AWS CloudFormation StackSets and Nested Stacks
AWS CloudFormation lets you model and provision resources for your environment using programming language, leveraging the concept of Infrastructure as Code (IaC). You don’t need to manually create all of your resources one by one, CloudFormation will do this for you. All resources are defined on the AWS CloudFormation template. This means that this AWS environment can be reliably and easily reproduced since everything is declared on a template. For example, creating a new Test environment similar to your current setup, or when creating a Disaster Recovery environment in another region.
With AWS CloudFormation, you can either upload your own template, use a sample template, or create a template using Designer. These templates can be in JSON or YAML format. Resources that will be created from these templates are treated and managed as a single unit called stacks.
AWS CloudFormation is used mainly for automating deployments of different applications. If your application has cross-region and multi-accounts deployment requirements, you should consider using StackSets. This will allow you to do these kinds of deployment simultaneously with ease.
Diagram from AWS Docs
The following is a step-by-step guide on how to create a StackSet that you can use when deploying on CloudFormation.
1. Just like when creating a regular CloudFormation stack, you can either upload a template, use a sample template,
or create a template using Designer.
2. Provide a name and description for your StackSets. You can also configure your parameters here if you have any on your template.
3. The next step is to add Tags and IAM Role if you need one.
4. Now we have two options on how we will do the deployment: through (1) accounts or (2) organizational units. You need to provide the Organization ID if you want to deploy using an organizational unit. For AWS accounts, you can provide a list of account numbers on the field or upload it as a .csv file.
5. Specify the region of the deployment. You can select multiple regions here.
6. There is also an optional configuration where you can set a number for the maximum concurrent accounts and failure tolerance of your deployment.
7. Once done, you just need to Review all the configurations you set. Lastly, you can now proceed with the deployment.
As your infrastructure grows, there will be some cases where you need to declare the same resources to multiple CloudFormation templates. In these instances, it is a good practice to use nested stacks. You can create separate templates for these common resources and reference that on other templates. This way, you’ll avoid copying and pasting the same configuration on your templates, and this also simplifies stack updates.
Creating Nested Stacks
The following steps will guide you on how to create Nested Stacks.
For example, we have this simple CloudFormation Template in YAML format named ‘cf-template-s3.yaml’ that creates a bucket on S3.
1. Let’s upload this template on a bucket and take note of its object URL.
Using this template, we will create a nested stack into the main stack using the AWS::CloudFormation::Stack resource. We have here the template named ‘cf-template-stack.yaml’ for our main stack. On the Resources part, we set the logical name “MyStack” and put the Object URL of ‘cf-template-s3.yaml’ on TemplateURL.
The important part here is the output. As you can see here, ‘cf-template-s3.yaml’ is referenced on the main stack ‘cf-template-stack.yaml’. This enables the GetAtt function to pull out the values of the output in the other template.
2. Now let’s create a stack and upload the template for our main stack.
3. Provide a stack name and click Next.
4. Here, we just set a tag and leave everything as default. Once done reviewing the stack, click Create Stack and it will now begin the deployment.
On the Stack Events, you will see the progress of the deployment. You’ll also see here if there are any rollbacks that happened. You’ll notice that there are two stacks created: our main stack and the nested stack.
Looking at the output of our main stack, you will see the created bucket on our nested stack.
Deploying a complex architecture can be a real pain and maintaining it is another thing. AWS CloudFormation has made these tasks much easier to accomplish. While StackSets enables us to do multi-account and cross-region deployments, nested stacks on the other hand makes the process of updating stacks easier. Imagine doing these things manually. You can also see the list of CloudFormation best practices for additional guidelines.