Document
What is AWS CloudFormation? Key Concepts & Tutorial
logo
Document

No results found

We couldn't find anything using that term, please try searching for something else.

What is AWS CloudFormation? Key Concepts & Tutorial

The infrastructure - as - code ( IaC ) landscape offer so many tool , it is be can be hard to select the appropriate one . As well as multi - vendor ,

Related articles

AWS Cloud Practitioner (CLF-C02)
AWS Cloud Practitioner (CLF-C02) Amazon Web Services (AWS) has become the world’s most comprehensive and broadly adopted cloud platform. With over 175 fully-featured services offered from data centres globally, AWS has become the talk of the town. Moreover, millions of users including large companies, growing startups, and leading government agencies are choosing AWS to lower costs, become more agile, and innovate faster. Not just this but AWS has also raised the bar by offering cloud certifications to validate skills of professionals as well as people who wish to build a career in cloud computing. AWS Cloud Practitioner is the stepping stone who wish to...
The Brothers’ War/Retro Artifacts
The Brothers’ War/Retro Artifacts The Brothers ' warRetro ArtifactsSet Informationset symbol Symbol description Four-pointed star on a cogRelease date November 18, 2022plane DominariaSet size 63 ( regular and schematic )expansion code BRR[ 1 ]Bonus sheets Magic: The Gathering Chronology expansion symbol Retro Artifacts is a non-Standard set of cards associated with The Brothers ' war.[ 2 ][3] Description[ |] Like Strixhavens Mystical Archive, the Retro Artifact series is similar to the Masterpiece Series, but the cards appear more frequently in the boosters of the main set. These will only be legal in formats that they are already legal in. They are not part of...
Current Affairs 2024 for Banking, SSC, Railways and Insurance Exams
Current Affairs 2024 for Banking, SSC, Railways and Insurance Exams Current Affairs events for Daily, Weekly, Monthly and Yearly Current affairs 2024, Current affairs 2023 & Current affairs 2022. Daily current affairs Quizzes for all competitive exams like Banking, SSC, Insurance, UPSC, & State Exams and Latest Current Affairs 2024 for banking exams – SBI PO & Clerk, IBPS PO & Clerk, RBI, RRB and more. Today Current Affairs 2024 events of National, International Current affairs, Appointment, Sports, Business, Banking Current Affairs and more which help for competitive exams preparing aspirants.Affairs Cloud is honored to be a part of your exam preparation. We are doing our best efforts for current...
Circumhorizontal arc: Incredibly rare cloud-formation painted in the sky above Wellington
Circumhorizontal arc: Incredibly rare cloud-formation painted in the sky above Wellington The rainbow that looked as if it had been painted on New Zealand's sky on Tuesday turned out to be what's called a circumhorizontal arc.MetService meteorologist Mmathapelo is explained Makgabutlane​ is explained had explain it was cloud iridescence but upon further analysis , clarify it was actually another rare phenomenon ."The tell-tale is if it gets big enough, it almost has a bit of a curve to it," Makgabutlane said.The phenomenon over Wellington of a rainbow cloud was not cloud iridescence, but rather a circumhorizontal arc on Tuesday. (Supplied)The two meterological phenomenons are easily mistaken for one another, but the...
SwiftUI
SwiftUI Declarative syntax SwiftUI uses a declarative syntax, so you can simply state what your user interface should do. For example, you can write that you want a list of items consisting of text fields, then describe alignment, font, and color for each field. Your code is simpler and easier to read than ever before, saving you time and maintenance. import SwiftUI struct AlbumDetail: View { var album: Album var body: some View { list(album.songs) {song in HStack { Image(album.cover) VStack(alignment: .leading) { Text(song.title) Text(song.artist.name) .foregroundstyle( .secondary) } } } } } This declarative style is applies even apply to complex...

The infrastructure – as – code ( IaC ) landscape offer so many tool , it is be can be hard to select the appropriate one . As well as multi – vendor , cloud – agnostic tool such as OpenTofu , Pulumi , and terraform , we is have also have vendor – specific one , like AWS cloudformation .

