acg-mastering-cloudformation
A Cloud Guru Course: Mastering CloudFormation
Chapter 1 - Intro and Theory
Everything you need to set you up for a successful course. We'll quickly cover some tips when working with the AWS CLI. We'll then cover a brief review of the CloudFormation template anatomy including metadata, intrinsic functions, as well as exporting and importing values between templates.
Ch01_L01 – Introduction
Take a high-level look at what this course has to offer.
Ch01_L02 – A Quick Refresher
A quick refresher on AWS CLI, CloudFormation fundenmentals, and navigating the AWS CloudFormation Docs.
- DEMO: Working with the AWS CLI
- How CloudFormation works
- How to efficiently search and read the docs
- Properties
- Return Values (Ref, Fn::GetAtt)
- DEMO: Finding Resource documentation
Links:
Ch01_L03 – Template Anatomy
A complete look at CloudFormation's template anatomy, with Parameters/Types, Mappings, Conditions, Metadata, Resources, Outputs and more.
- Parameters
- Constraints
- AWS-Specific Parameter Types
- Mappings
- Conditions
- Metadata
- Resources
- Outputs
Links:
- CloudFormation Template Anatomy
- SSM Parameter Types
- AWS-Specific Parameter Types
- Using AWS-Specific Parameter Types
Ch01_L04 – Template Operations
A detailed look at intrinsic functions as well as a deep dive on Exporting and Importing values between templates.
- Intrinsic Functions
- Ref, GetAtt
- Export/Imports Outputs
Links:
- Intrinsic Function Reference
- Pseudo Parameter Reference
- Fn::ImportValue
- X-Reference CloudFormation Outputs
Ch01_L05 – Tips & Watchouts
A list of the most common CloudFormation pitfalls as well how to best setup your code editor, when working with CloudFormation.
- Trick-out your IDE
- Lambda@Edge Deletion Times
- CloudFront Propagation Times
- Stack Creation Manual Steps
- Renaming Things
- Stateful Resources and Updates / Deletes
- Limits
Links:
- VSCode Ext: vscode-yaml
- VSCode Ext: vscode-cfn-lint
- VSCode Ext: json2yaml
- VSCode Ext: sort-lines
- VSCode Ext: cform
- CloudFront Propagation Times
- Deleting Lambda@Edge Functions and Replicas
- Verify Domains for SES using Custom Resources
- Moving and Renaming Resources
- CloudFormation Limits
Chapter 2 - Custom Resources
Learn to create, deploy and implement custom resources that can help extend CloudFormation way beyond just native resources.
Demo Description: Create and use a custom resource that provisions unique subdomains and routing based on application version. Eg. feat-blue--projectx.domain.com
Ch02_L01 – Overview
A birds-eye view of Custom Resources; what they are and various use cases.
- What they are
- Lambda: Create, Update, Delete
- Return & Fn::GetAtt
- Features & Use Cases
- Limits
Links:
- Extend CloudFormation with Custom Resources
- cfn-response Module
- Custom Resource Limits
- Avoid Two Hour Exception Timeout
- AWS::CloudFormation::CustomResource
Ch02_L02 – What We Are Building
A detailed walk-through of the custom resource you will be building; as well as calling out a few custom resource helper libraries.
- Important Notes
- Timeouts & Catching Errors
- How CloudFormation identifies and replaces resources
- Design functions for idempotency
- Helper Libraries
- Diagram: What We Are Building
Links:
Ch02_L03 – Let's Make one
A guided jounery in building your own custom resource, and how to deploy it.
- DEMO: Create/Deploy Custom Resource
- DEMO: Review Custom Resource Function
- DEMO: Review Exports in Console
Ch02_L04 – Let's Use It
A complete guide to implementing and using your new custom resource
- Using in another Template
- DEMO: Create, Update and Delete
- DEMO: Cleanup
Links:
Chapter 3 - Macros & Transforms
Elevate your template functionality with Macros and Transforms. Learn to create and use custom template functions.
Ch03_L01 – Overview
A comprehensive look at Macros & Transforms; along with various use cases and limits.
- What they are
- Snippet vs Template-Level
- Features & Use Cases
- Limits
Links:
Ch03_L02 – Macro: String Operations
A hands-on lab where you will be building a deploying a Macro that is able to perform string manipulations in your templates.
