What is AWS Cloudformation? Pros and Cons?

00:00

what is going on guys i am very very

00:02

excited about this video because i

00:04

finally get to talk to you about one of

00:06

my favorite aws services

00:08

aws cloud formation and the reason that

00:11

i wanted to make this video is not only

00:12

because i love aws cloudformation

00:15

but because i think it is such an

00:17

important skill right now

00:18

especially in the software industry but

00:20

it could be kind of intimidating to

00:22

learn

00:22

so what i wanted to do in this video is

00:24

just kind of give you a very simple

00:26

understanding of what cloudformation is

00:28

so in terms of what to expect we're

00:31

first going to talk about

00:32

what is cloud formation and i'm going to

00:34

explain to you with a very simple

00:35

example

00:36

second we're going to talk about the key

00:38

cloud formation concepts

00:39

from there we're going to talk about the

00:41

pros and cons of using cloud formation

00:43

and then from there we're going to talk

00:44

about how it compares to some other

00:46

popular infrastructure as

00:48

code solutions such as terraform

00:50

serverless framework aws sam

00:53

also known as serverless application

00:55

model and

00:56

aws cdk which is cloud development kit

00:59

and then finally i'm going to talk to

01:01

you about how to get started learning

01:02

cloud formation

01:03

for your next project so first of all

01:06

let's explain

01:07

what cloudformation is through a very

01:09

very simple example

01:10

so let's say you're just getting started

01:12

on aws and you go ahead on us east one

01:15

you're in the aws

01:16

console you want to build a rest api and

01:18

you're going to use api gateway combined

01:20

with a lambda function because it's

01:22

super super

01:23

easy to build rest apis and by the way i

01:25

have a whole video on this and i think i

01:27

have one where you can set this up in

01:29

eight clicks or something like that

01:30

i'll put that in the description so

01:32

you're having a good time in aws console

01:34

you're doing all this stuff manually

01:36

you decide hey i need a database i need

01:38

my dynamodb table so you go ahead and

01:40

create that

01:41

and then you decide later hey i also

01:42

needs an s3 bucket to store some of my

01:44

log data or some other metadata about my

01:46

app

01:47

you go ahead and create that and you're

01:49

like hey i need some roles that go along

01:51

with my lambda function now to access

01:53

this stuff

01:54

okay then i want aws athena to perform

01:56

analytics

01:57

i want to create some users for my

01:59

business users to access athena

02:01

then they gotta get logins and passwords

02:04

then you gotta get permissions to them

02:06

as well

02:06

and you can see this is getting very

02:09

very difficult to manage just in this

02:10

very simple example

02:12

and then what's worse after that well

02:15

your boss comes to you and says hey dan

02:17

your application is doing really well

02:18

we want to move it over to eu west one

02:21

because we want to serve

02:22

our european customers too and then

02:25

you've got to do this and you've got to

02:27

do this all through the console

02:29

and you better hope you remembered the

02:32

name of every resource you

02:34

created and all the permissions that you

02:36

added and you better hope that you

02:37

didn't forget anything because then all

02:39

this isn't going to work

02:40

and you just feel like this guy this

02:42

isn't a good feeling to have to

02:44

kind of copy paste all this stuff so no

02:46

one wants to feel like this guy no one

02:47

wants to look this sad this upset this

02:49

frustrated

02:50

so there must be a better way what is

02:53

the better way

02:54

and this is where cloudformation comes

02:55

in so wouldn't it be nice

02:58

wouldn't it be nice instead of going

02:59

into the console and clicking

03:01

a thousand buttons and creating all

03:03

these things and having to manage them

03:05

and remember them

03:06

that we can instead write a document

03:09

write a file a template file that

03:11

defines how each of these things are

03:13

created

03:14

how they are constructed every

03:16

connection between them all the

03:18

permissions

03:18

and have that all written as code and

03:21

wouldn't it be nice

03:23

if we can upload that to aws and say aws

03:26

can you go ahead

03:27

and deploy this file and create your api

03:31

gateway create your lambda function

03:33

create your roles create your dynamodb

03:35

table your s3 bucket

03:37

your athena databases your users your

03:39

everything wouldn't it be nice if we can

03:41

just upload a simple file

03:42

to somewhere and get aws to do this

03:46

well this is what aws cloudformation is

03:49

it is an infrastructure as code provider

03:52

that allows you to do

03:54

just what i demonstrate it allows you to

03:56

create and define

03:57

a file and then upload that to aws

03:59

cloudformation which is this guy here

04:01

and aws cloudformation through a single

04:04

click will take that file and go

04:06

and deploy every single thing in this

04:09

diagram

04:09

for you and then give you status updates

