AWS Cloudformation Step by Step Tutorial - Create a DynamoDB Table!

00:00

if you've been struggling getting

00:01

started with aws cloud formation

00:03

then this is going to be the video for

00:04

you so in this video we're going to talk

00:06

about some of the key concepts of aws

00:09

cloud formation

00:10

then i'm going to walk you through the

00:11

console and show you how to set up a

00:13

cloudformation stack

00:14

and how to use it to deploy resources to

00:17

your aws account

00:18

so let's just jump right into it and

00:19

start going over what we have in front

00:21

of us here

00:22

so the first thing that we need to worry

00:23

about in terms of cloudformation

00:25

is creating a template file so that's

00:28

the first thing that we're going to do

00:30

after we go through the concepts here

00:32

we're going to create this template file

00:34

and a template file is just basically a

00:36

definition file of all of the aws

00:39

resources that you're going to be

00:40

creating

00:41

when you upload this file into

00:43

cloudformation in the next few minutes

00:45

i'm going to show you an example of what

00:46

one looks like that creates a dynamodb

00:49

table and an iam role that allows you to

00:51

access it

00:52

so that's the first thing we need to do

00:54

create the template file and the

00:56

template files can either be in json or

00:58

yml format

01:00

for whatever reason yml has really

01:02

picked up it's really

01:03

kind of been selected as the convention

01:05

that the community seems to use for the

01:06

most part

01:07

don't ask me why i thought it would be

01:09

json but it is what it is

01:11

so just keep that in mind so after we

01:13

create this template yml

01:14

file uh we're going to go into aws

01:17

cloudformation and we are going to

01:18

create a stack

01:20

that is going to be our second task and

01:23

when we create a stack we have to

01:24

specify an initial

01:26

template file that we want to deploy to

01:29

that stack and the stack is just

01:30

basically like a logical grouping of the

01:33

aws resources that are going to belong

01:35

to

01:35

this project so after we create the

01:38

stack one of the settings is obviously

01:40

to define the template file

01:42

so we're going to select that template

01:43

file and we're going to tell

01:44

cloudformation to

01:46

deploy this stack using this template

01:49

file that we just specified

01:50

then cloudformation is going to go out

01:52

it's going to go to services like

01:53

dynamodb

01:55

it's going to go dynomo yep it's going

01:58

to go to iam

02:00

and it's going to create all the

02:01

resources that we specified in step

02:03

number one over here

02:05

so that's the basic idea of how you

02:07

initially get your resources created in

02:09

cloud formation

02:11

what comes after that is a concept

02:13

called change sets

02:14

so say we want to modify one of the

02:16

properties of our file over here we want

02:19

to change some value maybe from

02:21

x to y or something like that so how

02:23

this works in cloud formation

02:25

is you need to create a change set and

02:28

re-upload that modified file

02:30

into cloudformation and apply the change

02:33

set

02:34

to the stack that you originally created

02:36

what that's going to do is generate a

02:38

preview

02:39

of the changes that it needs to make the

02:41

incremental changes

02:43

that is um so if we changed x to y

02:46

it's going to detect that you know what

02:47

a resource change and it's going to need

02:49

to make

02:50

a modification to that resource when the

02:52

change set gets executed

02:54

so like i kind of alluded to we're going

02:56

to upload that new file we're going to

02:58

execute the change set

02:59

and then again cloudformation is going

03:01

to go out to dynamo

03:03

or whatever we're modifying in this case

03:05

and change the value of the dynamodb

03:08

table so that's what we're going to do

03:09

in this video i want to walk you through

03:11

now what the template file looks like

03:12

because that's an important

03:14

component of this whole question so

03:16

let's head over there now all right so

03:18

here we are looking at a template file

03:20

and this template file is just called

03:22

dynamotemplate.yml

03:24

so let's go through some of the

03:25

resources here and see what's actually

03:27

going on

03:28

uh so the first thing you notice is that

03:29

we're just specifying a version that's

03:31

fine you just specify the version that

03:32

you're going to be using

03:33

this seems to be the convention here we

03:36

have resources that we're going to be

03:37

creating

03:38

so we're creating a orders table here a

03:41

named resource called orders table

03:43

that's going to be a dynamodb table we

03:46

specify our table name here inside the

03:48

properties field

03:50

just keep in mind that whatever resource

03:52

type you're going to be creating

03:54

all the properties are going to be

03:55

different for instance if i were

03:56

creating a lambda function you wouldn't

03:58

expect to put a table name

04:00

for a lambda function it would probably

