Example CloudFormation Template

Get a working knowledge of creating CloudFormation templates and the best practices to follow.

We'll cover the following

Creating CloudFormation templates
- Sample template
Best practices

Previously, we’ve explored the anatomy of CloudFormation, and we can now explore how to create and work with a CloudFormation template in this lesson.

Creating CloudFormation templates

There are multiple ways to create a CloudFormation template for provisioning resources and creating a stack, as follows:

We can manually create a CloudFormation template by writing the code ourselves. This approach allows fine-grained control over resource definitions and configurations.
We can also reuse and modify existing CloudFormation templates to suit specific requirements.
We can visually create, view, and modify templates through a web-based visual interface tool provided by AWS called the CloudFormation Designer. Another AWS service, the Application Composer service, is also an excellent tool that provides a visual design experience for generating templates.
We can also import existing AWS resources on the CloudFormation console to automatically generate a template, allowing us to create a stack based on the imported resources.

Sample template

Let’s see an example of a template that creates a simple S3 bucket.

We first begin by creating our CloudFormation template by providing the valid template format version at the start of it:

Let’s define the resource type that specifies what AWS resource we want to provision. The format of the resource type should be in the service-provider::service-name::resource-type form.

Since we want to create an S3 bucket, we’ll provide AWS as the service provider, S3 as the service name, and bucket as the resource type. Based on this information, the format of the resource type would be AWS::S3::Bucket, as seen on line 5 in the template below. Just this template would be able to create a valid stack with a randomly named S3 bucket provisioned within it.

In case you want to explore the template syntax and parameters of other CloudFormation services, like EC2, then you can find these in the official template repository maintained by AWS.

Now that we’ve finalized a CloudFormation template, we need to use it to provision a stack with an S3 bucket. To do so, we need to perform the following steps:

Upload template to CloudFormation: We can either upload your template to an Amazon S3 bucket and generate the relevant S3 URL for it, or we can define the template inline in the API/SDK request to the AWS CloudFormation service.
Create a stack with CloudFormation: CloudFormation then creates a new stack using the provided CloudFormation template after we also specify the stack name and any parameters and tags.
Provision stack resources: Upon stack creation/modification, the S3 bucket with the name my-s3-bucket is also provisioned and ready for use.

Best practices

Here are some best practices that we can use when working with CloudFormation templates:

Reuse CloudFormation templates: We can reuse the AWS CloudFormation template with which we have successfully deployed a stack and provisioned an infrastructure of AWS resources.
- For example, we could’ve successfully tested stacks in development environments. We can reuse the templates of these development environments in the production environment where most of the configurations are the same, and we may only need to update the lower-cost instances to higher-cost instances.
Avoid embedding credentials in templates: We need to avoid embedding any sensitive information in our CloudFormation template, as CloudFormation does not have any mechanism to omit, modify, or redact such information from the template once the stack is created. Instead, we need to use dynamic references to reference this sensitive data, for which we can utilize the AWS Systems Manager Parameter Store and AWS Secrets Manager services.
Version control of the template code: We can use a version control system to track the changes and versions of a CloudFormation template. This practice makes it easier for us to easily revert back to the previous correct version in case of any failures.
Validate templates before use: We can use the CloudFormation service to validate the template before using it to ensure there are no errors. We can also use any IDE or linter to make sure there’s a valid JSON or YAML code in our template.
Improve portability of templates with pseudo parameters: We can increase the portability of our CloudFormation templates by using pseudo parameters, making our templates more dynamic.
- For example, let’s say we want to reuse our template to provision the same set of resources across regions, and the one change in our template would be the specified region. We can easily utilize the AWS::Region pseudo parameter for this use case.
Adopt parameter constraints in templates: We can set constraints on the parameters we define in our CloudFormation templates to ensure that only the allowed input values are provided during stack creation. These constraints can be either any minimum length, maximum length, allowed patterns, and allowed values that we want to set.
- For example, we can set the t2.micro and t2.medium values as the only allowed values for a parameter that specifies the instance type for an EC2 instance we’re provisioning. This can be useful when these are also the only allowed values in the user policy, and using any other instance type would result in an error.
Verify service quotas: Before deploying the stack, we must verify the service quotas on our AWS account for any AWS services and resources we provision with CloudFormation. This can help us avoid the stack failing because of AWS resources exceeding the allowed set quota, which can be especially infuriating when we need to deploy a large stack that takes time to both create and clean up.
- For example, we may need to deploy 10 VPCs in a specific AWS region, but our AWS account service quota is set at 5 VPCs per region, which will cause our stack creation to fail.