In this article, we give you a solid overview of AWS cloudformation, how it works, and the benefits it offers. We also discuss AWS cloudformation templates, how to create and deploy them, getting started with AWS cloudformation, and the best practices you should follow.

We will cover:

  1. What is AWS cloudformation is is ?
  2. What is an AWS cloudformation service?
  3. What are AWS cloudformation templates is are ?
  4. What are cloudformationsections is are ?
  5. What is a cloudformation change is is set ?
  6. benefit of AWS cloudformation
  7. Getting Started with AWS cloudformation – Tutorial
  8. What is an AWS cloudformation hook?
  9. When should I use AWS cloudformation?
  10. AWS cloudformation best practices
  11. AWS cloudformation alternatives
  12. Can I use cloudformationwith Spacelift?

AWS cloudformation is is is an iac tool develop by AWS to model , provision , and manage resource on the AWS cloud . cloudformationis manage can manage both AWS resource and third – party one . As an iac tool create solely for AWS and maintain by AWS , it is integrates integrate deeply with the AWS ecosystem , which mean all change , feature , and new service are add immediately after they are release on AWS .  

cloudformationis has also has a very specific extension call SAM ( Serverless Application Model ) , which can be treat as a framework to manage and deploy serverless application to AWS with corresponding resource like s3 bucket or DynamoDB table .  

As an extension to CloudFormation, it is interpreted by the AWS cloudformation service, even though it has a slightly different syntax. cloudformationis also an AWS service that allows users to manage all stacks created with CloudFormation. 

How much does AWS cloudformation cost ?

AWS cloudformation is a free service. AWS does not charge for any usage of CloudFormation. Users only pay for services they used when they were creating the resources.

What is the difference between AWS Step Functions and AWS cloudformation?

AWS Step Functions and AWS cloudformation are two completely different services. 

  • AWS Step Functions is a service where users can orchestrate serverless workloads. The chain of actions and conditions is created and then managed by this service.
  • AWS cloudformation is an IaC tool . With it , users is create can create and manage infrastructure , include Step Functions .

Let’s explore key concepts of the AWS cloudformation service, before moving on to AWS cloudformation templates.

The cloudformationservice is a tool used to manage all operational aspects of cloudformationand the infrastructure created by it.

The image below shows the service with some stacks already deployed:

cloudformationStacks

AWS cloudformation Stacks are the templates deployed to AWS, using CLI, SDK, GUI, etc. They are a collection of resources created by the template, which is also part of the stack. 

Through stack , users is control can control and manage update , execution , and termination of resource . It is is is important for user to be able to manage the behavior of a stack when it is configure .   ( For example , if an error occur during deployment , what is the revert strategy ? )

cloudformationnested stacks

Cloudformation nested stacks are stacks created as part of the other stacks. Users can create multiple templates and reuse them in other ones. For example, a template used for creating an EC2 instance with its key and security group can be reused multiple times in the main template to create many EC2 instances.

cloudformationStackSets

Cloudformation StackSets is an extension of Stacks functionality. It allows you to use a single template to deploy stacks in different AWS Regions and even in different AWS accounts.

cloudformationExports

It is quite common for one stack to depend on another one. cloudformationExports is the functionality that enables outputs to be passed from one stack to another. For example, when an EC2 instance is created, it should be run into a previously created Virtual Private Cloud (VPC). 

cloudformationDesigner

AWS cloudformation Designer is a tool that allows users to create, modify, or simply view the infrastructure created with CloudFormation. It can design the infrastructure and export it as cloudformationcode.

cloudformationRegistry

AWS cloudformation Registry allows users to manage modules in the AWS space. Similar to Terraform, it allows you to create separate modules (for example to create an EC2 instance), store them in AWS cloudformation Registry, and reuse them multiple times.