04:01

be something like function name so just

04:03

keep that in mind when you're specifying

04:04

your properties here

04:06

so all of these things like attribute

04:08

definitions author name

04:09

attribute type string these are all

04:11

specific properties to dynamodb

04:14

and we're kind of setting these values

04:16

through this cloudformation template

04:18

so you see there's a lot of things that

04:19

you can specify here such as attribute

04:21

definitions

04:22

the key schema if you want this key to

04:25

be a hash key

04:26

if you want this key to be a range key

04:29

you can specify

04:30

pretty much anything that you can

04:31

specify in the aws console

04:33

provided that cloudformation supports

04:35

the resource type

04:36

so even further time to lift

04:38

specification it's a great feature of

04:40

dynamodb

04:42

they can also specify things like the

04:43

provision throughput so the scaling

04:45

factors on your table

04:47

so down below over here we have a

04:49

different resource but i just want to

04:51

call your attention to this

04:52

important detail here this depends on a

04:56

line

04:56

and what we're doing in this case is

04:59

we're specifying the name of a different

05:01

resource dyno db

05:03

query policy and you see that this thing

05:06

right here this is what we're referring

05:08

to right so when i say depends on

05:10

in this dynamodb table i'm saying the

05:12

creation of this dynamodb table

05:14

is dependent on this policy being

05:17

created first

05:18

and this can be anything it can be a iam

05:21

role

05:22

it can be a lambda function it could be

05:24

an sqs

05:25

uh queue it could be anything that you

05:27

want you can create these complex

05:29

depends on relationships

05:30

just by specifying uh depends on here

05:33

and then creating kind of a nested

05:34

sequence of things that you want to

05:36

deploy

05:37

in a certain order and this makes sense

05:39

for things that have

05:40

a particular order in which they need to

05:43

be created

05:44

such as a log group on a lambda function

05:47

the lambda function needs to exist

05:49

before the law group can exist for that

05:50

lambda function

05:52

so there's a whole bunch of use cases

05:53

here this is a nifty little thing that i

05:54

wish i knew about earlier

05:56

uh which is why i wanted to bring it up

05:57

here and then down here we're creating a

06:00

dynamo to be query policy

06:02

we're naming it the dynamodb query

06:04

policy and by the way these can be two

06:05

different things

06:06

um the name of the resource in your

06:09

cloudformation yml file and the actual

06:12

name of the entity that you're going to

06:14

create

06:15

in iem in this case so you can name this

06:17

you know like whatever you want

06:19

and keep dying would be query policy the

06:21

same and you see the depends on still

06:23

work so

06:23

this name can be anything you want is

06:25

basically what i'm trying to tell you

06:26

here

06:27

uh then we create a policy document uh

06:29

we want to allow dynamo to be query

06:32

should probably specify the arn of the

06:33

table i'm about to create but that's a

06:35

video for another day

06:37

and then we're going to apply this

06:39

policy to a role

06:41

so this role is defined down here and

06:44

we have some you know basic attributes

06:46

giving it the sds assume role permission

06:48

if you don't know what that means don't

06:50

even worry about it it really doesn't

06:51

matter

06:52

so this is the the general idea of

06:54

creating a

06:56

template file that has a dynamodb table

06:58

in it i'm going to be making this code

06:59

available to you so if you want to try

07:01

this out yourself

07:02

check out the description section for a

07:04

download to this particular file

07:06

so now that we have this let's head over

07:08

into the aws console

07:10

where we will create a stack using this

07:13

template file and then we're gonna we're

07:14

gonna modify some of the attributes i'm

07:16

going to change this from 5 to 10 later

07:18

and then create a change set and show

07:20

you how cloudformation responds when you

07:22

want to modify something

07:23

so that's coming up in this video so

07:25

let's move over into the console now

07:28

alrighty so here we are in the aws

07:30

console so let's go over to

07:32

cloudformation

07:33

cloudformation there we go

07:37

and so i already have a stack set up

07:39

here for my website so let's just ignore

07:40

that we're going to go to the top right

07:42

over here

07:43

and we're going to click on create stack

07:44

and then we're going to say with new

07:46

resources

07:47

so this kind of brings up a wizard here

07:49

where you can specify a whole bunch of

07:50

different attributes

07:52

um a couple options in terms of the

07:54

prerequisites so

07:55

we've already created a template like i

07:57

already have one saved

07:58

to local to disk you can also if you're

08:00

just getting started use the

08:02

samples that are available to you here

08:04

and there's a designer functionality

08:06

where you can actually drag and drop

08:08

things

08:09