04:12

on the way to say yeah this is done

04:13

that's done that's done

04:15

and then oops what if something goes

04:16

wrong maybe your lambda function is

04:18

having a problem

04:19

it'll automatically roll back for you

04:21

wouldn't that be nice

04:22

well that's exactly what aws

04:24

cloudformation is and that's why it's so

04:26

awesome

04:27

it's so easy to use all you do is define

04:30

your template files

04:31

you upload them there's a couple

04:33

different means to upload them which

04:34

we'll get to in a second

04:35

it's great for regional expansion so if

04:37

you want to move all this stuff to a

04:39

different region if your business is

04:40

quickly growing then it's great for that

04:43

it's got a whole bunch of other benefits

04:45

but this is the main idea you write a

04:47

template file

04:48

you upload that to cloudformation in

04:50

this case and that is responsible for

04:52

creating

04:52

all of this different stuff here that is

04:54

what cloudformation is in a nutshell

04:57

so let's move on to the key concepts of

04:59

cloudformation now

05:01

uh so the first one is that you create

05:04

these

05:04

uh template files that are in either

05:07

yaml or

05:08

json now for whatever reason yaml has

05:11

really taken off i don't know why you

05:13

would expect that everyone would use

05:14

json

05:15

but it seems like the community has

05:17

decided that yaml is the way to go

05:19

and i've been doing this for a while and

05:21

i gotta say it looks pretty clean when

05:23

you use yaml compared to json so i'm

05:25

all for that but anyways you define

05:27

these templates and these template files

05:29

contain

05:30

resources and the resources are

05:32

essentially all the aws things that you

05:34

want to create

05:35

your you know s3 buckets your sqs cues

05:38

your

05:38

im rolls your users everything that goes

05:41

with it

05:42

so that is the first concept so what do

05:44

these templates even look like

05:46

well this is a example of a lambda

05:48

function

05:49

in a yaml format so what are we looking

05:51

at here well this is the name

05:53

of your resource and the type of your

05:56

resource is a lambda function

05:58

and then you're defining some properties

06:00

on that lambda function and you're

06:02

saying the handler's

06:04

input file is the index.handler you're

06:06

seeing it has a role called this guy

06:08

and this example is actually doing

06:10

something fairly interesting typically

06:11

what you would do with the lambda

06:12

function

06:13

is in the code section here you would

06:15

give it a zip file that's located in s3

06:18

but what they're doing here is actually

06:20

kind of interesting it's it's a little

06:21

bit of a shortcut so they're using

06:23

substitution

06:24

to do some inline javascript so all this

06:27

javascript down here this is going to be

06:28

the definition of your lambda function

06:30

and then finally it lets you specify the

06:32

runtime of it

06:33

now this is how you would define in this

06:35

case a lambda function but it's the same

06:38

format for every other aws resource you

06:40

just specify the type

06:42

if you want an sqsq you put that here if

06:44

you want an s3 bucket you put that here

06:46

there's recipes that you can follow and

06:48

this stuff is very very well documented

06:51

so that is the first concept you kind of

06:52

define these yaml or json files that are

06:55

called templates and they contain it of

06:57

us

06:57

resources so the second key concept is

07:00

something called stacks

07:01

and these are the things that are the

07:02

logical groupings of your templates and

07:04

their resources so maybe you would

07:06

set this up on an application level so

07:08

every application has a different stack

07:10

you can combine multiple template files

07:12

together so you can kind of sum them up

07:14

and deploy them all at once

07:15

with the same stack you can also create

07:18

something called

07:18

nested stacks where you can have kind of

07:21

graph like relationships between your

07:23

stacks if you want to deploy something a

07:24

little bit more complex

07:26

but that's stacks and the third main

07:28

concept to know about is something

07:30

called change sets

07:31

and what change sets are are basically a

07:34

diff

07:34

between what cloudformation has from

07:36

your previous upload

07:38

and what you are attempting to upload so

07:40

they are the diff between those two

07:41

things

07:42

similar to what you would see on git if

07:44

you have a diff between two git commits

07:46

uh so what change sets basically do is

07:48

show you a preview of what

07:50

cloudformation is going to do in its

07:52

incremental update

07:53

so cloudformation always updates

07:55

incrementally it always looks at what

07:57

has

07:58

changed since your last upload and only

08:00

performs updates on things that have

08:02

changed so that's how cloud formation

08:04

works it works in incremental steps

08:07

so those are the key concepts now let's

08:09

talk about some of the pros and cons of

08:11

cloudformation so in terms of the pros i

08:14

kind of mentioned a lot of them here

08:15

