First steps with CloudFormation

There are different ways to create resources in AWS, you can create a Bucket S3, SQS, RDS and among many other resources manually. But to deal with infrastructure and its management, creating resources manually becomes unsustainable.

Another way is using IaC tools - Infrastructure as code that allows you to create, manage and provision resources in the cloud with less effort. At AWS we can use CloudFormation to help us create the resources you want to use.

How it works?

Starting from a template in JSON or YAML format and then uploading this file to CloudFormation on AWS. Very simple.

To better understand this process, let's create an S3 Bucket and an SQS queue through CloudFormation, following what was described earlier, using a template.

There are two ways to create a template, you can use a JSON or YAML file. In this example we will use a template in YAML format.

Creating S3 Bucket template

Resources:
  S3Bucket:
    Type: 'AWS::S3::Bucket'
    DeletionPolicy: Retain
    Properties:
      BucketName: blog.data
      AccessControl: Private
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: "AES256"

For the template above, we used some essential parameters for creating the Bucket, the complete list can be consulted in the AWS documentation.

Next, let's briefly understand what each parameter means:

• S3Bucket: is an identifier given to the resource, always create an identifier that makes sense to its context

• Type: resource type

• DeletionPolicy:

  • There are three options:

    • Delete: If the CloudFormation stack is deleted, all related resources will be deleted. Be very careful and understand the risks before using this option.

    • Retain: Using this option, you guarantee that when deleting a stack, the related resources will be kept.

    • Snapshot: Option used for resources that support snapshots, for example:

      • AWS::EC2::Volume

      • AWS::ElastiCache::CacheCluster

      • AWS::ElastiCache::ReplicationGroup

      • AWS::Neptune::DBCluster

      • AWS::RDS::DBCluster

      • AWS::RDS::DBInstance

      • AWS::Redshift::Cluster

• In the Properties, we define the characteristics of the Bucket:

  • BucketName: Bucket name. Remembering that the bucket name must be unique and must follow some name standards according to the documentation

  • AccessControl: It's the access control to the Bucket, there are different access options, as follows:

    • Private

    • PublicRead

    • PublicReadWrite

    • AuthenticatedRead

    • LogDeliveryWrite

    • BucketOwnerRead

    • BucketOwnerFullControl

    • AwsExecRead

  • BucketEncryption: These are the encryption settings of Bucket objects, in this case we use the AES256 algorithm.

Uploading and creating the resource

1. In the AWS console, go to CloudFormation

2. Click the Create Stack button

3. Select as prerequisite Template is ready

4. In the Specify template section, select Upload a template file, select the created file by clicking on Choose file and finally click on the Next button. A new page will open for filling in the name of the stack.

5. Click Next and do the same for the next pages.

6. Finally, the resource will be created. This may take a few minutes depending on the feature.

Notice that two buckets were created:

• blog.data: Created via CloudFormation

• cf-templates-1nwl4b3ve439n-us-east-1: Bucket created automatically when uploading the file at the beginning of the process.

Creating SQS template

Resources:
  SQS:
    Type: 'AWS::SQS::Queue'
    Properties:
      QueueName: sqs-blog.fifo
      ContentBasedDeduplication: true
      DelaySeconds: 120
      FifoQueue: true
      MessageRetentionPeriod: 3600

Understanding the template:

• SQS: resource identifier

• Type: resource type

• QueueName: SQS queue name. An important detail is the .fifo suffix, necessary if the queue is of the Fifo type.

• ContentBasedDeduplication: Ensures non-duplication of messages, works only for Fifo-type queues.

• DelaySeconds: Delay time for each message (in seconds).

• FifoQueue: How the queue manages the arrival and departure of messages (First-in - First-out).

• MessageRetentionPeriod: period time messages that will be held in the queue (in seconds)

SQS queue created

Conclusion

CloudFormation is an AWS exclusive tool for resource creation, i.e. if your architecture is built or maintained based on the AWS cloud, CloudFormation is a great choice. If you need to maintain flexibility between clouds, such as the ability to use Google Cloud, Terraform may be a better option as an IaC tool.

Well that’s it, I hope you enjoyed it!