and create things kind of through a

08:10

visual ui haven't had a lot of success

08:13

with this unfortunately but

08:14

um if you're trying to set something up

08:16

that maybe a little bit foreign to you

08:17

can check that out and maybe just kind

08:19

of

08:19

ballpark how everything is going to fit

08:21

together so let's specify a template

08:23

down here

08:25

so there is an option just to refer to a

08:27

template that is stored in s3

08:30

uh we don't need that so we're just

08:31

going to say upload a template file

08:33

it's asking us to upload a template file

08:36

i'm going to click on choose

08:37

i'm going to click on my dynamodb

08:39

template file here

08:41

there's a validation step that happens

08:43

behind the scene so if you have a

08:45

issue with your template syntax maybe

08:47

you forgot a space or a tab it should

08:49

tell you right here

08:51

so you can actually click this view and

08:52

designer button i'm not going to do that

08:54

in this video but this will show you

08:56

what this template looks like in a ui

08:59

and it's got a whole bunch of

09:00

new features where it shows you all the

09:02

interconnections between them

09:04

so if you have a little bit of time go

09:05

check that out since ours is pretty

09:08

simple we don't need to do that it's

09:09

just a dynamodb table with a policy and

09:11

a role so

09:12

let's just move on so gonna click next

09:15

now in the bottom right

09:17

okay now we need to create a stack name

09:19

so let's just call this dynamodb demo

09:22

tv demo that looks good

09:25

the parameter section i didn't take

09:27

advantage of this in this video but if

09:29

you want to

09:30

dynamically inject values into your

09:33

template

09:34

and then substitute um a variable with

09:36

that value you can do that

09:38

so for instance if you want to use the

09:40

same template file

09:41

to deploy to both your test and your

09:43

production

09:44

environments um you can pass in a

09:47

dynamic parameter

09:49

into your cloudformation stack and then

09:51

set up your resources such that they are

09:53

named and appended to them at the end

09:55

is the name of the environment so it

09:57

would be either test or production

09:59

in this case so it's a great way to

10:00

dynamically set values

10:02

i'm not going to go through it in this

10:04

video because it is a more of an

10:05

advanced topic but just know that that

10:07

option exists

10:08

so let's move on now click on next and

10:12

a whole bunch of other options available

10:13

to you so if you want to specify some

10:15

tags for your cloudformation

10:17

stack go ahead and do that this could be

10:18

useful for grouping your applications

10:21

together

10:21

if you have a whole bunch of resources

10:23

that are going to be created out of this

10:25

we're going to skip that here and the

10:27

next section is the permission section

10:29

so what it's asking for here

10:30

is a iam role that has the permissions

10:33

to create the resources that you're

10:35

about to

10:36

create from the template file so if you

10:39

don't specify a role here it'll

10:40

automatically

10:41

as it's telling you if you don't choose

10:43

a role cloudformation uses permissions

10:45

based on your user credentials

10:47

now since i am a root user i don't need

10:50

any special permissions

10:51

i have all the permissions so

10:52

administrator access

10:54

but if you don't have that you may need

10:57

to create a role here

10:58

that has the correct permission so in

11:00

this example

11:02

you would need to give a role the

11:04

permission to

11:05

create a dynamo table create a iam

11:08

policy

11:08

and create a role it would need those

11:11

three things

11:13

i have a video on that if you want to go

11:14

check it out i'll put that in the

11:15

description section below

11:17

on how to create a im role and policy

11:20

and attach it to there

11:21

uh okay so moving on a little bit more a

11:24

whole bunch of more detailed things so

11:26

in terms of stack policy

11:28

you can set a policy here as to how you

11:31

want it to behave

11:33

so you can upload a file here that

11:35

contains the definition of that

11:36

things like preventing uh deletion of

11:39

your stack if someone fat fingers

11:40

something and you know accidentally

11:42

clicks delete stack

11:43

stuff like that that can all be

11:44

configured through this file here i wish

11:46

they had kind of a nice ui to do that

11:48

but you know unfortunately we got we got

11:50

what we got

11:51

uh in terms of rollback configuration

11:52

you can set some alarms to say

11:54

you know if something happens as as a

11:56

result of this deployment and it

11:58

triggers some sns topic

12:00

then automatically roll back the

12:01

creation of the stack that's a useful

12:03

thing that i didn't really talk about

12:05

which was that

12:05

um cloud formation will automatically

12:08

roll back

12:09

to its previously known state if it

12:11

detects that there's an error during the

12:13

deployment process so pretty neat

12:15

functionality

12:16

i'm going to minimize that notification