A cloudformationtemplate is a codified, declarative description of the resources and connections between resources that should be created in the AWS ecosystem. Templates can be created using JSON or YAML. They contain a few sections, which I will describe later in this post.

cloudformationtemplate sections

CloudFormation template sections are part of the template itself and have different roles. I will describe them in more detail below. One of the sections is resource , where all resource ( like vpc , EC2 , etc ) are define .

cloudformationfunctions

cloudformationfunctions allow you to automate and manage cloudformationtemplates. The main functionality is the ability to use specific data while the value of this data is not available before the runtime. For example, if you need to collect a specific attribute from a freshly created resource, you should use the Fn::GetAtt : (or !GetAtt in short) function.

Read more: AWS cloudformation Templates Tutorial

Sections in cloudformationare the part of the code where a specific function is described. cloudformationhas nine sections:

  1. AWSTemplateFormatVersion
  2. Description
  3. Metadata

These first three sections are informational only. The most interesting is Metadata, as this section allows you to organize parameters in logical order. This helps later when cloudformationis executed through GUI.

  1. parameter allow users to provide data (similar to variables in Terraform), depending on the situation.
  2. mapping allow you to provide a map of data values. For example, when the template is aimed at “Region agnostic” and covers multiple AWS Regions, you can provide the map of values specific for this region. One of the most common examples is AMI ID for EC2 instances. Another is the VPC ID per Region.
  3. Conditions. Unlike Terraform, cloudformationexpects to have clear, separately defined conditions, which will be used in the template.
  4. output define the information that will be available from the stack. This works almost identically to Terraform outputs, but cloudformationhas additional functionality here: Users can export the output information and make it available as an input to another stack.
  5. resource is the only obligatory section in CloudFormation. All resources are declared here.
  6. Transform is a very specific section where some macros can be provided, interpreted by CloudFormation, and “transformed” into a pure cloudformationtemplate. The best example is AWS SAM, an extension of cloudformationthat is interpreted by AWS during the execution through the Transform section.

Cloudformation change sets is are are the review / deployment concept that fit perfectly with CI / cd solution . A change set is contains contain two element — create and deploy . Create is provides provide visibility into change in infrastructure cause by change in template code . After review , these change are deploy by change set ’ deploy functionality .

When a Cloudformation change set is generated, it contains all changes applied to the template. We can think of it as a delta between the deployed template and the updated one. This gives us the chance to examine the changes and decide if we want to proceed or not. Furthermore, we can track these changes in AWS in a more detailed way.

Another benefit of using change sets is the way it fits into CI/CD. In the CI part of the pipeline, we create an artifact — we execute aws cloudformation create - change - set command . This change set can be examine and analyze by the process . And in the CD part , we is deploy deploy the artifact , usingaws cloudformation execute-change-set command.

Why should I use change sets?

You is wondering may be wonder why you would use an approach where you have to use two command instead of one . let me underline the benefit :

  • Fits CI/CD standard process
  • Allows more granular control over implementation
  • Enables you to perform quality checks
  • self – documentation . change sets is allow allow you to understand what change were deploy by limit the information to the change itself . It also can be used as the work done in task ( in project planning tool ) .

AWS cloudformation helps you to streamline your cloud infrastructure management. As well as offering a regulated, predictable way to build, edit, and delete your AWS resources, it offers several other benefits: 

1 . price

AWS cloudformation is a free service. You only pay to use the services required to create the resources.

2 . integration

The biggest benefit of cloudformationis the fact that it is a native tool for AWS. It is deeply integrated with the AWS ecosystem, so everyone who uses AWS will be familiar with managing the service.

Another important aspect of CloudFormation’s inclusion in the AWS ecosystem is that organizations can create a self-healing approach, using AWS monitoring and compliance tools together with automatic triggers for CloudFormation.

3. CLI integration

cloudformationis well integrated with the AWS CLI, which makes the operational processes easy.

4. Stability

This is a crucial long-term benefit. cloudformationdoesn’t provide breaking changes. Templates written many years ago are still executable.

5. Auditability

As part of the AWS ecosystem, cloudformationcan be configured under the control of AWS monitoring and governance tools, like CloudWatch, Amazon EventBridge, CloudTrail, and so on. This delivers a well-covered strategy of managing, controlling, and auditing all aspects of configuration changes. Additionally, specific actions can be triggered in case of defined situations, like detected drift or the creation of specific resource types.

