What is AWS CloudFormation?


Amazon CloudWatch
Anomaly Detection
PREVIEW14m 35s
AWS Logging
VPC Flow Logs
What is AWS CloudFormation?
1h 11m

This course provides detail on the AWS Management & Governance services relevant to the Developer - Associate exam.

Want more? Try a lab playground or do a Lab Challenge!

Learning Objectives

  • Get a high-level understanding of Amazon CloudWatch
  • Learn about the features and use cases of the service
  • Create your own CloudWatch dashboard to monitor the items that are important to you
  • Understand how CloudWatch dashboards can be shared across accounts
  • Understand the cost structure of CloudWatch dashboards and the limitations of the service
  • Review how monitored metrics go into an ALARM state
  • Learn about the challenges of creating CloudWatch Alarms and the benefits of using machine learning in alarm management
  • Know how to create a CloudWatch Alarm using Anomaly Detection
  • Learn what types of metrics are suitable for use with Anomaly Detection
  • Create your own CloudWatch log subscription
  • Explain what AWS CloudFormation is and what it’s used for
  • Determine the benefits of AWS CloudFormation
  • Understand what each of the core components are and what they are used for
  • Create a CloudFormation Stack using an existing AWS template
  • Learn what VPC flow logs are and what they are used for

Hello and welcome to this lecture where I am going to introduce you to the AWS CloudFormation Service and some of the concepts of this service. When you first start using AWS and begin getting to grips with some of the core services and features such as VPC's, EC2's, RDS, auto-scaling, and elastic load balancing for example. Then it is likely that you would have used specific dashboards within the management dashboard to configure them. The dashboards within the management console allow you to set up and configure the associated resources that you are interested in. Now, the configuration process generally consists of a number of steps where you are required to select different parameters. For example, when creating an EC2 instance you'll be asked to select your AMI, the EC2 instance type, the type of storage and security groups etc. So when you start to create environments within AWS, for example you may create a Virtual Private Cloud with various subnets both private and public with Network Access Control Lists for security. And then on top of this you might deploy EC2 Instances, for example, web service in the public subnet and application service in your private subnet. And these in turn might connect to a RDS or DynamoDB Database which would also need to be configured and provisioned. You'll also want to introduce autoscaling and elastic load balancers for higher variability. And this is great but what if you didn't need to go through the process of configuring each and every resource through the management console selecting the appropriate parameters every time? Or even creating the same resources via the AWS CLI? Wouldn't it be great if you created a script that created your entire environment for you? From the VPC to the Elastic Load Balancer's and on top of that compiled the environment in such a way that you didn't need to worry about dependencies as you would creating each individual resource? For example, you would normally have to configure your subnets after creating your VPC. Now, by using AWS CloudFormation you can provision all of your infrastructure resources that you require via a simple template in a YAML or JSON format. 

CloudFormation performs these actions securely and across multiple regions and accounts if configured to do so. The template will describe all of your resources that you need, and their configurations without having to worry about service dependency. AWS CloudFormation will handle the order of deployment for you. You might be thinking If I have to describe and enter all of the configuration of my resources into a text file what true benefit does AWS Cloudformation have by doing it this way? Lets take a look at a few examples of where CloudFormation is extremely useful to you within your environment. 

Security: As I explained previously your AWS resources can be provisioned and be deployed by configuring each service and component manually through a series of configurable screens. When carrying out these configurations once, five times, ten, or even twenty times the fact of human error will eventually come into play. And a mistake will be made that could lead to the resulting solution being compromised or vulnerable in some way. With AWS CloudFormation these repeatable steps can be tested, controlled, and rolled back should any issue arise. Once a template is considered error-free, the same resources can be deployed hundreds or even thousands of times without risk of errors. 

Infrastructure Replication: AWS CloudFormation is a great tool to allow you to quickly and easily replicate your infrastructure within your AWS account. For example, lets say that you have deployed your application across a single region. Over time, the criticality of the application has increased, and you now need to deploy the same level of infrastructure and resources across multiple regions. With CloudFormation, this is easy with the use of deploying the same template in the other regions required. The alternative, would be to manually identify and understand all resources within the solution and then manually deploy them in the alternative region. Even then, it is likely that you would have missed some configuration. Having a template to deploy your resources enables the template to become the source of truth for your solution. 

Simply Code: As the entire infrastructure is deployed via a scripted code It may make it easy for other members of your team or outside of the team to review and verify your code to ensure that it's correct before deployment. Each author of the code can use their own code editor to construct the environment and implement a method of version control to help determine the latest templates in production. This will also help you to roll back to a previous version if required. 

Notification and Automation: As AWS CloudFormation integrates with other management and automation serves it is easy to configure CloudFormation to notify you of the status of deployments through its integration with SNS . This could then provide you and your team the status of changes being made in CloudFormation. These SNS messages could also trigger an AWS Lambda function if you needed to bring another level of automation into your pipeline. 

Sample Templates: AWS CloudFormation offers a number of sample templates to get you started off. Lets look at some common deployment options to save you having to create them from scratch yourself as a learning development tool. You can take a look and download these templates here. The template for the London Region alone contains sixty-three different templates. An example of some of these can be seen on screen. 

That now brings me to the end of this lecture. Coming up next, I shall be looking at some of the components that make up this service and what they are used for.

About the Author

William Meadows is a passionately curious human currently living in the Bay Area in California. His career has included working with lasers, teaching teenagers how to code, and creating classes about cloud technology that are taught all over the world. His dedication to completing goals and helping others is what brings meaning to his life. In his free time, he enjoys reading Reddit, playing video games, and writing books.