Mastering AWS CloudFormation: A Comprehensive Overview


5 min read

Mastering AWS CloudFormation: A Comprehensive Overview


AWS Cloudformation is an infrastructure as a code(IAAC) service provided by Amazon Web Service(AWS). It allows its users to provision infrastructure on AWS in an automated fashion by writing code for the infrastructure in a JSON/YAML file.

Is AWS Cloudformation free?

Yes, AWS Cloudformation is a completely free service. But if cloudformation is a free service then how does the user get charged? The answer is, that the user gets charged for the usage of infrastructure/resources, created with the help of cloudformation.


Let's say you have written a template and this template creates an ec2 instance. Now since you have created this instance using the cloudformation service, you will not get charged for using the cloudformation service but you will get charged for using the EC2 service. So in this way, AWS Cloudformation service is free.

Why should I use AWS CloudFormation?

So, AWS Cloudformation is a service used for creating infrastructure/resources on AWS in an automated way. To understand why to use cloudformation service let's take an example.


Let's say you are working for a company and we have one customer. Every month the customer requests to launch an EC2 instance. As per the requirement, you go and launch the instance manually. The customer uses the instance for 10-12 days and then deletes/terminates the instance.

A few months later the customer requested that now instead of one instance he needs 100 instances. Now let's discuss the problems that you will face if you decide to do this work manually all on your own.

Issues when not using AWS Cloudformation

  1. Human Error

The very first problem that you will face is the chance of increased human errors. Since now the requirement is increased, it is possible that you can misconfigure the instances.

  1. Time-Consuming

Since now the requirement has increased you will need more time to fulfill the requirement.

  1. Inconsistency Across Environments

Deploying the infrastructure manually can result in inconsistency across different environments like dev, test, and prod.

  1. Lack of Version Control

When you deploy infrastructure manually it becomes very difficult to track the changes done to the infrastructure as you move ahead.

Now let's assume you are using cloudformation for deploying the 100 EC2 instances, as requested by the customer

Advantages of using AWS Cloudformation

  1. Reduces human errors

Now since you are using AWS Cloudformation, you have already created a template with the required configurations and you just need to deploy the template. In this way, you just need to interact with the console once which reduces the chances of human errors.

  1. Time-saving

Since now you are creating the infrastructure using the preconfigured template, you can focus on your other work and let the template create the infrastructure/resources in your account as needed.

  1. Reusable Templates

You just need to create the cloudformation template once and then you can reuse the same template multiple times as you want, reducing the efforts required for creating the resources from scratch.

  1. Easy Rollback

If there is some configuration mismatch which updating the infrastructure, cloudformation will roll back to the previous stable state maintaining the availability of the infrastructure.

How to validate the AWS Cloudformation template?

So you have created the template but validating the template before deployment is important. To validate the template there are two ways by which you can do the validation

  1. The CLI option

The AWS CLI provides a command by which you can validate your cloudformation template. The process is very simple. You need to provide the template path which is where your template is stored on your machine to the following command

aws cloudformation validate-template --template-body file:///home/local/test/sampletemplate.json

  1. By using an external linter library

Another way is to use an external library. There is a library named "cfn-lint". This is a Python-linter library that helps in validating the cloudformation templates. This library supports both JSON as well as YAML-based templates.

cfn-lint -t template.yaml

What is AWS Cloudformation Designer?

AWS Cloudformation Designer is a designer tool provided by AWS, which helps users with zero coding knowledge to create cloudformation templates in a seamless experience. So how this works is there is one designer screen with multiple icons of various services provided by AWS. You just need to drag the icon of the service you want to use on the designer screen and configure the service based on the requirement. If you have multiple services just drag the service and connect the services accordingly. But if want this to work, you should have at least basic AWS services knowledge, so that you can understand what's going on.

What is AWS Cloudformation drift detection?

Drift detection is a feature that is used to check whether there have been any changes made to your infrastructure using the AWS management console or the AWS SDK. If there had been any changes made via the management console or the SDK, the drift detection system notifies the changes by highlighting what was the previous state and what is the new state.

Alternatives to AWS CloudFormation

So, AWS Cloudformation is a service provided by AWS in the IAAC(Infrastructure as a code) category. But what if I don't want to use cloudformation and I want to use another tool serving the same functionality? The answer to your query is Terraform by HashiCorp. Terraform is another tool that creates and manages infrastructure on AWS as well as other cloud platforms like Azure, GCP, etc.

Terraform uses a declarative configuration language known as HashiCorp Configuration Language (HCL) which helps Terraform deploy infrastructure based on the code provided. The advantage of deploying infrastructure on multiple clouds using the same language/syntax structure makes Terraform a very tough competitor for AWS. Just imagine using a different service when using AWS, a different one on Azure, and a different one on GCP.

But if you are totally on AWS or Azure or GCP I will prefer to use the native IaaC service/solution provided. Like if you are on AWS then use cloudformation. The reason is the level of support, validation, and service cloudformation will be able to provide on AWS, it is possible that the same will not provided by Terraform.