@@ -872,3 +872,212 @@ Official SDKs:
872872
873873Orchestration == CICD
874874
875+ ------------------------------------------
876+
877+ # CloudFormation
878+
879+ - Currently, we have been doing a lot of manual work
880+ - All this manual work will be very tough to reproduce:
881+ - In another region
882+ - In another AWS account
883+ - Within the same region if everything was deleted
884+ - Wouldn’t it be great, if all our infrastructure was... code?
885+ - That code would be deployed and create / update / delete our
886+ infrastructure
887+
888+ #### What is CloudFormation?
889+ - CloudFormation is a declarative way of outlining your AWS Infrastructure, for any resources (most of them are supported).
890+ - For example, within a CloudFormation template, you want to:
891+ - I want a security group
892+ - I want two EC2 machines using this security group
893+ - I want two Elastic IPs for these EC2 machines
894+ - I want an S3 bucket
895+ - I want a load balancer (ELB) in front of these machines
896+ - Then CloudFormation creates those for you, in the right order, with the exact configuration that you specify
897+
898+ ** Note** : This is an introduction to CloudFormation
899+ - It can take over 3 hours to properly learn and master CloudFormation
900+ - This section is meant so you get a good idea of how it works
901+ - We’ll be slightly less hands-on than in other sections
902+ - We’ll learn everything we need to answer questions for the exam
903+ - The exam does not require you to actually write CloudFormation
904+ - The exam expects you to understand how to read CloudFormation
905+
906+ #### Benefits of CloudFormation
907+ - Infrastructure as code
908+ - No resources are manually created, which is excellent for control
909+ - The code can be version controlled for example using git
910+ - Changes to the infrastructure are reviewed through code
911+ - Cost
912+ - Each resources within the stack is stagged with an identifier so you can easily see how much a stack costs you
913+ - You can estimate the costs of your resources using the CloudFormation template
914+ - Savings strategy: In Dev, you could automation deletion of templates at 5 PM and recreated at 8 AM, safely
915+ - Productivity
916+ - Ability to destroy and re-create an infrastructure on the cloud on the fly
917+ - Automated generation of Diagram for your templates!
918+ - Declarative programming (no need to figure out ordering and orchestration)
919+ - Separation of concern: create many stacks for many apps, and many layers. Ex:
920+ - PC stacks
921+ - Network stacks
922+ - App stacks
923+ - Don’t re-invent the wheel
924+ - Leverage existing templates on the web!
925+ - Leverage the documentation
926+
927+ #### How CloudFormation works
928+ - Templates have to be uploaded in S3 and then referenced in CloudFormation
929+ - To update a template, we can’t edit previous ones. We have to re- upload a new version of the template to AWS
930+ - Stacks are identified by a name
931+ - Deleting a stack deletes every single artifact that was created by
932+ CloudFormation.
933+
934+ #### Deploying CloudFormation templates
935+ - Manual way:
936+ - Editing templates in the CloudFormation Designer
937+ - Using the console to input parameters, etc
938+ - Automated way:
939+ - Editing templates in a YAML file
940+ - Using the AWS CLI (Command Line Interface) to deploy the templates
941+ - Recommended way when you fully want to automate your flow
942+
943+ #### CloudFormation Building Blocks
944+ - Templates components (one course section for each):
945+ 1 . Resources: your AWS resources declared in the template (MANDATORY)
946+ 2 . Parameters: the dynamic inputs for your template
947+ 3 . Mappings: the static variables for your template
948+ 4 . Outputs: References to what has been created
949+ 5 . Conditionals: List of conditions to perform resource creation
950+ 6 . Metadata
951+ - Templates helpers:
952+ 1 . References
953+ 2 . Functions
954+
955+ #### CloudFormation Resources
956+ - Resources are the core of your CloudFormation template (MANDATORY)
957+ - They represent the different AWS Components that will be created and configured
958+ - Resources are declared and can reference each other
959+ - AWS figures out creation, updates and deletes of resources for us
960+ - There are over 224 types of resources (!)
961+ - Resource types identifiers are of the form:
962+ - ` AWS::aws-product-name::data-type-name `
963+ - Resource documentation:
964+ - I can’t teach you all of the 224 resources, but I can teach you how to learn how to use them.
965+ - All the resources can be found here: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
966+ - Example here (for an EC2 instance): http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html
967+ ##### Analysis of CloudFormation Templates
968+ - Going back to the example of the introductory section, let’s learn why it was written this way.
969+ - Relevant documentation can be found here:
970+ - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html
971+ - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html
972+ - http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-eip.html
973+
974+ ##### FAQ for resources
975+ - Can I create a dynamic amount of resources?
976+ - No, you can’t. Everything in the CloudFormation template has to be declared.You can’t perform code generation there
977+ - Is every AWS Service supported?
978+ - Almost. Only a select few niches are not there yet
979+ - You can work around that using AWS Lambda Custom Resources
980+
981+ #### CloudFormation Parameters
982+ - Parameters are a way to provide inputs to your AWS CloudFormation template
983+ - They’re important to know about if:
984+ - You want to reuse your templates across the company
985+ - Some inputs can not be determined ahead of time
986+ - Parameters are extremely powerful, controlled, and can prevent errors from happening in your templates thanks to types.