but it makes your life just a whole lot

08:17

easier it's very simple and quick to

08:19

whip together some recipes that can do

08:21

some pretty complicated things

08:23

like i said it's also great for regional

08:24

expansion so you can very very quickly

08:26

deploy this out to multiple different

08:28

regions

08:28

with just a couple clicks second it

08:31

allows you to introduce code review

08:33

mechanisms for infrastructure changes

08:36

i can't tell you how many times i've

08:38

seen people accidentally fat finger

08:40

something

08:41

and delete either a queue a database a

08:43

bucket a file

08:44

something on aws and you just think why

08:48

why did you do this to yourself so using

08:51

infrastructure as code and cloud

08:52

formation in particular you can add an

08:55

additional layer of verification to your

08:57

infrastructure

08:58

change process through code reviews so

09:00

instead of someone just going in there

09:02

and making changes directly in the

09:03

console without anyone knowing

09:05

you can kind of release your

09:06

infrastructure updates through a change

09:08

management process

09:10

that is backed by code reviews uh the

09:12

third main pro is that you can very

09:14

easily integrate this with the ci

09:16

pipeline ci stands for continuous

09:18

integration

09:19

so you can attach your yaml or json

09:22

template files to

09:23

things like github hooks and based on

09:25

changes to your files it'll

09:27

automatically trigger a

09:28

pipeline in aws through code pipeline

09:31

and deploy all your changes through

09:32

cloudformation

09:33

so it's very very quick and easy to get

09:35

started with this and introduce a full

09:37

ci pipeline for your infrastructure

09:39

changes

09:40

fourth it's got a huge community support

09:42

cloudformation has been around for many

09:44

years

09:45

uh it's not a new service by any means

09:47

there's tons of stack overflow help tons

09:50

of community volunteers that'll help you

09:52

kind of work through some of your

09:53

problems so

09:54

you're not alone if you face some issues

09:56

with cloud formation

09:57

now in terms of the cons every great

09:59

thing has its set of weaknesses and

10:01

cloud formation is no different

10:03

so the first con is that it's a little

10:05

bit of a steep learning curve

10:07

and i would say that this is less true

10:10

more recently because like i said it's

10:12

got a large community support and

10:13

there's tons of examples out there

10:15

but it's just a little bit difficult

10:16

getting started because there's a lot of

10:18

concepts at play and a lot of different

10:20

recipes and things that can go wrong

10:22

that can impact you so i would say it's

10:24

got a steep learning curve but once you

10:26

learn the main concepts this stuff is

10:28

cake like it's very very easy to

10:30

understand

10:31

the second main con is that i learned

10:34

this the hard way which is that innocent

10:36

looking changes can be dangerous

10:38

and what i mean by this is that in my

10:40

particular case

10:41

if you change the name of a resource

10:44

such as a dynamodb

10:45

table or a database instance or whatever

10:48

changing the name will

10:49

cause cloudformation to delete that

10:51

thing and spin up a new one

10:53

and when it deletes it there goes all

10:55

your data so

10:56

you gotta understand the nuances of

10:58

cloudformation formation because

10:59

unfortunately these things do exist and

11:01

it can't come to bite you so you just

11:03

kind of need to be aware of them before

11:04

you get started

11:06

and the third one is there's this

11:08

concept of drift and it can be painful

11:10

if you're not aware of it

11:11

and drift is this concept that

11:13

cloudformation keeps a snapshot of what

11:16

it

11:16

thinks the state of your aws account is

11:19

and all the resources that are tied to

11:21

your cloudformation stack

11:22

and it kind of persists this snapshot

11:24

and that snapshot typically only changes

11:27

when you perform an update through a

11:28

change set through that process that i

11:30

spoke to you

11:31

before about however if you come

11:34

you know through your aws console or

11:36

through to your aws cli

11:37

and you make a modification directly to

11:40

some of the resources that your

11:41

cloudformation stack is in charge of

11:44

maintaining

11:45

then that causes drift which is an out

11:47

of sync issue where cloudformation

11:50

thinks

11:50

that your resource is set up in this way

11:52

but in fact on aws

11:54

it is set up in a different way so what

11:56

i'm trying to say here is that when you

11:57

start

11:58

using cloudformation to manage your

12:00

resources you kind of need to

12:01

treat your aws account as read-only you

12:04

shouldn't be making manual changes

12:07

in your account anymore that'll cause a

12:09

concept called drift

12:10

and it can actually cause your

12:11

deployments to fail on cloud formation

12:14

uh so be aware of drift it's i label it

12:16

as a con but maybe it's just kind of a

12:17

negative feature about cloud formation

12:19

so we talked about what's good and

12:20

what's bad now let's talk about

12:22

uh kind of how does it compare to some

