AWS — Infrastructure as Code Tutorial — Step 1.1 — CloudFormation

Please make sure you read Prerequisites for course first.

I will leave the introduction for the importance of “Infrastructure as code” to AWS.

From the Operational Excellence Pillar:

  • Perform operations as code: In the cloud, you can apply the same engineering discipline that you use for application code to your entire environment. You can define your entire workload (applications, infrastructure, etc.) as code and update it with code. You can script your operations procedures and automate their execution by triggering them in response to events. By performing operations as code, you limit human error and enable consistent responses to events.

There are 3 more principles, but the aforementioned are related to our course.

Note: all steps are in GitHub repository

Getting started .. with failure

Let us get started… With the simplest possible template (creating empty VPC) -well, with the bad template first 😃- as one of the principles is “Anticipate failure”

Filename vpc-with-error.yaml on GitHub.

You heard right — we’ll be using Yaml

If we try to deploy it the good old way through the console, we’ll get an error

_________________________________________________________

Some knowledge of Yaml is really needed here. 4 rules we need to know for now:

  • Anything in Yaml is Key: Value

_________________________________________________________

Your guess is — below, we are either missing a Value for Properties, or Properties is a section.

Indeed we are missing something— and here it comes The Anatomy of CloudFormation Template

“The required Resources section declares the AWS resources that you want to include in the stack, such as an Amazon EC2 instance or an Amazon S3 bucket”

Important: Resources is the only required section in the template

Next, the CidrBlock line must have an indent. Let us correct it:

We still see that red curly underscore after Properties:, so something is still not right. If we try to deploy it again, we will not get an error right away, instead:

  1. Stack will start running

If we check the Events tab, we can see it ended up with rolling back changes:

And now we see the error:

The CIDR ‘10.0.0.0/8’ is invalid. (Service: AmazonEC2; Status Code: 400; Error Code: InvalidVpc.Range; Request ID: 754a74bb-a9c2–4830-b969-a7700711d815; Proxy: null)

Make sure to delete the failed stack, before proceeding to the next step.

Ok, so it is not a Yaml error, but inattentiveness.

VPC CidrBlock netmask (10.0.0.0/8) must be between /16 and /28

Let us correct it.

Filename vpc.yaml on GitHub

This time template will be deployed, without errors (we will discuss the yellow curly underscored line later - make sure you have cfn_nag installed)

Do not forget to delete Stack

CFN-LINT — avoiding a long wait in the line

Let us summarize what we have done:

  1. We had to upload the template 3 times

Reasonable question: anything we can do before even trying to run the template?

We can do it — with the help of cfn-lint

Let us go back to our bad template:

cfn-lint.exe .\vpc-with-error.yaml

Error 1. Yaml syntax — E0000 Null value at line 5 column 16 — having knowledge of CloudFormation Anatomy about sections, we realize it is an Indentation error

cfn-lint.exe .\vpc-with-error.yaml

Error 2. ( inattentiveness ) — E2505 VPC Cidrblock netmask (10.0.0.0/8) must be between /16 and /28 — error explicitly says what to correct

And finally no output from cfn-lint — if no error

cfn-lint.exe .\vpc-with-error.yaml

Summary:

  • We now have some knowledge of Yaml syntax. — Read more about Yaml language syntax

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store