- What We're Building
- String Operations (Capitalize, Replace, Max Length)
- DEMO: Create/Deploy String Operations Macro
- Show CFN console view processed template http://bit.ly/32GrwIn
- DEMO: Use Macro
Ch03_L03 – Macro: Common Tags
A hands-on lab where you will be building a deploying a Macro that cleanly provides a way to globally tag all the resources at once.
- What We're Building
- DEMO: Create/Deploy CommonTags Macro
- DEMO: Use Macro
Ch03_L04 – Macro: Custom Resource Types
A hands-on lab where you will build & deploy a Macro that abstracts away your custom resource, making it appear as though it's a native resource type.
- What We're Building
- DEMO: Create/Deploy S3Objects Macro
- DEMO: Use Macro
Ch03_L05 – Unit Testing
Learn to debug and test your Lambda's locally, or as part of a deployment step.
- Unit Testing
- DEMO: Setting up Macro Unit Tests
- validate-template
Chapter 4 – Best Practices
A focused look at the most impactful CloudFormation features, workflows and best practices for organizing, securing and managing your templates and stacks.
Ch04_L01-L02 - Nested Stacks
An advanced exploration of Nested Stacks; how they work, use cases, features and a detailed hands-on demo.
- What are they?
- Features & Benefits
- Use Case
- DEMO - Let's Build One
- Passing Params to/from Parent and Child Stacks
- Recover a nested stacks hierarchy with ResourcesToSkip https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-continueupdaterollback.html#nested-stacks
- Clean up
Links:
- Nested Stacks
- ContinueUpdateRollback
- Recovering AWS CloudFormation stacks using ContinueUpdateRollback
- Using ResourcesToSkip to recover a nested stacks hierarchy
Ch04_L03 - Working with Secrets
An extensive look at safe-guarding your secrets when working with CloudFormation without compromising on workflow or security.
- Overview
- SSM vs Secrets Manager
- Intro to KMS
- Bundling Secrets
- Encrypting in CLI
- Decrypting in Lambda
- Clean up
Links:
- AWS Secrets Manager: Store, Distribute, and Rotate Credentials Securely
- Rotating Your AWS Secrets Manager Secrets
- AWS Secrets Manager Pricing
- Using dynamic references to specify template values
Ch04_L04 - Template Strategies
A detailed examination of various techniques, workflows and tools for validating, cross-referencing, and orginizing your templates.
- Reuse & Stack Separation
- Organize Stacks By Lifecycle and Ownership
- Nested vs Exports vs AWS::Include
- Validate Templates before deploying
- https://github.com/aws-cloudformation/cfn-python-lint#basic-usage
- https://github.com/ScottBrenner/cfn-lint-action
Ch04_L05 - Template Storage and Revisions
A practical look at a variety of approaches to automating the tasks of versioning, linting, packaging, storing and continuously deploying your templates.
- Versioning
- Linting
- Packaging
- Storing
- Automated CI/CD Pipeline
Chapter 5 - Mastering Stacks
A comprehensive review of some of the lesser known, but extremely powerful CloudFormation features.
Ch05_L01 - Service Roles
A guided investigation of service roles; what they are and the granular control over stacks they provide.
- Why are they needed?
- DEMO: User & Role Setup
- DEMO: Stack Deploy & Update
- Cleanup
Ch05_L02 – Change Sets
An exploration of Change Sets; what they are, some powerful use cases along with a hands-on demo on how to take full advantage of them when you deploy.
- What are they
- Use Case
- Stack Drift
- DEMO - Let's use one
- Cleanup
Ch05_L03-L04 – StackSets
An in-depth look at stack sets; some of their most important benefits and limitations as well as a hands-on demo of how they can help you master mult-region and account deploys.
- StackSet Concepts
- Features & Benefits
- Limitations
- Granting permissions for Stack Set operations
- Configuring a target account gate
- DEMO - Deploying with StackSets
- Cleanup
Links:
Ch05_L05 – Stack Policies
Learn how to completely protect your stack resources, with ease using stack policies.
- What are they?
- DEMO: Using Stack Policies
- Cleanup
Links:
Chapter 6 - Working with EC2 Instances (eg. GhostCMS)
Learn how to provision your EC2 instances complete with all required services, files, users, and groups all with native CloudFormation.
Demo Description: Build and deploy a Ghost Blogging CMS hosted on EC2. Learn how to provision the instance for required packages with CloudFormation.
