Day 88 of 90 Days of DevOps Challenge: Exploring AWS CloudFormation

Vaishnavi DVaishnavi D
4 min read

Yesterday, I explored Amazon ECS and EKS, two powerful container orchestration services. While both help in running containers at scale, I learned that ECS offers simplicity and deeper AWS integration, while EKS provides Kubernetes portability and flexibility.

Today, on Day 88, I’m diving into AWS CloudFormation, the Infrastructure as Code (IaC) service that allows us to model, provision, and manage AWS resources in an automated and consistent way.

What is AWS CloudFormation?

CloudFormation is AWS’s Infrastructure as Code (IaC) tool that lets you describe your cloud infrastructure in a template (written in JSON or YAML). Instead of manually creating resources from the AWS Console, you define them in a template, and CloudFormation takes care of provisioning, updating, and deleting resources in the correct order.

Think of it as a blueprint for your cloud environment.

For example:

  • You can describe a VPC, EC2 instances, security groups, S3 buckets, and IAM roles in a single YAML file.

  • With one command, CloudFormation provisions everything automatically, ensuring dependencies (like creating a VPC before launching an EC2) are respected.

Why Do We Need CloudFormation?

In modern DevOps, manual resource creation doesn’t scale. Imagine building a production environment with 200+ resources across multiple accounts. Manually clicking in the AWS Console is error-prone and inconsistent.

CloudFormation solves this by:

  • Consistency → The same template can be deployed across multiple environments (Dev, Staging, Prod) without drift.

  • Automation → No manual steps; one template = full environment setup.

  • Repeatability → You can redeploy the same infrastructure anytime.

  • Auditability → Templates can be version-controlled in Git, making every change traceable.

Key Features of AWS CloudFormation

  • Templates in JSON/YAML → Infrastructure as readable code.

  • Stacks → A stack is a collection of resources created and managed together.

  • Change Sets → Preview changes before applying them.

  • Drift Detection → Identify if resources were changed outside CloudFormation.

  • Integration → Works seamlessly with IAM, CloudWatch, CodePipeline, and third-party tools.

  • Rollback on Failure → If something goes wrong, CloudFormation reverts back automatically.

How Does CloudFormation Work?

  1. Write Template → Define resources (e.g., EC2, RDS, S3) in YAML/JSON.

  2. Upload Template → Provide it via AWS Console, CLI, or S3.

  3. Create Stack → CloudFormation provisions resources in the right order.

  4. Update Stack → Modify the template, apply changes via Change Sets.

  5. Delete Stack → Removes all resources defined in the stack.

In short: Template → Stack → Resources.

Best Practices for Using CloudFormation

While CloudFormation makes infrastructure automation much easier, following best practices ensures you get the most out of it:

  • Break down large templates into Nested Stacks → This keeps templates clean, modular, and easier to maintain.

  • Use Parameters & Mappings → Helps you reuse the same template across different environments (dev, test, prod).

  • Integrate with Git & CI/CD Pipelines → Storing templates in version control (GitHub, GitLab, CodeCommit) and automating deployments with pipelines (CodePipeline, Jenkins, GitHub Actions) ensures consistency and faster delivery.

  • Always test with Change Sets → Before applying updates, use Change Sets to preview changes and avoid surprises in production.

  • Enable Drift Detection regularly → Ensures your deployed infrastructure still matches the template.

Limitations of CloudFormation

  • Learning Curve → Writing templates in YAML/JSON can be overwhelming initially.

  • Debugging Failures → Error messages can sometimes be vague, requiring detailed investigation.

  • Slow Deployments → For very large stacks, provisioning/updating can take time.

  • AWS-Locked → Unlike Terraform, CloudFormation is AWS-only.

Real-Life Example

Imagine a fintech startup setting up multiple environments (Dev, Staging, Production). Instead of manually creating VPCs, EC2s, RDS databases, and IAM roles in each environment, they define everything in a single CloudFormation template.

  • Developers spin up their own environments using the same template.

  • QA uses the same stack for testing.

  • Production is identical to staging, reducing errors.

This ensures consistency, automation, and reliability across teams.

Alternatives to CloudFormation

While CloudFormation is powerful, there are other IaC tools worth knowing:

  • Terraform → Multi-cloud, HCL language, widely used in DevOps.

  • Pulumi → Supports multiple programming languages (Python, TypeScript, Go).

  • AWS CDK (Cloud Development Kit) → Lets you define infrastructure in actual code (Python, TypeScript, Java, etc.), which gets converted into CloudFormation templates.

Final Thoughts

AWS CloudFormation is more than just a tool; it’s the foundation for Infrastructure as Code within AWS. It ensures automation, consistency, and reliability when managing complex environments. While it has limitations (like being AWS-only), it integrates deeply with the AWS ecosystem, making it ideal for teams fully invested in AWS.

For DevOps engineers, mastering CloudFormation means you can deploy entire environments with one command and manage them like code. That’s a skill every modern engineer should have.

0
Subscribe to my newsletter

Read articles from Vaishnavi D directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Devops#90daysofdevops#90daysofdevops chanllengeAWScloudformationzerotoroot

Written by

Vaishnavi D
Vaishnavi D