AWS Infrastructure As Code

If you are new to AWS, you might be provisioning services using AWS console. But this is not the standard process. Ideally, the infrastructure should be provisioned using JSON/YAMl scripts. Using these scripts make your infrastructure automated, secure and ordered.
Automated,  as running these scripts spin up all the resources written as JSON/YAML without provisioning them manually. Secure, as you can create the entire same architecture in minutes in case of accidental deletion. Infrastructure as code reduces efforts and errors while creating large infra. AWS provides two services/methods to provision as code,
  • AWS CloudFormation - Provision infrastructure using json/yaml scripts
  • CDK (Cloud Development kit)- provision infrastructure using your familiar programming language. Currently supported languages are - javascript, typescript, python, java and .NET.
In this article, I will be covering AWS Cloudformation.
AWS Cloudformation is a service that lets you provision aws resources from json/yaml templates. A cloudformation template is the blueprint of your infrastructure. Cloudformation template make api calls to create your infrastructure. The user using template should have required permissions to provision infrastructure.

Sections of CloudFormation templates

There are various sections of cloudformation template.
  • AWSTemplateFormatVersion - The current version of the template.
  • Descriptions - A short description about the particular template.
  • Metadata - Additional information about the template. One use case is to label parameters in the parameter section.
  • Mappings - list of key-value pairs to be used in some resources. It is like a log table where each field has its corresponding value.
  • Parameters - Use to make the template dynamic and easy to update. Instead of hardcoding names and fields in the template, parameterize them so the same template can be used multiple times. Parameters also make it easy to update resources. For eg, you can easily change the database engine version by just updating the stack instead of modifying the template itself.
  • Conditions - Define conditions that can be applied on resources. The creation of certain resources can be conditional if conditions. For example, if you need database read replica in production environment but not in development, you can still have one template and control the creation using conditions.
  • Resources - Describe the resources that is to be created. This is the only mandatory section. Specify resource by providing it a type and its properties.
  • Outputs - Used to export the resources values created in the template for cross- referencing.

Sample Template

Refer the following link to get the sample cloudformation template.
Create a stack in CloudFormation to run the template. You can either upload your template from S3 or from your local machine.
Tips for good cloudformation template,
  • Parameterize template as much as possible.
  • Use proper formatting
  • Categorize your parameters using metadata section - ‘AWS::CloudFormation::Interface
  • Keep different components in different template. Network components like VPC, Subnets, security groups in network template and instance, load balancer, autoscaling etc. components in another compute template. These are cross-reference templates. Use Output section for exporting values.