1. Home
  2. Training Library
  3. Amazon Web Services
  4. Courses
  5. How to Use CloudFormation for AWS Automation

CloudFormation template configuration wizard

The course is part of these learning paths

DevOps Engineer – Professional Certification Preparation for AWS
course-steps 35 certification 5 lab-steps 18 quiz-steps 2 description 3
SysOps Administrator – Associate Certification Preparation for AWS
course-steps 35 certification 5 lab-steps 30 quiz-steps 4 description 5
AWS Cloud Management Tools
course-steps 5 certification 1 lab-steps 5 quiz-steps 2


Getting Started with CloudFormation
Start course
star star star star star-half


Modern IT infrastructures can be quite complex and are usually built from many distinct components: computing instances, load balancers, storage volumes, CDNs, caching nodes, one or more database clusters, etc. You need to setup each component specifically for the environment that you are using (like production, staging, development, etc.), to keep them updated and to remove or swap components due to software changes. CloudFormation is a great tool that helps system administrators by managing these details automatically.

In this course, CloudAcademy's Senior Devops Engineer, Antonio Angelino, will discuss how AWS CloudFormation works and how you can use it to build scalable infrastructures. AWS CloudFormation allows you to easily create sets of cloud resources such as Amazon EC2 instances, CloudFront distributions, RDS database instances and other services by just writing a template file.

Who should take this course

This course is on the intermediate level, so you should have some experience with AWS and its basic services like EC2, ELB, AutoScaling, and RDS. Also, some knowledge of Highly Availability concepts, the JSON file format, and Wordpress can be helpful to understand the ideas behind the practical part of the course and the template's syntax.

If you need to learn more about the AWS services cited here, please check our collection of AWS courses, in particular the courses about EC2 and RDS. Also, if you want to test your knowledge on the basic topics covered in this course, check out our AWS questions.


During the previous lectures, we analyzed the anatomy of a fully featured CloudFormation template. And now it's time to see how simple and fast it is to set up a complex infrastructure. In order to launch our WordPress cluster, we'll use the AWS Management Console. So let's log in using our AWS credentials.

First of all, we need to create a key pair because it's required during the stack creation. The creation of a key pair is an easy and fast task. We have to open the AWS EC2 Dashboard, click on key pair link, and then click on create key pair button.

You can freely choose the key pair name, but you need to remember it and download the related PEM file.

Now we're ready to create our WordPress stack. So let's open up the CloudFormation Dashboard. You can create a new stack using a template or conversely, you can generate a template file from an existing AWS infrastructure. Click on create new stack, and the first step of the creation wizard will appear. We need to choose the stack name, and to specify the file path of our JSON template. CloudFormation allows you to select one of the available sample templates, to upload your template file from your computer, or use an already uploaded template file. You need to select the WordPress Blog sample template, filed under the highly available Multi AZ templates category, and click the next button. When CloudFormation is finished loading the selected template we have to choose a value for each template parameter. As you can see, the template author specified a default value for all parameters except for key name. We decided to change the default database password and username, and to use the previously created key pair. value for SSH location will be used during the creation of EC2 security group rules, and it will allow us to reach all created EC2 instances from any remote IP address. If you're using a fixed IP address, you can fill this field using it, but remember to properly use the CIDR notation. In it, you'll want to allow the connection only from one specific IP, and the right value will be your ip forward slash 32. By clicking the next button, you'll see the last wizard step with advanced options. CloudFormation can use Amazon Simple Notification Service, Amazon SNS, in order to notify you about stack events during the service creation or deletion. The timeout option allows you to abort the creation process if the stack can't be created before time expires. Roll back on failure specifies whether the stack should be rolled back if stack creation fails. The default, and most meaningful value, is yes. Leave it unmodified. The stack policy field is useful if you want to prevent stack resources from being unintentionally updated or deleted during a stack update.

The stack policy is a JSON document that is quite similar to IAM Policy docs. It is composed by a set of statements with the following attributes, effect, action, principal, and resource. The effect field value can be either allow, or deny. Using action or not action, we can specify all the actions that we want, or don't want to allow or deny. Principal is a mandatory attribute, but it only supports the wildcard. Resource contains the list of all resources to which the statement will be applied. Here you can see an allow all statement. You can decide to set a stack policy, and then edit it when you need to update the stack. Coming back to our focus, we can start the stack creation by clicking next, and then create at the bottom right corner. During the next lecture we'll talk about the creation process.

About the Author


Antonio is an IT Manager and a software and infrastructure Engineer with 15 years of experience in designing, implementing and deploying complex webapps.

He has a deep knowledge of the IEEE Software and Systems Engineering Standards and of several programming languages (Python, PHP, Java, Scala, JS).

Antonio has also been using and designing cloud infrastructures for five years, using both public and private cloud services (Amazon Web Services, Google Cloud Platform, Azure, Openstack and Vmware vSphere).

During his past working experiences, he designed and managed large web clusters, also developing a service orchestrator for providing automatic scaling, self-healing and a Disaster Recovery Strategy.

Antonio is currently the Labs Product Manager and a Senior DevOps Engineer at Cloud Academy; his main goal is providing the best learn-by-doing experience possible taking care of the Cloud Academy Labs platform.