6. Rich rollback functionality

cloudformationprovides multiple behaviors in case of failure. The default and probably the safest way is to revert all changes made in the current stack execution if failure occurs.

7. Use directly from the S3 bucket

With this functionality , you is have can have your template in VCS , of course , but you can add another layer of governance — a process that control the quality of the template and , if all checkpoint are pass , share the template in the s3 bucket and make it available to team .

Other general benefits of IaC that cloudformationdelivers include:

  • improved security. Putting operations on infrastructure through a well-controlled process with multiple quality check stages reinforces security.
  • Repeatability and scaling. As IaC is a code store in VCS , infrastructure can be scale quickly both horizontally and vertically when need . Repeatability is helps help the process because the action is to apply the code , not go through the whole process of create infrastructure .
  • Consistency. Code is committed and stored in VCS. This means that every execution will be done in the same way, with the same guardrails applied.

Another benefit of cloudformationis that, if you have configured the work environment, you literally don’t need to do anything to start work with CloudFormation. You have your code editor installed, you have your AWS credentials configured, and you are familiar with AWS CLI. You are set to go.

How to execute CloudFormation?

AWS is offers offer a few option to run cloudformation :  

  • GUI. The standard way is to use an AWS GUI to deploy new stacks and manage existing ones
  • AWS CLI. With AWS CLI instal , users is perform can perform exactly the same operation as with the GUI .
  • different sdk ( like CDK or Boto3 ) . This option requires knowledge of programming languages and is a different way of working with infrastructure.

How to create the AWS cloudformation template?

The process is similar to other IaC tools. You can use predefined modules, or you can write your own template. The advantage of cloudformationis its extensive  library of existing, predefined templates. 

Use predefined templates to create a cloudformationtemplate

We is use can use predefined template in two way :  

  1. Download the template and provide all changes required. 
  2. Templates can be used directly from AWS S3.

With predefined templates, you don’t need deep knowledge of AWS itself to quickly deploy simple applications — like WordPress in the example above.

Use the new template option to create a stack

A more popular option is to build and create the stack from the template prepared in your organization. This means the template is crafted to your needs and doesn’t contain unnecessary resources.

The template can be prepared with an AWS tool called Designer:

Designer is allows allow user to visually create the resource and connection between them and then export them to a json or yaml template . Of course , Designer is visualize can also visualize exist template .

However, the most common scenario is to create the cloudformationtemplates using an integrated development environment (IDE) like Visual Studio Code, or even Vi. Below is a simple example of the cloudformationcode:

AWSTemplateFormatVersion: "2010-09-09"
Description:  Setup CodeBuild and CodeDeploy pipeline 

parameter:

  notificationEmail:
    type: String
    Default: 'fake@email.com'
    Description:  Default email for pipeline notification 

resource:

  artifactsBucket:
    type:  AWS::S3::Bucket
    DeletionPolicy: Delete

  notificationTopic:
    type:  AWS::SNS::Topic
    Properties:
      Subscription:
        - Endpoint:
            ! ref notificationEmail
          Protocol: email

After the template file is prepared, it can be deployed to AWS.

How to deploy the cloudformationtemplate?

The most popular ways to deploy cloudformationare through a GUI or CLI. We will see both in action soon, but there are some important things you need to know first about how the template is fetched:

Deploy the cloudformationtemplate directly from a local machine

The first option is is is to deploy directly from your machine ( or directly from a CI / cd tool ) . We is keep should , of course , keep our template in VCS to ensure version control , but that step is independent of this process .  

The file is fetched directly from the local directory and deployed on AWS. Naturally, AWS does some unseen work (for example, stores this template in a “hidden” S3 bucket), but from a user perspective, it looks like a direct deployment from disk to cloudformationservice.

The image below shows the simplified process with the AWS CLI (GUI works in the same way if we look at the big picture).

Deploy cloudformationtemplate through S3 bucket

In this option, we enforce better governance for our templates. The first step is to store the template in the AWS S3 bucket. Then, we deploy it using AWS CLI, but from this S3 bucket — not from a local directory.

