How To Use AWS CloudFormation?

AWS CloudFormation

  • Infrastructure as code (IaC) in AWS
  • Portability of stacks across multiple accounts and regions
  • Backbone of the Elastic Beanstalk service
  • Backbone of the Service Catalog service
  • Backbone of the SAM (Serverless Application Model) framework
  • Must-know service as a developer / sysops / devops

CloudFormation & Auto Scaling Group (ASG)

  • CloudFormation manages the ASG, not the underlying EC2
  • You can define “success conditions” for the launch of your EC2 instances using a CreationPolicy
  • You can define “update strategies” for the update of your EC2 instances using an UpdatePolicy
  • To update the underlying EC2 in an ASG, you have to create a new launch configuration / launch template & use an UpdatePolicy

Retaining Data on Deletes

  • You can put a DeletionPolicy on any resource to control what happens when the CloudFormation template is deleted
  • DeletionPolicy=Retain:
  • Specify on resources to preserve / backup in case of CloudFormation deletes
  • To keep a resource, specify Retain (works for any resource / nested stack)
  • DeletionPolicy=Snapshot:
  • EBS Volume, ElastiCache Cluster, ElastiCache ReplicationGroup
  • RDS DBInstance, RDS DBCluster, Redshift Cluster
  • DeletePolicy=Delete (default behavior):
  • Note: for AWS::RDS::DBCluster resources, the default policy is Snapshot
  • Note: to delete an S3 bucket, you need to first empty the bucket of its content

CloudFormation and Identity and Access Management (IAM)

When deploying a CloudFormation stack:

  1. It uses the permissions of our own IAM principal
  2. Or assign an IAM role to the stack that can perform the actions
    • If you create IAM resources, you need to explicitly provide a “capability” to CloudFormation CAPABILITY_IAM and CAPABILITY_NAMED_IAM

CloudFormation Custom Resources (Lambda)


• You can define a Custom Resource in CloudFormation to address any of these use cases:
• An AWS resource is not yet supported
(new service for example)
• An On-Premise resource
• Emptying an S3 bucket before being deleted
• Fetch an AMI id
• Anything you want…!

CloudFormation – Cross vs Nested Stacks

Cross Stacks

  • Helpful when stacks have different lifecycles
  • Use Outputs Export and Fn::ImportValue
  • When you need to pass export values to many stacks (VPC Id, etc…)

Nested Stacks

  • Helpful when components must be re-used
  • Ex: re-use how to properly configure an Application Load Balancer
  • The nested stack only is important to the higher level stack (it’s not shared)

CloudFormation – Others Concepts

  • CloudFormer: Create an AWS CloudFormation template from existing AWS resources
  • ChangeSets: Generate & Preview the CloudFormation changes before they get applied
  • StackSets: Deploy a CloudFormation stack across multiple accounts and regions
  • Stack Policies: Prevent accidental updates / deletes to stack resources


Marek, S. (2020). Ultimate AWS Certified Solutions Architect Professional 2020. Udemy.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s