CloudFormation Pro Tips
3 min readIt has been a while since I did a blog. Sorry about this.
I figured I’d do a quick one to share 3 hot tips I use when undertaking CloudFormation that I’ve learnt over the years from AWS Quickstarts 😉
Tip 1 – prefix parameters and resources
When defining your parameters and resources prefix them.
put a lowercase p and a lower case r in front of them respectively. Then things look a little easier when using REF lookups!
You’ll know if you’re referencing a param or a resource that much easier.
Example:
Parameters:
pVPCCIDR:
Type: String
Default: 192.168.1.1/24
Description: CIDR for your VPC that hosts the AppStream Bastian Streaming Instances
Resources:
rVPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref pVPCCIDR
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Tags:
-
Key: Name
Value: !Ref AWS::StackName
Tip 2 – use the AWS Systems Manager when looking up the latest AMI ID
Once upon a time we used to have deploy an AMI and use a custom resource to look up AMI IDs. You may have missed an update in 2017 like I did for the longest time.. Sigh.
AWS released the SSM parameter store managed parameter to look this up dynamically for you as per the above links.
An example is this:
Parameters:
pLatestAmiId:
Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'
Description: AMI ID pointer in SSM. Default latest AMI Amazon Linux2.
Resources:
rOutboundProxyLaunchConfig:
Type: AWS::AutoScaling::LaunchConfiguration
Properties:
ImageId: !Ref LatestAmiId
Start doing it this way 🙂
Tip 3 – Use SSM Parameters and not Output or Output Exports any more to pass info between Stacks / Templates
Whilst Outputs and Exports are good, and had a purpose at one point, SSM Parameters are now where they are at to pass information between related templates. i.e. you may have a Network template that outputs the VPC ID created with it and have that fed into other templates you create from.
Historically you’d have used Outputs, then Exported Outputs. Now we use SSM Parameters as you can use them as a Parameter type and you can also create them by defining them as a resourec.
Reading in a SSM Parameter into your Template is done like something like this:
Resources:
rMyS3Bucket:
Type: 'AWS::S3::Bucket'
Properties:
AccessControl: '{{resolve:ssm:S3AccessControl:2}}'
For more information refer to: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html
You can create SSM Parameters in your account by using CloudFormation resource type: AWS::SSM:Parameter . However! PRO Tip: You cannot create secure strings doing so. So you will want a central lambda Custom Resource solution to handle creating an encrypted secure string still.
Example:
Resources:
rBasicParameter:
Type: AWS::SSM::Parameter
Properties:
Name: command
Type: String
Value: date
Description: SSM Parameter for running date command.
AllowedPattern: "^[a-zA-Z]{1,10}$"
Tags:
Environment: DEV
For more information refer to: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-parameter.html
Ok so thats my 3 pro CloudFormation tips for you for now. 🙂
Hope you found this useful.
Paul.
You must be logged in to post a comment.