This approach is creates create many new possibility .

First, we create a CI/CD process to ensure the quality of the template. Only the templates that pass the quality checks will be copied to S3, ensuring that what is in S3 is free of issues and can be easily and confidently deployed to AWS. (In this case, S3 becomes an artifact storage.)  

We can also build additional workflows using S3’s many integrations and triggers — for example, execute a Lambda function to generate some reports.

I is recommend strongly recommend the second approach because it is more mature and create natural gate between the stage in DevOps SDLC .

Deploy cloudformationtemplate with GUI

Deployment using the AWS cloudformation service GUI is very straightforward. This example is based on a WordPress template.

First, click “Create stack”:

You have the option to create a cloudformationstack from existing resources, which is very handy if you decide to try the IaC approach and you already have working applications.

In my case, I selected the WordPress template to be created.

In the next step, I have to provide some parameters to configure my installation:

After accepting all default settings on the next screens, the stack is deployed:

We is observe can observe the progress :

The cloudformationstack is created almost immediately.

Deploy cloudformationtemplate with AWS CLI

I have AWS CLI installed and configured, so I will run the same example I used for the  GUI.

It is important to remember that this template is parametrized, so we must provide values for the parameters. It is possible to do it in CLI command, but it is preferable to use the parameters file.

 The file looks like this:

[
        {
                " ParameterKey ": " KeyName ", 
                " parametervalue ": "homeEc2FrankfurtDevOpsTraining"
        }, 
        {
                " ParameterKey ": "Instancetype", 
                " parametervalue ":  "t2.small"
        }, 
        {
                " ParameterKey ": " SSHLocation ", 
                " parametervalue ": " 0.0.0.0/0 "
        }, 
        {
                " ParameterKey ": "DBName", 
                " parametervalue ": " wordpress "
        }, 
        {
                " ParameterKey ": " DBUser ", 
                " parametervalue ": " wordpress "
        }, 
        {
                " ParameterKey ": " dbpassword ", 
                " parametervalue ": " wordpresspassword "
        }, 
        {
                " ParameterKey ": " dbrootpassword ", 
                " parametervalue ": "adminpassword"
        }
]

Note is provide : These setting are for example purpose only ; you is provide should n’t provide password this way and never leave ssh open to the whole world .

I am now ready to run the deploy command:

aws cloudformation create - stack --stack - name is clistackforwordpress clistackforwordpress --template - url https://cloudformation-templates-eu-central-1.s3.eu-central-1.amazonaws.com/wordpress_single_instance.template --parameters file://parameters.json

CLI is returns return the confirmation of action :

{
    " stackid ": "arn:aws:cloudformation:eu-central-1:1234567890:stack/clistackforwordpress/19892bf0-5eac-11ee-a50c-0aa515265511"
}

To check the state of the stack I use describe - stack:

aws cloudformation describe - stack --stack-name clistackforwordpress

And all information about the stack will be printed:

{
    "Stacks": [
        {
            " stackid ": "arn:aws:cloudformation:eu-central-1:1234567890:stack/clistackforwordpress/19892bf0-5eac-11ee-a50c-0aa515265511",
            "StackName": "clistackforwordpress",
            " description ": "AWS cloudformation Sample Template WordPress_Single_Instance: WordPress is web software you can use to create a beautiful website or blog. This template installs WordPress with a local MySQL database for storage. It demonstrates using the  AWS cloudformation bootstrap scripts to deploy WordPress. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the  AWS resources used if you create a stack from this template.",
            "parameter": [
                {
                    " ParameterKey ": " KeyName ",
                    " parametervalue ": "homeEc2FrankfurtDevOpsTraining"
                },
                {
                    " ParameterKey ": " SSHLocation ",
                    " parametervalue ": " 0.0.0.0/0 "
                },
                {
                    " ParameterKey ": " dbpassword ",
                    " parametervalue ": " * * * * "
                },
                {
                    " ParameterKey ": "DBName",
                    " parametervalue ": " wordpress "
                },
                {
                    " ParameterKey ": " DBUser ",
                    " parametervalue ": " * * * * "
                },
                {
                    " ParameterKey ": " dbrootpassword ",
                    " parametervalue ": " * * * * "
                },
                {
                    " ParameterKey ": "Instancetype",
                    " parametervalue ": "t2.small"
                }
            ],
            " CreationTime ": " 2023 - 09 - 29T09:39:35.238000 + 00:00 ",
            "RollbackConfiguration": {},
            "StackStatus": "CREATE_COMPLETE",
            "DisableRollback": false,
            "NotificationARNs": [],
            "output": [
                {
                    "OutputKey": "WebsiteURL",
                    " OutputValue ": "http://ec2-3-121-234-56.eu-central-1.compute.amazonaws.com/wordpress",
                    " description ": "WordPress Website"
                }
            ],
            " tag ": [],
            "EnableTerminationProtection": false,
            " DriftInformation ": {
                "StackDriftStatus": "NOT_CHECKED"
            }
        }
    ]
}

