AWS exposes well-defined APIs to manage resources in the cloud. When we trigger a command such as aws ec2 run-instances, the CLI invokes the respective Elastic Compute Cloud (EC2) APIs in the background to perform desired actions. Enterprise-grade architectures require much more than just the creation of such resources. You want to define inter-dependencies between all the components, adapt the resources based on the environment’s type (development/production), seed them with initial data, and control and track any modifications on the entire stack. AWS CloudFormation simplifies all this by allowing the user to define their infrastructure resources with a YAML/JSON template. After adding all the resources to the file, you can manage the entire stack as a single unit. Provisioning and de-provisioning the entire unit is now a matter of running a single CloudFormation command, such as aws cloudformation deploy –template-file template.yml –stack-name teststack. That’s the power of IaC. Imagine provisioning the same template across multiple AWS accounts (and regions) to have the entire stack replicated with ease. Let’s dive deeper into the AWS CloudFormation concepts that are used in the context of a template.
Key concepts in AWS CloudFormation
There are three fundamental concepts you need to be aware of when using the CloudFormation service to manage infrastructure resources in your AWS account. Let’s go through them and identify the CLI commands that you will use when working with each.
Stacks
When managing IaC, you want to deal with the related resources as a single unit. For example, a three-tier web application will require you to create a set of resources, such as the load balancer, compute instance, and database server. It is ideal to be able to manage them all within a single template. This simplifies the management of the dependencies and stack operations. In CloudFormation terminology, this single unit is what is referred to as a stack. A template definition is a prerequisite for AWS CloudFormation to understand the resources you’d like to create and the configurations to be used for those resources.
You can create a stack in your AWS account with the aws cloudformation deploy command.
Change sets
Just like software applications, infrastructure needs to adapt to changing requirements. This results in the modification of stacks that have already been deployed by CloudFormation in an AWS account. Some resources in AWS are immutable, which means any modification requires a complete replacement since in-place updates are not possible. To provide a safety net around such operations, CloudFormation allows you to evaluate the impact of your changes before you roll them out. This intermediate stage is known as a change set. After a change set has been created, it tells you about the impact of the planned stack update operation on existing resources. If you notice unexpected changes to the resources, you can cancel the update process; otherwise, you can go ahead with the final rollout.
To create a change set, you can use the aws cloudformation create-change-set command.