Understanding Cloudformation Concepts

Introduction

In terms of the AWS Developer Associate exam, I only had a couple of rudimentary level questions on CloudFormation. From memory one of them was about the concept of mappings to support multi-region AMIs. But as reproducible infrastructure and config as code should be second nature to us with AWS I think this is a topic we should explore just a bit.

Tldr; in the exam I only got high level questions on CloudFormation. If you’re already familiar with it you probably can get by using practice papers or an equivalent resource. However I’ll cover where to look for the concepts because it’s crucial to to the day job – and a refresher might help.

SectionResource
What to UnderstandAWS CloudFormation concepts
Getting Hands OnLearn Template Basics
Build on the BasicsQuestions

What to understand

If you’ve read my “Tim Fellows” case study article you may remember how I talk about how to build connections to understand things quicker.

In case you don’t know what CloudFormation is, it’s a service for modelling your resources so you can have a reproducible template. If you have heard of “cattle not pets” you get the idea, resources are treated as interchangeable rather than having an ‘identity’ and CloudFormation gives you the means to tear down and re-create the same config again and again.

Starting with this diagram we can see that a template (locally or stored) is used to create a stack. Then the stack constructs and configures resources.

I was still a little unclear on the connection and terminology, despite using in my day job. So I looked at this overview of the concepts. Then it started to make sense to me, because I could connect the concepts back to what I already knew of underlying concepts:

  • The template is the ‘abstract definition of resources’. E.g I just say I want an EC2 instance, a key pair and an RDS instance, but I don’t have any resources running. I think of it like a class defining other classes as instance variables. In this analogy, I’ve only declared the blueprint, but there are no running objects.
  • A stack gets created from a template, but importantly it has a link back to the template that created it. I suppose in Java we can do getClass() on an object…
  • The stack is the part that makes the ‘atomic whole’. Another running instance of the stack is another EC2, keypair and RDS.
  • Declaring resource in a stack is a little like SQL – you specify the what, not the how (i.e. declarative not imperative).
  • Creation of the stack is just CloudFormation making API calls on your behalf. If you don’t have permission to create the resources manually, declaring the resources in the template isn’t going to work either. To go back to our SQL analogy, you can query all you like but it’s no use without permission on the tables.
  • Change sets are a result of proposing to change the running resources a stack, and this lets you plan a change before implementing it. You don’t have to use change sets to update a stack, but that goes against our idea of reproducible config.

Or put into DevOps terms (and by inferring from the overview page):

  • We have a means of saying ‘this the configuration is what I want’ – with templates. Later on we deal with how to make that a reality.
  • We have templates so the same config can be ‘replayed’ across regions with few changes.
  • The template can be stored as code, so that gives us advantages of being able to reproduce the build any time we want, and even better as part of a Continuous Integration or Continuous Delivery pipeline.

It’s a must to understand template, stacks and change sets – so the concepts are second nature to you. I think learning by doing is the best thing for concepts such as these so let’s move to practical experience next.

Getting Hands On

To get value out of this practice, I’d want to make sure we think about the following:

  • What is the relationship between stacks and stack resources?
  • How does template relate to a stack?
  • How does a stack relate to running instances of software?
  • How does a template stored in S3/version control get used?

As I said I earlier, I think the quickest way to get familiar with how CloudFormation works is to just try using it. So let’s scan this section to get ourselves familiar with a trivial example to learn the rudiments.

Only AFTER that, go through the get started and update a stack pages. The reason being is that I want you to read those sections looking for the connections mentioned in the template basics section. The anatomy of a template section is useful too in this exercise.

As I mentioned before, CloudFormation is a subject that more readily lends itself to hands on experience. Once we’ve covered the simple example above, we can build on this.

Change sets

We need to at least understand the anatomy of a change set. Remember how a stack has an an associated template? You can use change this, and derive the change set and optionally apply to the stack.

  • A stack has a template.
  • A template drives the change set (by virtue of being different from its previous version, just like a commit to version control has a diff from the current version)
  • The change set is what is executed against the stack.

BTW, the concept of deletion policies is the sort of thing that just screams exam question to me, so skim that too.

Build on the basics

At this point, we want to make sure we focus our training to understand some further concepts. If you’re a little time poor, then you can skip the tutorials, but at least find out the answers to these questions. The template basics section is a good place to search for answers. Also review the anatomy of a template.

If you want to learn more via tutorials at this point – good on you. You’ll get more out of it, although ultimately still try and answer the above questions. Some example tutorials that might be useful:

  • Pluralsight subscribers can use this one (I used it in the past) although there now appears to be a more recent one from their site. I wouldn’t sign up especially just to be clear.
  • Whizlabs have a useful section on CloudFormation targeted towards the AWS Developer Associate exam and also 6 labs on other CloudFormation. Contact me if you use my affiliate link and I will get you some flashcards as per this offer.
  • There are some free resources from AWS too if you want to play around with those. They’re less exam directed, but they are useful.

Conclusion

CloudFormation is something that is better learned with hands on experience, as you can quite literally see concepts becoming a reality. Whilst my experience of the exam was that CloudFormation was only covered at a high level, understanding the concepts of stacks, manifestation of stacks and the workings of templates are going to be necessary.

I hope you found this week useful. Please feel free to give feedback as ever. Next week we’ll build on this by looking at deployment strategies in more detail.