Ch06_L01 – CloudFormationInit
Learn about CloudFormationInit and how it can orgistrate your EC2 application provisioning.
- UserData (Procedural) vs CloudFormationInit
- How it Works
- Provisioning Workflow
Ch06_L02 - ConfigSets
Explore ConfigSets and how they offer declaritive control over the services, files, users, and groups that get installed on your EC2 instances
- Overview
- packages
- groups
- users
- sources
- files
- commands
- services
Ch06_L03 – Resource Policies
Learn how to orgastrate the provisioning, updating and deleting of your instances with resource policies and cfn-signal.
- What are they?
- Creation Policy
- Update Policy
- Deletion Policy
- cfn-signal
Links:
Ch06_L04 – cfn-hup
Learn how to use cfn-up to keep you EC2 instances in sync with changes to your templates.
- How it works
- Configuring
- DEMO
Chapter 7 - Working with Serverless
Learn advanced techniques and workflows when working with CloudFormation and serverless; along with solutions to common challenges.
Ch07_L01-L03 – AWS Serverless Application Repository
A detailed look at AWS Serverless Application Repository; what it is and how to use it as your team's extensive infrastructure rolodex.
- What is AWS SAR?
- Searching for Apps
- Publishing Apps
- Using Apps
Links:
- AWS Serverless Application Repository Resource-Based Policy Examples
- AW SAR Bucket Policy Security Fix
Ch07_L03-L04 – JAMStack Deployment (Voting App)
Learn how to automate the deployment of a serverless real-time voting application; as well as solutions to related CloudFormation challenges.
- What we’re going to build
- Review Template & Code
- Outputs injection
- Deleting S3 assets as part of stack delete
Links:
Chapter 8 - Putting it all together (Self Service Portal)
Learn how you can programmatically explore and control CloudFormation in a custom built Cloud Portal complete with Github Repository and Actions Integrations.
Ch08_L01 – Programmatic CloudFormation
A discussion of common uses for programmic control of CloudFormation. A detailed look at the Cloud Portal application you'll be deploying as well as a step-by-step deployment walk-through.
- Use Cases
- Cloud Portal Intro
- Deployment
Ch08_L02 – Portal Code Walk-Through
A review of the Cloud Portal functionality followed by a comprehesive code walk-through to see what makes it tick.
- Cloud Portal Exploration
- Code Walk-Through
Ch08_L03 - Complete Course Clean-up
A full and complete walk-through and tear down of all stacks, keys, configs, ssm params, roles etc that we're created for this course.
- Clean up
Links:
Chapter 9 - Other Tools
Simplfiy your CloudFormation workflow with a an industry CLI tool. We’ll briefly review and compare a number of industry tool options. Additionally, we'll also be taking a quick look at the CloudFormation Registry and CLI.
Ch9_L01 – Frameworks
A high-level look at The Serverless Framework, AWS SAM, Troposphere and AWS CDK; compairing their feature sets and workflows.
- Troposphere
- The Serverless Framework
- AWS SAM
- AWS CDK
Links:
- Troposphere
- The Serverless Framework
- Repo: The Serverless Framework
- AWS SAM: Serverless Application Model
- Repo: AWS SAM
- AWS CDK: Cloud Development Kit
- Repo: AWS CDK
- AWS CDK Examples
- AWS CDK Construct Library
Ch9_L02 – CloudFormation Registry and CLI
Learn how, even though new to the scene at time of recording; the CloudFormation Registry and CLI promise to significantly standardize and open up CloudFormation to third-party resources.
- The Registry
- The CLI
- Using 3rd Party Providers
- Creating Your Own Provider
Links:
- Installing CloudFormation CLI
- IAM Policies
- CloudFormation Resource Provider Pricing
- Using a 3rd Party Provider
- Creating a Provider
- Building Your Own Provider
Ch9_L03 – Conclusion
Congradulations, a sincere thanks and brief good-bye; until next time.
Links
- Course: Lambda@Edge
- Course: The Complete Serverless Course
- AWS CloudFormation User Guide
- aws-cf-templates
- aws-cloudformation-templates
- Limits
- IDE Tips
- New Parameter Types
- Custom Resource Auto-approve cert
- Macro Ideas
- Blue/Green Deploys
Missing Topics
- CFN Designer
- DependsOn
- Stack Notifications (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-add-tags.html)
- WaitCondition