Cloudformation, IAC in AWS : Drift detection and stack
Introduction:
In the ever-evolving landscape of cloud computing, managing infrastructure efficiently is crucial. AWS CloudFormation (CFT) emerges as a powerful tool, streamlining Infrastructure as Code (IaC) principles. In this detailed blog post, we'll unravel the intricacies of AWS CloudFormation, covering its fundamentals, IaC principles, the significance of stacks, template components, and the practical use of drift detection.
1. What is AWS CloudFormation and Why is it Used?
AWS CloudFormation is a service that allows you to define and provision AWS infrastructure as code. In simpler terms, it lets you treat your infrastructure as software, making it easy to create, update, and delete AWS resources in a consistent and automated manner.
Why is it Used?
Automation: CFT automates the provisioning of AWS resources, saving time and reducing manual errors.
Consistency: By defining infrastructure in code, you ensure that environments are consistent, whether you're deploying to development, testing, or production.
Scalability: With CFT, you can easily scale your infrastructure up or down based on your application's needs.
2. Infrastructure as Code (IaC) Principles: Versioned and Declarative
Versioned: In IaC, versioning allows you to track changes over time. AWS CloudFormation templates, written in JSON or YAML, can be stored in version control systems. This ensures that changes are documented, and you can roll back to previous versions if needed.
Declarative: AWS CloudFormation uses a declarative approach, where you describe the desired state of your infrastructure. You specify the resources you need and their configurations, and CloudFormation takes care of the rest. This makes the process more intuitive and less error-prone.
3. The Significance of Stacks
In AWS CloudFormation, a stack is a collection of AWS resources that you can manage as a single unit. Stacks enable you to create, update, and delete a group of resources together, ensuring consistency across your infrastructure. Stacks also provide a way to manage dependencies between resources.
4. Components in CloudFormation Templates
A CloudFormation template consists of several components:
Resources: The AWS resources you want to create and manage, such as EC2 instances or S3 buckets.
Parameters: Input values that you can use to customize your templates, making them flexible and reusable.
Outputs: Values that are returned when the stack is created, allowing you to reference them in other stacks.
Mappings: A way to create a lookup table for your templates.
Conditions: Statements that control whether certain resources are created or how they're configured.
5. Practical Use of Drift Detection
Drift detection in CloudFormation is a powerful tool to identify and visualize differences between the desired template and the actual stack resources. This helps in understanding any configuration changes that might have been made outside of CloudFormation, enabling you to update your templates accordingly.
Let's create a simple AWS CloudFormation template to deploy an S3 bucket. We'll go through each step and explain the code:
Step 1: Define the Structure
AWSTemplateFormatVersion: "2010-09-09"
Description: "Simple CloudFormation Example - S3 Bucket"
- Explanation: This sets the format version and provides a description of the CloudFormation template.
Step 2: Define Parameters
Parameters:
BucketName:
Type: String
Description: "Name of the S3 bucket"
- Explanation: Parameters allow users to input values when deploying the stack. Here, we define a parameter for the S3 bucket name.
Step 3: Define Resources
Resources:
MyS3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref BucketName
- Explanation: In the
Resources
section, we define the AWS resource we want to create. In this case, it's an S3 bucket namedMyS3Bucket
. We use the!Ref
intrinsic function to reference the value of theBucketName
parameter.
Step 4: Define Outputs
Outputs:
BucketName:
Description: "Name of the created S3 bucket"
Value: !Ref MyS3Bucket
- Explanation: Outputs allow you to return values from your stack. Here, we're outputting the name of the created S3 bucket.
Step 5: Add Documentation
# ========================
# AWS CloudFormation Template
# Description: Simple CloudFormation Example - S3 Bucket
# ========================
AWSTemplateFormatVersion: "2010-09-09"
Description: "Simple CloudFormation Example - S3 Bucket"
# ========================
# Parameters
# ========================
Parameters:
BucketName:
Type: String
Description: "Name of the S3 bucket"
# ========================
# Resources
# ========================
Resources:
MyS3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref BucketName
# ========================
# Outputs
# ========================
Outputs:
BucketName:
Description: "Name of the created S3 bucket"
Value: !Ref MyS3Bucket
Explanation: This section provides a comprehensive comment-based documentation for the CloudFormation template, making it easy for others to understand its purpose and usage.
now create the stack manually in aws GUI and attach template to it.
OR
Step 6: Validate and Deploy
Before deploying, validate your template using the AWS CLI:
aws cloudformation validate-template --template-body file://your-template-file.yaml
If validation is successful, deploy your template:
aws cloudformation create-stack --stack-name MyS3BucketStack --template
Conclusion:
AWS CloudFormation simplifies infrastructure management, following IaC principles of versioning and declarative definitions. Stacks provide a cohesive unit for resource management, and templates, comprising resources, parameters, outputs, mappings, and conditions, offer flexibility and consistency. The practical use of drift detection ensures that your infrastructure stays in line with your intended configurations. Embrace AWS CloudFormation for streamlined, automated, and consistent infrastructure provisioning in the cloud.
Subscribe to my newsletter
Read articles from krishnapal rawat directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
krishnapal rawat
krishnapal rawat
Pushing code to its limits, one test at a time - I'm a QA engineer with a passion for coding and testing