AWS CloudFormation Operations
The course is part of this learning path
This section of the SysOps Administrator - Associate learning path introduces you to automation and optimization services relevant to the SOA-C02 exam. We will understand the service options available and learn how to apply these designs and solutions to meet specific design scenarios relevant to the exam.
- Understand how to decouple architecture using Amazon Simple Notification Service and the Simple Queue Service
- Learn how AWS CloudFormation can be used to optimize and speed up your deployments using infrastructure as Code (IaC)
Hello and welcome to this lecture where I am going to introduce you to the AWS CloudFormation Service and some of the concepts of this service. When you first start using AWS and begin getting to grips with some of the core services and features such as VPC's, EC2's, RDS, auto-scaling, and elastic load balancing for example. Then it is likely that you would have used specific dashboards within the management dashboard to configure them. The dashboards within the management console allow you to set up and configure the associated resources that you are interested in. Now, the configuration process generally consists of a number of steps where you are required to select different parameters. For example, when creating an EC2 instance you'll be asked to select your AMI, the EC2 instance type, the type of storage and security groups etc. So when you start to create environments within AWS, for example you may create a Virtual Private Cloud with various subnets both private and public with Network Access Control Lists for security. And then on top of this you might deploy EC2 Instances, for example, web service in the public subnet and application service in your private subnet. And these in turn might connect to a RDS or DynamoDB Database which would also need to be configured and provisioned. You'll also want to introduce autoscaling and elastic load balancers for higher variability. And this is great but what if you didn't need to go through the process of configuring each and every resource through the management console selecting the appropriate parameters every time? Or even creating the same resources via the AWS CLI? Wouldn't it be great if you created a script that created your entire environment for you? From the VPC to the Elastic Load Balancer's and on top of that compiled the environment in such a way that you didn't need to worry about dependencies as you would creating each individual resource? For example, you would normally have to configure your subnets after creating your VPC. Now, by using AWS CloudFormation you can provision all of your infrastructure resources that you require via a simple template in a YAML or JSON format.
CloudFormation performs these actions securely and across multiple regions and accounts if configured to do so. The template will describe all of your resources that you need, and their configurations without having to worry about service dependency. AWS CloudFormation will handle the order of deployment for you. You might be thinking If I have to describe and enter all of the configuration of my resources into a text file what true benefit does AWS Cloudformation have by doing it this way? Lets take a look at a few examples of where CloudFormation is extremely useful to you within your environment.
Security: As I explained previously your AWS resources can be provisioned and be deployed by configuring each service and component manually through a series of configurable screens. When carrying out these configurations once, five times, ten, or even twenty times the fact of human error will eventually come into play. And a mistake will be made that could lead to the resulting solution being compromised or vulnerable in some way. With AWS CloudFormation these repeatable steps can be tested, controlled, and rolled back should any issue arise. Once a template is considered error-free, the same resources can be deployed hundreds or even thousands of times without risk of errors.
Infrastructure Replication: AWS CloudFormation is a great tool to allow you to quickly and easily replicate your infrastructure within your AWS account. For example, lets say that you have deployed your application across a single region. Over time, the criticality of the application has increased, and you now need to deploy the same level of infrastructure and resources across multiple regions. With CloudFormation, this is easy with the use of deploying the same template in the other regions required. The alternative, would be to manually identify and understand all resources within the solution and then manually deploy them in the alternative region. Even then, it is likely that you would have missed some configuration. Having a template to deploy your resources enables the template to become the source of truth for your solution.
Simply Code: As the entire infrastructure is deployed via a scripted code It may make it easy for other members of your team or outside of the team to review and verify your code to ensure that it's correct before deployment. Each author of the code can use their own code editor to construct the environment and implement a method of version control to help determine the latest templates in production. This will also help you to roll back to a previous version if required.
Notification and Automation: As AWS CloudFormation integrates with other management and automation serves it is easy to configure CloudFormation to notify you of the status of deployments through its integration with SNS . This could then provide you and your team the status of changes being made in CloudFormation. These SNS messages could also trigger an AWS Lambda function if you needed to bring another level of automation into your pipeline.
Sample Templates: AWS CloudFormation offers a number of sample templates to get you started off. Lets look at some common deployment options to save you having to create them from scratch yourself as a learning development tool. You can take a look and download these templates here. The template for the London Region alone contains sixty-three different templates. An example of some of these can be seen on screen.
That now brings me to the end of this lecture. Coming up next, I shall be looking at some of the components that make up this service and what they are used for.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.