pages, even if it gets its readers up and running faster than any other book.
The other point I didn't like was the lack of details in some places. If the redundant parts (console+CLI, JSON+YAML) were cut out and the rest filled up with some details until the book reaches 200 pages, it would have made for a much better book.
Tutorial
By courtesy of the author I have a tutorial for you, so you can make yourself a picture of his style.
Learn how to implement a CloudFormation project using the AWS CLI by Agus Kurniawan.
Setting up the AWS Command Line Interface (CLI)
The AWS CLI is a tool from Amazon for managing AWS in the Terminal mode. You can manage all AWS resources from this Terminal. This tool supports Windows, Linux, and macOS. If you work with the Windows platform, you can download this tool from the following website by selecting your Windows version:
- Windows 64-bit: https://s3.amazonaws.com/aws-cli/AWSCLI64.msi
- Windows 32-bit: https://s3.amazonaws.com/aws-cli/AWSCLI32.msi
For Linux and Mac, you can install the AWS CLI by typing the pip command with the Python runtime:
$ pip install awscli
If you want to upgrade your AWS CLI through pip, type the following command:
$ pip install awscli --upgrade --user
If you have already installed or upgraded the CLI, you can verify AWS CLI by checking its version. For this, type the following command in the Terminal:
$ aws --version
To configure the AWS CLI with your current AWS account, type the following command:
$ aws configure
You should prepare all the required access and secret keys. It is recommended to read the guidelines on this. The next step is to configure security access on the AWS CLI to enable working with CloudFormation.
Configuring security access for CloudFormation
To work with CloudFormation from the AWS CLI, you need to configure your security access and rights. In this demo, you’ll learn to build and deploy CloudFormation with Amazon S3, so you need to configure security settings for CloudFormation and Amazon S3 on the AWS CLI.
The following steps show you how to add security access to CloudFormation and Amazon S3:
The following steps show you how to add security access to CloudFormation and Amazon S3:
- Open a browser and navigate to the AWS IAM management console.
- Once you're at the IAM management console, click on the Policies option in the left-hand side menu. You should see the screen as follows:
- Now, create a custom policy for CloudFormation.
- Click on Create policy, which is indicated by the arrow in the above figure. Then, you should have a policy form, as shown in the below figure.
- You need to add policy scripts in the JSON format. So, click on the JSON tab on the creation form, as shown in the following screenshot:
-
In this scenario, you’ll give full access to CloudFormation. You can write these scripts and paste them to the JSON tab shown above:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1449904348000", "Effect": "Allow", "Action": ["cloudformation:*"], "Resource": ["*"] } ] } Once you have pasted the scripts, you can click on the Review policy button, and you should see the form shown in the below figure.
Fill in the name and description of your policy. For instance, the name of the review policy in the following screenshot is AWSCloudFormationLRW:
Once done, click on Create policy to start creating a policy. Now, continue by adding that policy to your account.
Click on the Users section in the menu on the left and select the user account that is used in the AWS CLI.
In the Summary section of your IAM user, you should see a screen similar to the below screenshot:
To add your own policy to your IAM account, click on Add permissions on the Permissions tab as shown above. You should then see the screen as follows:
Select the Attach existing policies directly option in the Grant permissions section and type your policy name, for instance, AWSCloudFormationLRW. You should see your own policy. Click on it, as shown in the above screenshot:
After selecting your policy, click on Next:Review at the bottom. Now, you should see the form shown below. Once done, click on Add permissions to add that policy to your IAM account:
Now, your IAM user has a CloudFormation policy with full access.
sing the same approach, you also need to add the AmazonS3FullAccess policy to your IAM account.
Add an existing policy with AmazonS3FullAccess, as shown in the following screenshot:
Select the AmazonS3FullAccess policy and then add it to your IAM user.
Once done, your IAM should have CloudFormation and AmazonS3FullAccess policies, as shown in the following screenshot:
Now, you can manage CloudFormation from the AWS CLI. The next step is to build CloudFormation and then deploy it to AWS CloudFormation.
Building and deploying CloudFormation
Now, you can use the AWS CLI to deploy AWS CloudFormation. To work with CloudFormation in the AWS CLI, you need to know some CloudFormation commands. Here you find all the commands for CloudFormation.
Use the same hello-cloudformation.json template as in the first demo. You’ll upload this template to CloudFormation and then deploy it.
Now open the Terminal and navigate to the directory, where hello-cloudformation.json is located. To create a stack, you can use the cloudformation create-stack command. Type the following command to upload the template and create a stack:
$ aws cloudformation create-stack --stack-name mystackcli1 --template-body file://./hello-cloudformation.json --debug
The preceding command is explained as follows:
-
--stack-name mystackcli1: This defines the stack name. In this case, the stack name is mystackcli1. -
--template-body file://./hello-cloudformation.json: This is a template file. You should use file:// with the full template file path. In this demo, Terminal has already been navigated to a directory, where the ./hello-cloudformation.json file is located. -
--debug: This is a parameter to enable verbosity, so you can see all the verbose messages from the CLI.
If this operation is executed successfully, you should get StackId on the Terminal.
To verify that your operation is complete, you can use the list-stacks command from the CloudFormation CLI. Here you find further information about the list-stacks command.
Now, type the following command:
$ aws cloudformation list-stacks
You should see a status from the stack operation, as seen in the following screenshot. A stack status can be found in the StackStatus option, which is indicated by the rectangle: 
You can also find out stack details using the describe-stacks command by passing in the stack name. Here you find information about the describe-stacks command. For the demo, you may want to see the details of the stack with the name mystackcli1:
$ aws cloudformation describe-stacks --stack-name mystackcli1
After execution, you should see the stack status in the StackStatus option, as shown in the following screenshot: 
If the status of the stack is CREATE_COMPLETE, stack creation has succeeded. You can verify this on the CloudFormation management console. Select the region used by your AWS CLI. The following screenshot shows that the stack was created by AWS CLI: 
If you found this article interesting, you can explore Agus Kurniawan’s Learn CloudFormation to get up and running with AWS automation using CloudFormation. Learn CloudFormation serves as a fundamental guide to kick-start your CloudFormation journey.
Top comments (0)