Simply put, AWS CloudFormation is the service that makes Infrastructure-as-a-Code feasible on AWS. That is, it allows you to be able to write scripts to provision AWS services and other compatible 3rd party services.


Benefits of AWS CloudFormation

  • Create defined and versioned scripts to provision AWS services and components in a predictable manner.
  • CloudFormation allows provisioning in defined order, and supports dependencies be defined.
  • You can maintain (versioned) scripts of approved composition of services that have been tested and approved.
  • You can stack together related CloudFormation scripts to create complex environments.
  • Templates allows you to create, update, or delete entire stack rather than attempting to make changes at each resource level.
  • You can take your scripts across Regions (with changes if required).
  • Achieve compliance by using pre-approved versions.
  • DevSecOps integration.


Key Concepts of AWS CloudFormation

Dealing with CloudFormation, you work with Templates, Stacks, and Change Sets



The Template is a text file in which you define the provisioning of AWS and 3rd party resources (and dependencies, security requirements, etc.). You define this Template in JSON or YAML code.


A simple example of JSON Template:

CloudFormation JSON Example


A simple example of YAML Template:

CloudFormation YAML Example



Composition of a CloudFormation Template

CloudFormation Template has following sections (only one section is required, rest are all optional):

CloudFormation Template Components


Helper Scripts

CloudFormation supports following helper scripts to facilitate installation of software and starting of services on EC2 instances as part of stack execution:

  • cfn-init – is used to retrieve and interpret resource metadata, install packages, create files, and start services
  • cfn-signal – is used to signal with the CreationPolicy or WaitCondition, thus defining prerequisites for resources.
  • cfn-get-metadata – is used to retrieve metadata for a resource or path to s specific key.
  • cfn-hup – is used to check for updates to metadata and execute custom hooks when changes are detected.
    • This is a key element for enabling DevOps via CloudFormation templates.




A Stack is simply a collection of related Resources that you group together to maintain as a single unit. Typically you would define one Stack in a single CloudFormation Template.

  • CloudFormation ensures that all resources defined in a Stack are created or deleted as a unit.
  • You can run updates on a Stack to modify some Resources (or their attributes).
  • You can work with stacks through AWS Console or AWS CLI.



Change Sets

This enables you to make changes to resources of a Stack that are already live in the environment.

  • You can create, update, or delete resources per your need, by running Stack updates.
  • Or, you can delete the complete set of resources (that are part of a Stack) by running delete-Stack.


Key Points

  • CloudFormation enables Infrastructure-as-a-Code capability in AWS – thus enabling automation, and making DevSecOps easier in AWS.
  • CloudFormation scripts may be coded in JSON or YAML formats. You can also leverage AWS Cloud Development Kit (AWS CDK) and define the infrastructure using other languages like Java, Python, TypeScript, and .NET.
  • You can use CloudFormation scripts to make changes to the environment, and preview the changes before executing them.
  • AWS provides several Sample Templates for commonly used environments, such as creation of WordPress, LAMP, etc.
  • AWS CloudFormation Designer is a UI based tool that makes facilitates visual way of creating, updating, and deleting CloudFormation Templates.



There is no charge for CloudFormation. You pay for the resources created by CloudFormation.


External Resources