In this lesson, we went over an example template to provision a S3 bucket. We also explored some of the best practices we must follow when working with CloudFormation templates.

Get hands-on with 1300+ tech skills courses.

Introduction

AWS Fundamentals

Understanding Cloud Computing Essentials— From Zero to Hero

Identity and Access Management

Securing AWS Resources: Managing Access with IAM

AWS IAM Permission Boundaries

Using AWS IAM Access Analyzer

Compute Services

Understanding AWS Compute Services — From Zero to Hero

Amazon EC2: Elastic Compute Cloud

Working with Instances: An Amazon EC2 Walkthrough

Managing Instance Volumes Using EBS

Networking

Understanding Networking Services in AWS—From Zero to Hero

Controlling VPC Traffic Using Network ACLs

Managing Peer Connections between Amazon Virtual Private Clouds

Accessing AWS Services over AWS PrivateLink Using VPC Endpoints

Monitoring IP Traffic Using VPC Flow Logs

Route 53

Serverless Computing

Getting to Know AWS Lambda

Building and Deploying Serverless Applications with AWS SAM

Developing RESTful Microservices with API Gateway and DynamoDB

Building a WebSocket-Based Chat Application Using API Gateway

Mastering AWS AppSync Lambda Resolvers

Application Integration

Getting Started with Amazon Simple Queue Service (SQS)

Handling Amazon SNS Notifications with AWS Lambda

Build a Fanout Serverless Architecture using SNS, SQS, and Lambda

Decoupling Serverless Applications with Amazon EventBridge

Getting Started with AWS Step Functions

Containers

Getting Started with Amazon ECS

Create an EKS Cluster and Deploy an Application

High Availability and Scalability

Managing Application Traffic Using Elastic Load Balancers

Understanding Auto Scaling Group (ASG) in AWS

Mastering Amazon EC2 Dynamic Scaling Policies

Storage

Understanding AWS Storage Options—From Zero to Hero

Simple Storage Service (S3)

Working with AWS S3 Cross-Region Replication

Resizing Images with S3 Batch Operations and AWS Lambda

Managing Data Access with Amazon S3 Access Points

File Storage and Transfer

Getting Started with Amazon FSx for Windows File Server

Databases

Working with Relational Databases: A Beginner's Guide to AWS RDS

Getting Started with Amazon Aurora Database Engine

Working with NoSQL Databases: A Beginner's Guide to AWS DynamoDB

Exploring Graphs with Amazon Neptune

Getting Started with Amazon Keyspaces

Achieving Ultra-Fast Performance Using Amazon MemoryDB for Redis

Improving Database Performance with Amazon ElastiCache for Redis

Migration and Transfer

Use of AWS Database Migration Service from Aurora MySQL to S3

Security and Compliance

Getting Started with AWS Key Management Service (KMS)

Encrypting S3 Buckets and EBS Volumes Using KMS

Protecting Web Applications Using AWS WAF

Managing Aurora DB Credentials and API Keys Using Secrets Manager

Finding Vulnerabilities on EC2 Instances Using AWS Inspector

Deployment Services

Mastering AWS Deployment Services—From Zero to Hero

CloudFormation

Getting to Know AWS CloudFormation

AWS CloudFormation Updates: Change Sets and Stack Policies

Mastering AWS CloudFormation Helper Scripts

Machine Learning

Understanding Machine Learning Services on AWS—From Zero to Hero

Deploying a Machine Learning Model with Amazon SageMaker

Getting Started with Amazon Fraud Detector

Build an Educative Chatbot with Conversational AI Using AWS Lex

Content Delivery and Optimization

Analytics

Analyzing S3 Data and CloudTrail Logs Using Amazon Athena

Getting Started with Amazon EMR

Getting Started with Amazon Redshift

Building ETL Pipelines on AWS

Create a Data Lake with Lake Formation and Analyze It with Athena