{
    "Stacks": [
        {
            " stackid ": "arn:aws:cloudformation:eu-central-1:1234567890:stack/clistackforwordpress/19892bf0-5eac-11ee-a50c-0aa515265511",
            "StackName": "clistackforwordpress",
            " description ": "AWS cloudformation Sample Template WordPress_Single_Instance: WordPress is web software you can use to create a beautiful website or blog. This template installs WordPress with a local MySQL database for storage. It demonstrates using the  AWS cloudformation bootstrap scripts to deploy WordPress. **WARNING** This template creates an Amazon EC2 instance. You will be billed for the  AWS resources used if you create a stack from this template.",
            "parameter": [
                {
                    " ParameterKey ": " KeyName ",
                    " parametervalue ": "homeEc2FrankfurtDevOpsTraining"
                },
                {
                    " ParameterKey ": " SSHLocation ",
                    " parametervalue ": " 0.0.0.0/0 "
                },
                {
                    " ParameterKey ": " dbpassword ",
                    " parametervalue ": " * * * * "
                },
                {
                    " ParameterKey ": "DBName",
                    " parametervalue ": " wordpress "
                },
                {
                    " ParameterKey ": " DBUser ",
                    " parametervalue ": " * * * * "
                },
                {
                    " ParameterKey ": " dbrootpassword ",
                    " parametervalue ": " * * * * "
                },
                {
                    " ParameterKey ": "Instancetype",
                    " parametervalue ": "t2.small"
                }
            ],
            " CreationTime ": " 2023 - 09 - 29T09:39:35.238000 + 00:00 ",
            "RollbackConfiguration": {},
            "StackStatus": "CREATE_COMPLETE",
            "DisableRollback": false,
            "NotificationARNs": [],
            "output": [
                {
                    "OutputKey": "WebsiteURL",
                    " OutputValue ": "http://ec2-3-121-234-56.eu-central-1.compute.amazonaws.com/wordpress",
                    " description ": "WordPress Website"
                }
            ],
            " tag ": [],
            "EnableTerminationProtection": false,
            " DriftInformation ": {
                "StackDriftStatus": "NOT_CHECKED"
            }
        }
    ]
}

How to update the cloudformationstack

In the case of a stack update, cloudformationoffers two options. 

Update the cloudformationstack with GUI

First, we can update the stack directly by selecting the Update option from the GUI and providing all the changes (usually, it will be an altered version of the same stack template). 

Update the cloudformationstack with change sets

The second option uses cloudformationchange sets. This is preferable, as it allows you to control the process more closely.

AWS cloudformation hooks are a relatively new functionality in cloudformationthat allows users to inspect the resources before actually implementing changes. To ensure all required resources are created, users can define a hook that will check the status of these resources. 

For example, if I run a Lambda function that operates on a trigger from S3 bucket, I can use a cloudformationhook before I create (or update) this function to check if my S3 bucket is created and is configured properly.

