Structure of CloudFormation Template
AWS Cloudformation template has a defined structure. basically, a sample template has six top-level sections and we are going to look at that one by one. Also, we can use either JSON or YAML format for this template
Before we go to the sections, we need to discuss two important concepts that we will need to write a good Cloudformation template.
Intrinsic functions
Intrinsic functions are some built-in functions in Cloudformation that help to manage our stack. we use intrinsic functions to assign values to properties in runtime.
so examples are:
If we need to assign some properties to an EC2 instance
If we need to assign another resource like IAM Role to an EC2 instance
If we need to assign values which we got from the user in the parameter section
If we need to get some attributes of other resources
For the above kinds of scenarios, we can use intrinsic functions to achieve what we need to do.
List of Intrinsic Functions
- Fn::Base64
- Fn::Cidr
- Condition functions
- Fn::FindInMap
- Fn::GetAtt
- Fn::GetAZs
- Fn::ImportValue
- Fn::Join
- Fn::Select
- Fn::Split
- Fn::Sub
- Fn::Transform
- Ref
Ref
ref is an intrinsic function that we mostly use. we use that function to refer some values to a property. we can use that to get value from parameters or we can use that to get the reference for another resource
Fn::FindInMap
This is another useful intrinsic function. we use this function to get values from the mapping section in the template
!FindInMap [ MapName, TopLevelKey, SecondLevelKey ]MapName
The logical name of mapping is declared in the Mappings section that contains the keys and values.
TopLevelKey
The top-level key name. Its value is a list of key-value pairs.
SecondLevelKey
The second-level key name, which is set to one of the keys from the list assigned to TopLevelKey.
You can find more details and usages about other functions from here
Pseudo parameters
Pseudo parameters are parameters that we can use to get the details about our regions, stack details account details, etc. they are predefined parameters by AWS CFT
List of pseudo parameters
- AWS::AccountId
- AWS::NotificationARNs
- AWS::NoValue
- AWS::Partition
- AWS::Region
- AWS::StackId
- AWS::StackName
- AWS::URLSuffix
AWS::Region
This is a very useful pseudo param that we use in our template. We use this parameter to get the region that we are currently logged in to AWS. We need to use this with Ref intrinsic function
Sections of Template
Now we are going to discuss the sections of CFT, basically, there are six sections
- AWS Template Format Version
- Description
- Parameters
- Mappings
- Resources
- Outputs
AWS Template Format Version
This will be used to indicate the version of the template we are using. the capabilities could be different depending upon the version. If you don’t specify a version it will be the latest version.
Description
In this section, we can describe a little bit about our template like why do we use this template, what is the purpose of this template. This should be a string that is between 0 and 1024 bytes in length.
Parameters
These parameters we define to customize the template at run time. Basically, we define parameters that we should get from users when creating a stack and then we can apply them in the template. The basic structure of parameters can be seen as follow.
After that, we can use these user-defined values using ref intrinsic function at later parts
Constraints
- The number of parameters should be less than 200 for each template
- Each parameter must be given an alphanumeric and unique logical name
- Each parameter must be given supported parameter type
- Parameters can be given a default value to use if that won’t be defined in the runtime
- Parameters can be referenced in resources and output sections in the template
You can find more details of the structure and usage of the parameters below
Mappings
We use this section to match a key to a corresponding set of named values. We basically use this to set properties to our resources based on region. The important thing is we can’t use intrinsic functions, pseudo parameters in this mapping section. The syntax is as follows.
Example to map imageId based on region as follows
We can use these values in our resources section using Fn::FindInMap intrinsic function
Resources
Resources are the main and compulsory section of the template. We define the AWS resources that we need to create in the stack along with the properties for them in this section. as examples EC2 instance, S3 bucket, RDS database, etc.
The structure to define resources in the template is as follows
There are three resource fields we need to define for each resource
Logical ID
This is an alphanumeric and unique field that we use to refer to the resource we are going to define so that we can reference this resource by using this logical ID in later parts of the template.
Resource type
This should be a valid AWS resource type that identifies a resource we are declaring. The list of resource types that you can use is as follows
Properties
These are the properties that we may assign to resources. these are the same things that we defined when we create the resource using the AWS management console. For example, we can define memory, machine image, storage size, etc.
Outputs
In this section, we define the details that should show finally after successful stack creation. as examples, we can output bucket name that was created, EC2 instance ARN that was created, etc. The maximum outputs that we can define are 200 for a template.
Important points to Output section
- Export names must be unique within a region
- A stack cannot be deleted if another stack is referencing one of its output
- An output value that is referenced by another stack, cannot be removed or modified.