12:18

options if you want sns topic alerts

12:21

for every state as the resources are

12:23

being created so every state update like

12:25

dynamodb table created dynamodb table

12:28

updated things like that you can specify

12:29

an arn here

12:30

and i don't know maybe make a lambda

12:32

function or something that listens to it

12:34

and does something special

12:35

not what we're going to do here and then

12:38

stack creation options so

12:40

more things and this is where the i

12:42

believe the stack policy comes into

12:44

place it affects things like this

12:46

not 100 sure though but we're going to

12:48

leave this stuff as default as it

12:49

doesn't really matter for this exercise

12:52

and just move on to the creation step so

12:54

on the bottom right now i'm going to

12:55

click on

12:56

next and this should be the last step so

12:59

we can set our parameters

13:00

configure options and this is just a

13:02

review step

13:03

so we're just going to scroll all the

13:05

way down you have to click this checkbox

13:07

here which says that

13:09

cloudformation is going to create iem

13:10

resources and that's because i left that

13:13

role blank in the middle i'm the the

13:15

root user so it's going to create a role

13:17

that has all the permissions i need for

13:20

this exercise so let's click this

13:22

box here and now we're going to click on

13:24

create a stack and watch the magic

13:25

happen

13:26

so let's click on this guy and so what

13:29

do we see here so we see

13:30

our stack over here on the left we see

13:34

here let me just minimize here so this

13:36

doesn't look too funky oh that's weird

13:38

okay never mind

13:39

we see create in progress so this stack

13:41

is being created

13:42

going to click on the refresh button

13:44

you're going to see this stuff change

13:45

over time

13:46

so this is the initial stack here dyno

13:48

would be demo remember i had that

13:51

depends on thing in my dynamodb table so

13:54

we can see here

13:55

the order in which it's creating the

13:57

resources it's

13:59

it's choosing the query role or the

14:01

orders table query rule

14:03

ahead of the dynamodb table because we

14:06

specified

14:07

that depends on in the template file

14:10

so it respects the ordering which is

14:12

pretty cool so you see here

14:15

after a bunch of things change but let's

14:17

just go through this one by one

14:18

so we see here that the orders table

14:20

query role was uh created

14:22

successfully we see the policy started

14:24

creating progress

14:25

we see um okay there's a different step

14:28

here for that that's fine

14:30

we see it successfully created and then

14:32

finally the orders table is getting

14:34

going now so we should just keep an eye

14:36

on this

14:37

so the orders table was created

14:38

successfully and the stack is now done

14:41

so if i click on refresh nothing's going

14:42

to happen anymore now so let's just go

14:44

over really quick to dynamodb

14:46

and just verify that our table is

14:48

actually there right or else what is all

14:50

this for

14:51

uh so clicking on that let's see dynamo

14:54

what do you got for us

14:55

and there's our table so it's got

14:57

authors table prod which is what we

14:59

named it in the template file

15:01

it's got our author name which was our

15:03

hash key and our sort key

15:05

which is book title so everything seemed

15:07

to work pretty well that's great for us

15:10

so the next step is we wanted to modify

15:13

something on this

15:14

um template file that we created so

15:16

let's go modify our template file now

15:18

just with a small change

15:19

and see how that impacts our

15:21

cloudformation stack

15:23

so here's the original template file i'm

15:25

just going to make a small innocent

15:27

change

15:28

provision through but we're going to

15:29

change this value from 5 to

15:31

10. i'm just going to click on control

15:33

save now so now this is saved to my disk

15:37

so now what do we need to do what we

15:39

want to create a

15:40

change set so there we go so we're going

15:43

to click on stack

15:44

actions when we are in our stack so

15:46

dynamically demo in this case

15:48

click on stack actions in the top right

15:51

and then we are going to create a change

15:53

set

15:54

for the current stack and this is

15:56

basically the repeat

15:57

of the step that we did when we

15:59

initially created the stack so

16:01

same thing is going to happen here you

16:03

can you know use your current one or you

16:04

can replace it

16:06

i'm going to replace it with the one

16:07

that we just modified

16:09

so upload file and then just choose the

16:12

updated one there everything's looking

16:15

good click on next

16:16

no parameters keep on moving none of

16:19

this matters

16:21

keep on moving none of this matters

16:23

again and

16:25

this should finally be the last one so

16:27

create change set so the change set is a

16:29

preview of how the stack will be

16:30

configured before creating the stack

16:32

it allows you to examine various

16:34

configurations before executing the

16:35

change set

16:36

