AWS CloudFormation : Grasping Parameters and Mappings.

Introduction

When using AWS CloudFormation it is best practice to make reusable, safe, and environment-agonistic templates. Parameters and mappings are taken into consideration here. They improve maintainability and minimise human error while enabling you to create dynamic and adaptable infrastructure as code

Why use Parameters?

In CloudFormation , parameters allow you to pass dynamic values into the template at deployment time . Instead of hardcoding values into your template like availability zones or resource names(e.g., bucket names , AMI IDs), you define them as inputs thus making your template reusable and modular.

Importance of Parameters.

1. Reusability Across Environments and Stacks: The same template can be used across dev, staging, and production by simply changing the input parameters, this helps save time.

2. Error Prevention: Parameters enforce value types and constraints, reducing the chance of misconfiguration.

3. Security: You can mark parameters like passwords or API keys as NoEcho which hides them from logs and outputs.

Pseudo parameters

These are built-in parameters that AWS provide by default . These parameters help you to reference common information about the region , AWS account , stack id among others , without explicitly defining the parameters in your template .

Common Pseudo parameters include :

• AWS::AccountId

• AWS::NotificationARNs

• AWS::StackID

AWS::StackName

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  TheS3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Sub "the-s3-bucket-${AWS::AccountId}-${AWS::Region}"
      Tags:
        - Key: StackName
          Value: !Ref AWS::StackName

• The !Sub function dynamically creates a unique bucket name using AWS::AccountId and AWS::Region .

• The tag indicates which stack created the bucket for easier traceability.

Mappings

In CloudFormation, mappings are static key-value pairs that you define in the template . Mappings allow you to look up corresponding values based on a certain condition - such as environment, instance type or availability zone.

Unlike parameters which are dynamic and provided at time of deployment , mappings are predefined in the template.

Why use mappings?

• Region-specific configuration: Select the configuration such as the AMI for each AWS region.

• Environment-specific values: Define different configuration settings for dev, staging and prod.

• Simplifies logic: Reduces the need for using multiple templates.

Using parameters and mappings in templates.

Let’s look at this example that uses Mappings and Parameters including Pseudo parameters to provision an EC2 Instance.

AWSTemplateFormatVersion: "2010-09-09"
Description: "Launch EC2 instance using Mappings for AMI"

Parameters:
  InstanceType:
    Description: "EC2 instance type"
    Type: String
    Default: t3.micro
    AllowedValues:
      - t2.micro
      - t3.micro
      - t3.small
    ConstraintDescription: "must be a valid EC2 instance type."

Mappings:
  RegionMap:
    us-east-1:
      AMI: "ami-0c65b123cbmafe1f0"
    us-west-1:
      AMI: "ami-0bd987fd91c511305"
    eu-west-1:
      AMI: "ami-047bb4901c123cd98"

Resources:
  MyEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: !Ref InstanceType
      ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", AMI]
      SecurityGroupIds:
        - !Ref MySecurityGroup

  MySecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: "Allow SSH access"
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: "197.156.119.34/32"

Outputs:
  InstanceId:
    Description: "ID of the created EC2 instance"
    Value: !Ref MyEC2Instance

Template explained:

• Parameters:

  • The InstanceType parameter allows users to choose the EC2 instance type when deploying the stack.

  • Provides a default value t3.micro and restricts inputs to specific allowed values for consistency.

  • Enhances reusability as the same template can be used to create multiple instances with different instance types.

• Mappings:

  • Defines a mapping between AWS regions and AMI IDs.

  • Useful for region-specific resources (i.e., AMIs differ by region).

• EC2 Instance:

  • Launches a t3.micro EC2 instance.

  • Uses !FindInMap to select the AMI based on the region where the stack is deployed.

  • !Ref AWS::Region dynamically retrieves the deployment region.

• Security Group:

  • Allows SSH (port 22) access from IP (197.156.119.34/32).

• Outputs:

  • Returns the instance ID of the created EC2 for use in other stacks or tracking.

Best Practices for Parameters & Mappings

1. Use Descriptive Names: Clearly name your parameters and use descriptions .

2. Secure Sensitive Parameters:

   • Use NoEcho: true for secrets like database passwords.

3. Constraints definition:

   • Use AllowedValues or AllowedPattern to restrict parameter inputs.

   • This helps to avoid unrecognised misconfigurations and values .

4. Combine with Mappings:

   • Use mappings with parameters or pseudo parameters to reduce complexity of the logic.

5. Avoid Hardcoding values into your templates.

Conclusion

Building reliable, environment-agonistic infrastructure as code is made possible by AWS CloudFormation's Parameters and Mappings. With proper use, you can minimise duplication , enhance security , encourage template reusability and ensure consistent deployments across various environments .

By mastering these concepts and leveraging pseudo parameters for dynamic referencing , you'll be on track to become a CloudFormation Ninja .

Subscribe to the Cool Tech Blog to get the latest updates and tutorials delivered straight to your inbox. Don’t miss out on tips that will make you a Devops and Cloud Ninja.