12:24

other popular infrastructure as

12:26

code solutions uh so the first one that

12:28

i want to talk about is aws sam stands

12:30

for serverless application management

12:32

and under the hood sam actually uses

12:35

cloudformation

12:36

it's great for setting up like it says

12:38

serverless applications so lambdas api

12:40

gateways

12:41

it really helps you build serverless

12:43

applications very quickly

12:45

now on the other side of that coin is

12:47

the serverless framework which i would

12:49

say

12:49

is pretty much a direct competitor to

12:51

aws sam

12:52

but interestingly serverless also uses

12:55

cloud formation under the hood

12:56

but it uses kind of a wrapper language

12:58

on top of it

13:00

that you need to use but it looks very

13:01

very similar to what cloudformation

13:03

looks like

13:04

so these are very very similar sam and

13:06

serverless there's not too much

13:08

differences between them but

13:09

you know one is supported and built by

13:11

aws one is not so

13:13

take that as your deciding factor

13:15

perhaps

13:16

now the next popular one is terraform

13:18

and what terraform is great at

13:20

is if you have a kind of mix and match

13:23

scenario where some of your

13:24

infrastructure may be on

13:26

azure some of it may be on aws some of

13:28

it may be elsewhere

13:29

in another cloud provider terraform is a

13:31

great wrapper on top

13:33

of cloud infrastructure concepts which

13:35

allows you to be provider agnostic

13:38

a lot of people like to say that

13:39

terraform is more dedicated to

13:40

infrastructure i don't think i would

13:42

necessarily agree with that but that's

13:43

kind of what the community has decided

13:45

and then finally there's aws cloud

13:47

development kit and this is kind of a

13:49

newer offering from aws

13:51

and cdk allows you to write actual

13:53

javascript or typescript or some other

13:55

languages as well

13:56

and declare your infrastructure as code

13:58

in your template files as opposed to

14:00

using

14:00

this json or yaml notation so it allows

14:04

you to use

14:04

constructs like if statements for loops

14:07

all that kind of stuff that you would

14:08

expect in a standard programming

14:09

language and because of that it allows

14:11

you to do some very interesting and

14:12

flexible things

14:14

so this is kind of the newer hotter

14:15

thing to learn right now cloud

14:16

development kit

14:17

now another thing that i wanted to point

14:19

out was that all of these sam

14:21

serverless terraform and cdk all compile

14:24

down to cloud formation to deploy to aws

14:28

so regardless of which one of these

14:29

things that you choose

14:31

if you're ever facing problems with any

14:33

of these frameworks

14:34

you're probably going to need to know

14:35

how cloud formation works to debug the

14:37

problem

14:38

so it's a very good starting point very

14:40

good foundational

14:42

skill to learn because it's going to be

14:44

present in all of these different

14:46

frameworks and actually some of the

14:49

notation is almost identical

14:51

to what you would see in a cloud

14:52

formation template file

14:54

in yaml now if you're just getting

14:56

started i would suggest to probably

14:58

learn sam first and the reason i say

15:01

this is because

15:02

if you're trying to get started through

15:04

the console it's not a very good process

15:06

in terms of development cycles

15:09

you kind of got to upload a new template

15:10

file every time you make a change

15:12

try it out see if it fails you know make

15:14

a change again upload it try it out

15:16

yada yada yada now if you're using sam

15:18

it comes with a handy cli tool in fact

15:21

these all do so maybe this applies to

15:22

all these different ones but

15:24

i i learned on sam i think it's

15:25

straightforward but anyways because

15:27

you're using a cli

15:29

tool to update your cloudformation stack

15:31

your very very quick cycles because you

15:34

just define your cloudformation file

15:36

locally so it allows you to test things

15:38

out kind of just get your feet wet and

15:39

experiment a little bit

15:41

so i would definitely use sam when

15:43

you're getting started in terms of like

15:45

mechanically what should you do to get

15:47

started install sam

15:49

read some of the documentation on aws

15:51

cloudformation and just get started with

15:53

something basic like a lambda function

15:55

and maybe like an s3 bucket just get

15:57

your feet wet and just create some stuff

15:59

like anything you learn by doing and

16:00

cloud formation is no exception

16:02

so i'm going to be coming out with a

16:03

follow-up video to this which is kind of

16:05

getting started with sam and getting

16:07

started with cloudformation to develop

16:08

serverless applications so i'll put that

16:10

in the description section when it is

16:12

available

16:12

and if you like this video be sure to

16:14

check out my channel i have a whole

16:15

bunch of aws

16:16

and software engineering system design

16:18

videos available on my channel

16:20

and as always please don't forget to

16:21

like and subscribe and i'll see you next

16:23

time