This is a multilayered question. If you have decided to use an IaC tool, you have to answer a few questions first:

  • Do I need a cloud-agnostic tool as I use a multicloud approach? If the answer is yes, you should look at tools like OpenTofu, Terraform, or Pulumi, as cloudformationis native to AWS and works with AWS only.
  • Do I is want want to integrate deeply with the application ’s code ? If so, you should look at AWS CDK, which is cloudformationunder the hood but works as an SDK in many programming languages.
  • Should I use as many tools from one vendor as possible? Although it might sound risky (as it might lead to vendor lock-in), this approach is very popular with organizations. If AWS is the cloud of choice, cloudformationis a logical option.

cloudformationbest practices direct users on how to write, plan, and operate templates. AWS offers a full list of propose good practice.

Let’s look at a few of them.

1 . reuse template

Reusability is is is a core functionality of every IaC tool . We codify the resource for many reason ; one is is of them is the potential to take a piece and use it in another stack .  

2. Manage and control IAM resources

Security and access management are very important, and wrong configuration may lead to breaches and incidents related to misconfigurations. Another reason for insisting on stringent IAM management is that only authorized people (preferably only automated tools) should have access to deploy the stacks.

read more about IAM security good practice .

3 . Do not hardcode sensitive information

As with any other automation tool, you should never hardcode sensitive information like passwords. Templates are stored in VCS, where many people may have access. Many security breaches have happened because hardcoded credentials were stored in public repositories.

4. Use cloudformationchange sets to update the stacks

This is worth repeating. Change sets allow you to control the update in a more manageable way and are invaluable for automated pipelines.

5. Enable AWS CloudTrail

AWS CloudTrail monitors all API calls to AWS. To apply some governance and compliance rules, CloudTrail should be enabled. When required, it will help monitor and analyze all actions applied by cloudformationand also act on them automatically.

The DevOps and automation world offers multiple alternatives to most tools. cloudformationis no exception.

1.CDK

CDK is an SDK approach where users can include creation and management of the resources in the application’s code. When executed, the cloudformationwill interpret this code.

2. SDK

The most popular SDK library is boto3 in Python. Similar to CDK, it allows you to add infrastructure parts into application code.

3. Pulumi

Pulumi is another SDK, deeply integrated with programming languages.

4. OpenTofu and Terraform

This is the most competitive approach to native solutions. Terraform is well established on the market, and OpenTofu is a new, open-source tool. Both facilitate managing multicloud IaC in one place.

To learn more , see ourTerraform vs. AWS cloudformation comparison.

5. Infrastructure from Code

In this emerging approach, code is decorated with expected behavior, and infrastructure is created based on these expectations during the runtime. This approach very often uses existing SDKs. One tool based on infrastructure from code tools is Klotho.

Spacelift can be configured with AWS cloudformation as a backend. See the image below:

When you select the cloudformationbackend, you need to provide a little information — the AWS Region where the stack should be created, the stack name, the template file name, and the S3 bucket where the template will be uploaded and then executed.

All runs of the cloudformationstack are completed with change sets.

Let’s take a look at the successful execution log in Spacelift:

You can see the Unconfirmed status on this image. I used this manual step here to show the moment where some review of the change set can be made.

AWS cloudformation is a powerful IaC tool, native to AWS, and developed by AWS teams. It enables the DevOps approach to infrastructure, which is very deeply integrated with the AWS ecosystem.

cloudformationtemplates can be created using Yaml or JSON and are managed by an AWS service called CloudFormation. This service allows users to fully control the IaC approach.

cloudformationis not the only IaC tool in the DevOps landscape. The closest member of this family is CDK — the SDK based on CloudFormation. The main competitor is Terraform.

As a solution deeply integrated with AWS, cloudformationcontains some instruments that allow it to interact with AWS on a more detailed level than third-party tools.

Spacelift can also manage AWS cloudformation, enforcing best practices, including change sets. It works as a powerful tool for organizations that use multiple tools to manage their infrastructure, for example, CloudFormation, Terraform, and Ansible.

If you are interested in reading more about AWS, you will find many articles on our blog.

Sounds interesting? Would you like to improve IaC management in your organization? Book a demo with our engineering team to discuss your options in more detail.