AWS CloudFormation (Template)

Overview

• File describing resources
• Format: JSON, YAML
• Max 51,200 bytes when passed directly to CreateStack, UpdateStack, ValidateTemplate
• Max 460,800 bytes when using S3 reference
  • Break into nested stacks if necessary

AWSTemplateFormatVersion

• 2010-09-09

Description 

• Human readable description

Metadata 

• Arbitrary object

• AWS specific keys (have special meaning)
  • AWS::CloudFormation::Init (configuration task for cfn-init script)
    • See CloudFormation (Init)
  • AWS::CloudFormation::Interface (visual grouping for parameters)
  • AWS::CloudFormation::Designer (designer)

Parameters

• Allow to reuse template in different contexts (e.g. environments)
• Syntax
  • LogicalName     
  • Properties
    • Type
      • String
      • Number
      • CommaSeparatedList
        • Use Fn::Select to refer to items within
      • AWS specific types: AWS::EC2::KeyPair::KeyName, etc.
        • Caller must specify existing value from the AWS account
        • AWS console pre-populates values
    • Default (e.g. "t2.small")
    • MinValue
    • MaxValue
    • NoEcho (for passwords)  = [true,false]
      
      • When true not displayed by DescribeStacks (********)
    • AllowedValues 
      • [ "t2.micro", "t2.small"]
    • AllowedPattern
      
      • Regex
    • Description
    • ConstratintDesciption
      • Human readable constraint explanation
• Can be referenced in other places in template (via "Ref")
  
  •     e.g.  { "Ref":  "KeyNameParameter" }

Psuedo-parameters 

• No need to declare in template (passed in automatically)
  • AWS::AccountId
  • AWS::NotificationARNs
  • AWS::NoValue
    • If condtional property evaluates to false CF will skip this property entirely
  • AWS::Region
  • AWS::StackId
  • AWS::StackName
• Useful for template re-use across regions

Mappings 

• Static dictionaries (look-up tables)
  • Multiple maps allowed in template
• Key-value where value is a JSON structure
  • Two-level deep (map of maps)
  • Region often is the first-level selector
• Use Fn::FindInMap
• Use cases
  • AMI look-up table between regions

Conditions 

• Depend on parameters to allow reusing template in different contexts
• Define conditional expression that can be used later in the template
  • e.g. Is-EC2-VPC

Resources

• Mandatory
• See CloudFormation (ResourceTypes)

Outputs

• Values to be returned by describe-stacks command (or displayed in console)
• Syntax
  • LogicalId (key)
  • Description
  • Value - literal, parameter, pseudo-parameter, intrinsic functions, mapping
  • Condition (optional)
• Use case
  • Template creates environment and returns Url's to Load Balancers

Template Validation

• Checks the template for syntax errors only
  • no check if property values for resources are valid
• Validates local or remote file (url)
• Must "CreateStack" to check operational validity