so as it kind of describes here

16:38

cloudformation is going to diff

16:39

what it has on file of what it thinks

16:42

the current state is of your dynamodb

16:44

table or your stack in this case and

16:46

then it's going to compare it with what

16:48

you just uploaded so it's basically a

16:49

git diff between

16:50

template files so we're gonna click on

16:52

create change set

16:54

and after a moment here so yeah it's

16:56

still creating it's probably just gonna

16:58

take a second here

16:59

to create the diff it was pretty quick

17:01

because this was a small file so let's

17:02

see what we got going

17:04

on so we see here that a modification is

17:06

required

17:07

for the orders table so it detected that

17:10

nothing changed with the iam role

17:12

nothing changed with the policy but

17:15

something did change with the table

17:17

so it's smart enough to detect that and

17:19

now it knows that when i go and execute

17:21

this change set

17:22

the only thing i need to do is modify

17:24

the authors table in this case

17:26

if you click on some of these guys you

17:28

can see some of the interesting

17:30

properties i don't think inputs has

17:32

anything no it doesn't it's a

17:34

template this shows you basically what

17:35

you just uploaded um you know nothing

17:37

special here you can see

17:39

the recapacity units got set to 10 so

17:41

everything is looking good

17:43

and then this thing i believe does shows

17:45

you a diff if i'm not mistaken

17:47

no it doesn't um but it does show you

17:50

some of the guts of how cloud formation

17:52

works right like oh here it is

17:53

so target provision throughput uh

17:56

attribute properties and these must be

17:58

passed in dynamically

18:00

and we're seeing it's going to do a

18:01

direct modification so this just shows

18:03

you kind of what's going on under the

18:05

hood in cloud formation

18:06

it must use this kind of syntax to

18:09

delineate how the modification is going

18:11

to actually take place and it kind of

18:13

gives you a neat little preview of it

18:14

too which is pretty neat

18:16

um so let's go back here so all we need

18:19

to do now to actually update the stack

18:21

with that new value is just click on

18:22

this bright orange button in the top

18:23

right

18:24

go click on execute and then if we

18:26

refresh this guy now

18:28

remember this is our stack page like the

18:30

previous run

18:31

completed now we see update in progress

18:33

i'm gonna click on that

18:35

and it's still gonna update this may

18:37

take a little time because provision

18:38

throughput sometimes takes a little bit

18:40

but we're not going to dwell on this if

18:42

this takes too long

18:44

because it was just something minor so

18:47

from here the other interesting part of

18:49

cloud formation a real big advantage of

18:51

it

18:51

actually is that now if i want to delete

18:54

everything in this application

18:56

like i want to delete the table i want

18:57

to create delete the

18:59

policy i want to delete the role i don't

19:01

need to worry about going to clean all

19:03

that

19:04

stuff up all i could need to do is

19:06

delete the dynamodb demo stack

19:09

and when it gets deleted confirmation is

19:11

going to take care of deleting

19:13

all the underlying resources as well

19:15

that are associated with it so let's

19:17

just demonstrate that now

19:18

so you can see here this finally

19:20

completed let's just head over to

19:22

dynamo again really quick just to show

19:24

you and prove that

19:26

everything did change uh click on that

19:31

really quick here authors table prod oh

19:33

wait i just saw it so provisioned

19:35

there you go so provisioned capacity is

19:38

now

19:38

10. previously it was five so we do see

19:41

that it did indeed work

19:43

uh so let's just demonstrate the

19:44

deletion step now and kind of what

19:45

happens after that

19:47

so i'm gonna go to the top right here

19:49

actually oh it's just this button here

19:50

the delete button

19:52

so just be careful with this i mean if

19:54

you have a whole environment that

19:55

is backed by a cloud formation stack

19:57

this is a good way to ruin a company

19:59

or like ruin a product just by clicking

20:01

this so just be very very very careful

20:04

with this

20:04

this is the reason it's always a good

20:06

idea to have the termination protection

20:08

enabled

20:09

on your production cloud formation

20:11

stacks

20:12

so i'm going to click on delete now i'm

20:14

going to click on delete stack

20:16

and if we refresh this and just watch

20:18

the event stream

20:19

we're gonna see everything is going to

20:21

get torn down

20:22

and we're going to be left with

20:24

basically a clean slate

20:26

um so this is cloud formation i have

20:28

another great video on infrastructure

20:30

as code in general and how cloud

20:31

formation kind of compares to some other

20:33

providers such as terraform serverless

20:35

and some other ones

20:36

i'll put that on the right here so be

20:37

sure to check that out if you like this

20:39

video don't forget to like and subscribe

20:41

and i'll see you next time