Building Infrastructure as Code with AWS Cloudformation

Another guest author article!

Image Source 


Infrastructure as Code (IaC) is gaining attention as a method for improving the resilience, consistency, and scalability of IT infrastructure. IaC enables you to configure infrastructure in the form of a code file. Since it is just text, you can easily copy, edit and distribute the file.

When people want to build infrastructure as code on AWS, they usually deliberate between AWS CloudFormation or Terraform. This article focuses on CloudFormation, reviewing its benefits and basic operations.

What Is Infrastructure as Code?

Infrastructure as Code (IaC) is a method for managing and provisioning IT infrastructure by using code, rather than manual processes. IaC enables you to automate complex processes like the configuration of a virtual machine. In addition, developers can use IaC to rebuild the exact same virtual environment over and over again with simple text-based templates.

Developers can use automation platforms like Puppet or Chef to transform infrastructure into code. These frameworks can work on-premises and in the cloud. For example, you can use CloudFormation templates for an AWS environment, as well as for internal data centers.

What Is AWS CloudFormation?

CloudFormation is an AWS service that provides Infrastructure as Code capabilities. CloudFormation uses human readable templates, JSON or YAML configuration files to define your environment. CloudFormation reads a template and automatically creates a set of ready to use resources, called a stack. You can manage and make changes to the stack after it has been deployed.

Developers can build their own template or choose one from Amazon’s collection of free templates. In addition to Amazon’s templates, there are many third-party tools that work with CloudFormation. This includes vendors like CloudReach and New Relic and open source tools like Stack Master.

Despite its relative maturity, CloudFormation still has some issues:

  • Creating a new template—is difficult and takes a lot of time. You have to declare all the resources you want to create and provide a detailed structure from the first step. However, after creating a few templates you can reuse existing code segments for new templates.
  • A long feedback cycle—you need to validate templates with an external API. As a result, you cannot find errors before running the template. This process is very time consuming and starts late in the development cycle.

4 Main Benefits of IaC on AWS

IaC has become an essential requirement for DevOps teams. Enterprises can build scalable and agile infrastructure using IaC with AWS. DevOps teams can automatically deploy or swap servers, install and test software on AWS services. IaC makes infrastructure management simpler.

1. Visibility

CloudFormation templates have an easy-to-understand format. You can view and edit the template code in any text editor. Templates clearly state the resources you want to create with all the required parameters. As a result, everyone on your team can easily understand what is being deployed.

2. Stability with version control

Unintentional template changes can cause service interruptions or errors. CloudFormation lets you save templates in a version control system like Git, and maintain a tested template version for production.

You can revert to the tested, working template when something goes wrong. CloudFormation tests deployments for errors, and rolls back to a last known good configuration when an error is detected.

3. Scalability and Reusability

You can deploy the same template over and over again. In addition, you can reuse the same stack on multiple systems in your organization, or deploy it several times on the same system. This feature is also useful when migrating applications to the cloud, because  you can set up applications in AWS using CloudFormation templates.

4. Automation

CloudFormation enables you to declare the final result of your deployment, and perform the right set of operations that gets you there. You do not need to create scripts or perform any manual actions. CloudFormation can automatically build a fully working stack.

How Does CloudFormation Work?

CloudFormation enables you to configure IaC on AWS. You can directly edit templates in a text editor or in the CloudFormation Designer. The CloudFormation service is free, but Amazon charges for other services you want to use when implementing IaC through templates.

The following diagram shows the CloudFormation process:

  1. Create a template
  2. Save the template as an S3 bucket.
  3. CloudFormation creates a working stack based on template configurations.

Managing Changes in Templates

When you change a template, CloudFormation identifies that a template has been changed and creates a changeset. A changeset points out what you need to change in the provisioned resources to reflect the template changes. The resources are automatically modified when you approve and execute the changeset.

Keep in mind that changesets cannot indicate whether your template updates are successful. For instance, a changeset does not check if you are updating a resource that does not support updates, or if you do not have permission to make changes in a resource. This can result in a stack update failure. To avoid this, you need to review the changeset and make sure that CloudFormation can perform the expected changes.

Example of Cloudformation Template

The following example shows a CloudFormation template in the JSON syntax. The template creates an S3 bucket as a website with external access. The S3 bucket will not be deleted when the CloudFormation stack is deleted.


“AWSTemplateFormatVersion” : “2019-10-09”,

“Resources” : {

“S3Bucket” : {

“Type” : “AWS::S3::Bucket”,

The AccessControl property is set to “PublicRead” because buckets for website hosting require a public read permission

“Properties” : {

“AccessControl” : “PublicRead”,

“WebsiteConfiguration” : {

“ErrorDocument” : “error.html”

“IndexDocument” : “index.html”,




The “Retain” attribute specifies that CloudFormation will not delete this bucket when it deletes the stack.

“DeletionPolicy” : “Retain”



The output section uses the WebsiteURL attribute to specify the URL of the website hosted on S3. The DomainName specifies the S3 bucket name that holds the website content.

“Outputs” : {

“WebsiteURL” : {

“Value” : { “Fn::GetAtt” : [ “S3Bucket”, “WebsiteURL” ] },


“S3BucketSecureURL” : {

“Value” : { “Fn::Join” : [ “”, [ “https://”, { “Fn::GetAtt” : [ “S3Bucket”, “DomainName” ] } ] ] },





Before Infrastructure as Code, IT teams had to manually manage and change configurations of their infrastructure. They used scripts to automate tasks, but that was not enough. IaC was the next logical step in solving many of the problems caused by manual management of IT services. IaC enables IT teams to leverage the full potential of cloud computing by eliminating manual, error-prone tasks. In addition, IaC reduces costs and improves efficiency at all stages of software development life cycle.


Author Bio

Image source

Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Samsung NEXT, NetApp and Imperva, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.


Leave a Reply