Automating Deployments with AWS Cloudformation

Overview

Deploying infrastructure in a consistent, reliable manner is difficult — it requires people to follow documented procedures without taking any undocumented shortcuts. Plus, it can be difficult to deploy infrastructure out-of-hours when less staff are available. AWS CloudFormation changes this by defining infrastructure in a template that can be automatically deployed — even on an automated schedule.

Throughout, I gained hands-on experience deploying and editing CloudFormation stacks. It was an interactive experience that required me to consult documentation to discover how to define resources within a CloudFormation template.

The work demonstrated how to:

Deploy an AWS CloudFormation stack with a defined Virtual Private Cloud (VPC), and Security Group
Configure an AWS CloudFormation stack with resources, such as an Amazon Simple Storage Solution (S3) bucket and Amazon Elastic Compute Cloud (EC2)
Terminate an AWS CloudFormation and its respective resources

Task 1: Deploy a CloudFormation Stack

I began by deploying a CloudFormation stack that creates a VPC.

First, I downloaded the CloudFormation template (task1.yaml) by right-clicking the link and opened it in a Text Editor (not a Word Processor).

Looking through the file, I noticed several sections:

The Parameters section used to prompt for inputs - here it was asking for two IP address (CIDR) ranges for defining the VPC
The Resources section used to define the infrastructure to be deployed - defining the VPC and a Security Group
The Outputs section used to provide selective information about resources in the stack - providing the Default Security Group for the VPC

I noted that the template was written in YAML format, commonly used for configuration files, and that the format was important, including indents and hyphens. I also learned that CloudFormation templates can be written in JSON as well.

To launch the CloudFormation stack:

I opened the AWS Management Console and clicked CloudFormation from the Services menu
Clicked Create stack then selected Upload a template file
Clicked Browse/Choose file and uploaded the task1.yaml template I downloaded
Clicked Next
On the Specify Details page, I named the stack "Lab"
I observed the Parameters section prompted for IP address ('CIDR') ranges for the VPC and Subnet with default values specified, so I left them unchanged
Clicked Next
On the Options page, I browsed through but left settings at their default values
Clicked Next
On the Review page, I saw a summary of all settings and acknowledged that custom names were being used
Clicked Create stack

The stack entered the CREATE_IN_PROGRESS status. I clicked the Events tab and scrolled through the listing, seeing the activities performed by CloudFormation in reverse order, such as starting and completing resource creation.

I also checked the Resources tab, which showed the resources being created. I noticed that CloudFormation was determining the optimal order for resources to be created, such as creating the VPC before the subnet.

I waited until the status changed to CREATE_COMPLETE, refreshing occasionally to update the display.

Task 2: Add an Amazon S3 Bucket to the Stack

For this task, I needed to edit the CloudFormation template to add an Amazon S3 bucket and then update the stack.

I opened the task1.yaml file I downloaded earlier and referred to the Amazon S3 Template Snippets documentation page for assistance.

Looking at the YAML example, I added the following code under the Resources header in the template:

MyS3Bucket: Type: AWS::S3::Bucket

I was careful with the indentation, using two spaces for each indent, since YAML is very particular about formatting. I didn't add any Properties since they weren't required for this basic bucket definition.

To update the stack:

In the CloudFormation console, I selected the Lab stack
Clicked Update
Chose Replace current template
Selected Upload a template file and browsed to my modified task1.yaml file
Clicked Next through the Specify stack details page
Clicked Next on the Configure stack options page
Reviewed the preview of changes at the bottom of the page, which showed CloudFormation would Add an Amazon S3 bucket while all other resources would remain unchanged
Clicked Update stack

After about a minute, the stack status changed from UPDATE_IN_PROGRESS to UPDATE_COMPLETE. I clicked the Resources tab and saw the bucket displayed in the list. CloudFormation had assigned it a random name to avoid conflicts with existing buckets.

I also verified the bucket creation by checking the S3 console.

Task 3: Add an Amazon EC2 Instance to the Stack

This task was more complex as it required adding an Amazon EC2 instance to the template. First, I needed to add a special parameter for the Amazon Machine Image (AMI).

I updated the template by adding these lines in the Parameters section:

AmazonLinuxAMIID: Type: AWS::SSM::Parameter::Value Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2

This parameter uses the AWS Systems Manager Parameter Store to retrieve the latest AMI for the stack's region, making it easy to deploy stacks in different regions without manually specifying an AMI ID for every region.

I learned that when writing CloudFormation templates, I could refer to other resources using the !Ref keyword. For example, I saw in the template how a VPC was defined and then referenced within the Route Table definition:

VPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 PublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC

Using the AWS::EC2::Instance documentation page, I added the EC2 instance definition to my template:

AppInstance: Type: AWS::EC2::Instance Properties: ImageId: !Ref AmazonLinuxAMIID InstanceType: t3.micro SecurityGroupIds: - !Ref AppSecurityGroup SubnetId: !Ref PublicSubnet Tags: - Key: Name Value: App Server

I made sure to include only the five Properties listed in the requirements:

ImageId: Referenced the AmazonLinuxAMIID parameter
InstanceType: Set to t3.micro
SecurityGroupIds: Referenced AppSecurityGroup (noting that it needed to be in list format)
SubnetId: Referenced PublicSubnet
Tags: Added the Name tag with value "App Server"

To update the stack:

I selected the Lab stack in the CloudFormation console
Clicked Update
Selected Replace current template and uploaded my revised template file
Clicked through the wizard pages
Reviewed the preview of changes showing the EC2 instance addition
Clicked Update stack

Once complete, I verified the instance was displayed in the Resources tab and checked the EC2 console to see my App Server.

Task 4: Delete the Stack

For the final task, I deleted the CloudFormation stack to see how it would automatically remove all resources it created.

In the CloudFormation console:

I selected the Lab stack
Clicked Delete, then clicked Delete stack at the prompt
The stack showed DELETE_IN_PROGRESS status
After a few minutes, the stack disappeared

I verified that the Amazon S3 bucket, Amazon EC2 instance, and the VPC had all been properly deleted.

Conclusion

In conclusion, I gained practical experience with AWS CloudFormation for infrastructure as code. I learned how to:

Deploy a basic CloudFormation stack from a template
Edit templates to add new resources (S3 bucket and EC2 instance)
Update existing stacks with modified templates
Reference resources within templates using !Ref
Use the AWS Systems Manager Parameter Store for dynamic AMI selection
Delete a stack and observe the automatic cleanup of resources

I found CloudFormation to be a powerful tool for maintaining consistent infrastructure deployments and automating resource management. The ability to define all components in a single template makes it much easier to deploy complete environments reliably, especially during off-hours when fewer staff are available.