987+ - AWS offers us pseudo parameters in any CloudFormation template.
988+ - These can be used at any time and are enabled by default
989+
990+ ##### How to reference a parameter
991+ - The ` Fn::Ref ` function can be leveraged to reference parameters
992+ - Parameters can be used anywhere in a template.
993+ - The shorthand for this in YAML is !Ref
994+ - The function can also reference other elements within the template
995+
996+ #### CloudFormation Mappings
997+ - Mappings are fixed variables within your CloudFormation Template.
998+ - They’re very handy to differentiate between different environments (dev vs prod), regions (AWS regions), AMI types, etc
999+ - All the values are hardcoded within the template
1000+ - We use ` Fn::FindInMap ` to return a named value from a specific key
1001+
1002+ #### When would you use Mapping vs. Parameters?
1003+ - Mappings are great when you know in advance all the values that can be taken and that they can be deduced from variables such as
1004+ - Region
1005+ - Availability Zone
1006+ - AWS Account
1007+ - Environment (dev vs prod)
1008+ - Etc...
1009+ - They allow safer control over the template.
1010+ - Use parameters when the values are really user specific
1011+
1012+ #### CF Outputs
1013+ - The Outputs section declares optional outputs values that we can import into other stacks (if you export them first)!
1014+ - You can also view the outputs in the AWS Console or in using the AWS CLI
1015+ - They’re very useful for example if you define a network CloudFormation, and output the variables such as VPC ID and your Subnet IDs
1016+ - It’s the best way to perform some collaboration cross stack, as you let expert handle their own part of the stack
1017+ - You can’t delete a CloudFormation Stack if its outputs are being referenced by another CloudFormation stack
1018+
1019+ ##### Outputs examples
1020+ - Creating a SSH Security Group as part of one template
1021+ - Create an output that references that security group
1022+
1023+ ##### Cross Stack Reference
1024+ - We then create a second template that leverages that security group
1025+ - Use the ` Fn::ImportValue function `
1026+ - You can’t delete the underlying stack until all the references are deleted too.
1027+
1028+ #### CloudFormation Conditions
1029+ - Conditions are used to control the creation of resources or outputs based on a condition.
1030+ - Conditions can be whatever you want them to be, but common ones are:
1031+ - Environment (dev / test / prod)
1032+ - AWS Region
1033+ - Any parameter value
1034+ - Each condition can reference another condition, parameter value or mapping
1035+
1036+ ##### Defining Conditions
1037+ - The logical ID is for you to choose. It’s how you name condition
1038+ - The intrinsic function (logical) can be any of the following:
1039+ - ` Fn::And `
1040+ ` Fn::Equals `
1041+ - ` Fn::If `
1042+ - ` Fn::Not `
1043+ - ` Fn::Or `
1044+ - Conditions can be applied to resources / outputs / etc
1045+
1046+ #### CloudFormation Intrinsic Functions
1047+ - Refs
1048+ - The ` Fn::Ref ` function can be leveraged to reference
1049+ - Parameters => returns the value of the parameter
1050+ - Resources => returns the physical ID of the underlying resource (ex: EC2 ID)
1051+ - The shorthand for this in YAML is ` !Ref `
1052+ - ` Fn::GetAtt `
1053+ - Attributes are attached to any resources you create
1054+ - To know the attributes of your resources, the best place to look at is the documentation.
1055+ - For example: the AZ of an EC2 machine
1056+ - ` Fn::FindInMap `
1057+ - We use ` Fn::FindInMap ` to return a named value from a specific key
1058+ - ` !FindInMap [ MapName, TopLevelKey, SecondLevelKey ] `
1059+ - ` Fn::ImportValue `
1060+ - Import values that are exported in other templates
1061+ - Use the ` Fn::ImportValue ` function
1062+ - ` Fn::Join `
1063+ - Join values with a delimiter
1064+ - ` Fn::Sub `
1065+ - ` Fn::Sub ` , or ` !Sub ` as a shorthand, is used to substitute variables from a text. It’s a very handy function that will allow you to fully customize your templates.
1066+ - For example, you can combine ` Fn::Sub ` with References or AWS Pseudo variables
1067+ - String must contain ${VariableName} and will substitute them
1068+ - Condition Functions (` Fn::If ` , ` Fn::Not ` , ` Fn::Equals ` , etc...)
1069+ - The logical ID is for you to choose. It’s how you name condition
1070+ - The intrinsic function (logical) can be any of the following:
1071+ - ` Fn::And `
1072+ - ` Fn::Equals `
1073+ - ` Fn::If `
1074+ - ` Fn::Not `
1075+ - ` Fn::Or `
1076+
1077+ #### CloudFormation Rollbacks
1078+ - Stack Creation Fails
1079+ - Default: everything rolls back (gets deleted).We can look at the log
1080+ - Option to disable rollback and troubleshoot what happened
1081+ - Stack Update Fails:
1082+ - The stack automatically rolls back to the previous known working state
1083+ - Ability to see in the log what happened and error messages
0 commit comments