/aws-cloudformation-templates

A collection of useful CloudFormation templates

Primary LanguagePythonApache License 2.0Apache-2.0

AWS CloudFormation Sample Templates

This repository contains sample CloudFormation templates that you can use to help you get started on new infrastructure projects. Keep in mind that these templates are not meant to be production-ready "QuickStarts". You should take the time to learn how they work, adapt them to your needs, and make sure that they meet your company's compliance standards.

Each template in this repository passes CloudFormation Linter (cfn-lint) checks, and also a basic set of CloudFormation Guard rules based on the CIS Top 20, with exceptions for some rules where it made sense to keep the sample focused on a single use case.

Discord

Join us on Discord to discuss rain and all things CloudFormation! Connect and interact with CloudFormation developers and experts, find channels to discuss rain, the CloudFormation registry, StackSets, cfn-lint, Guard and more:

Join our Discord

Submitting Templates

Before you submit a template, we suggest that you follow these guidelines:

  • Fork the repository and create a fresh branch to work on your sample
    git remote add upstream git@github.com:aws-cloudformation/rain.git
    git fetch upstream
    git checkout -b my-branch-name upstream/main
    git push -u origin
    
  • Write the template in YAML, with a .yaml suffix (not .yml or .template). Our test scripts will auto-generate a JSON file based on the YAML. YAML is the source of truth for all templates in this repository.
  • If your solution needs any other type of YAML file, like a K8s manifest or a build spec, give it a .yml extension. This will cause it to be skipped by the test scripts.
  • Test your template. Can you successfully create a stack with it? When you delete a stack, is the stack (and all of its resources) successfully deleted? Make sure users aren't left with stray resources or stacks that have deletion errors.
  • In the Description section, add a brief description of your template. The description should indicate what the template does and why it's useful. For example:
    Description: "Create a LAMP stack using a single EC2 instance and
    a local MySQL database for storage. This template demonstrates using the AWS
    CloudFormation bootstrap scripts to install the packages and files necessary
    to deploy the Apache web server, PHP, and MySQL when the instance is
    launched."
    
  • Format your template to make it human readable:
    • Err on the side of human readability. If it makes your template easier to read, do it.
    • Use cfn-lint to lint your template and make sure it is valid.
    • Consider using two-space indents to reduce line wrapping.
  • Review IAM resources. If you include IAM resources, follow the standard security advice of granting least privilege (granting only the permissions required to do a task).
  • Remove secrets/credentials from your template. You might hardcode credentials or secrets in your template when you're testing. Don't forget to remove them before submitting your template. You can use this tool to help you scrub secrets: https://github.com/awslabs/git-secrets.
  • Add your template to the correct folder so that others can discover it.
  • Run the scripts/test-all.sh script in the directory where you're working to make sure the template is valid.
  • If you write any lambda function code, put it in a separate file and run pylint or eslint to make sure the code is valid.

When your template is ready, submit a pull request. A member of the AWS organization will review your request and might suggest changes.

Additional Resources

CloudFormation Linter (cfn-lint)

The CloudFormation Linter is an indispensable tool for developing your templates. It should be a part of every developer's workflow, and incorporated into your CI/CD pipelines.

Install cfn-lint with pip:

pip install cfn-lint

CLoudFormation Rain

Rain is a command line interface (CLI) for CloudFormation that greatly improves the experience for authoring and deploying templates. It has many features, such as creating starter templates for various use cases, interactive deployments, modules, and more.

Rain can be installed with Brew:

brew install rain

or if you are a Go user, you can install it like this:

go install github.com/aws-cloudformation/rain/cmd/rain@latest

In the AWS CloudFormation User Guide, you can view more information about the following topics: