CloudFormation

First impressions of CloudFormation’s IaC generator and CDK migrate

CloudFormation recently announced the IaC generator [1]. It lets you: Scan your AWS account and catalogue manually recreated resources. Select manually created resources and capture them in a generated CloudFormation template. Concurrently, CDK announced [2] a new cdk migrate command. Which lets you generate a CDK application from CloudFormation. On paper, these sound amazing! It …

First impressions of CloudFormation’s IaC generator and CDK migrate Read More »

Help! How do I set DeletionPolicy to Retain for production only?

It’s a good practice to use CloudFormation’s DeletionPolicy to protect stateful resources such as DynamoDB tables or RDS databases from accidental deletions. Such as when someone accidentally deletes a CloudFormation stack! As I discussed previously [1], this is a much better way to guard against these accidental data losses than separating stateful and stateless resources …

Help! How do I set DeletionPolicy to Retain for production only? Read More »

This is why you should keep stateful and stateless resources together

Update 24/05/2023: As Lee James Gilmore pointed out on Twitter, the unit of deployment of CDK is the CDK app. A CDK app can contain multiple CloudFormation stacks and they can be changed together (in a single commit) and deployed together. And that’s absolutely fine and compatible with what I’m advocating for in this post. …

This is why you should keep stateful and stateless resources together Read More »

How to work around CloudFormation circular dependencies

An interesting question came up on the AppSync Masterclass forum, and it highlights a common way you can get into CloudFormation circular dependencies. In the CloudFormation stack, there is an AppSync API, which uses a Cognito User Pool for authentication and authorization. When a user signs up, the app should fire an update on a …

How to work around CloudFormation circular dependencies Read More »

How to manage Route53 hosted zones in a multi-account environment

An interesting question came up in a conversation today: “How should I manage the Route53 DNS records in a multi-account environment?” Suppose you have configured an AWS Organization with different accounts for dev, staging and production environments. And you have registered the root domain for your application in the master AWS account. When working with …

How to manage Route53 hosted zones in a multi-account environment Read More »

Why you should use ephemeral environments when you do serverless

One of the benefits of serverless is the pay-per-use pricing model you get from the platform. That is, if your code doesn’t run, you don’t pay for them! Combined with the simplified deployment flow (compared with applications running in containers or VMs) it has enabled many teams to use ephemeral environments to simplify their workflow …

Why you should use ephemeral environments when you do serverless Read More »

How to use the power of CloudFormation custom resources for great good

Disclaimer: if you’re new to CloudFormation custom resources, then I recommend you start by reading this excellent post by Alex Debrie first. Custom resources bring a whole new dimension to CloudFormation and enable some fascinating use cases. For example: provision DataDog dashboards as part of your CloudFormation stack run a load test every time you …

How to use the power of CloudFormation custom resources for great good Read More »

How to include Serverless Repository apps in serverless.yml

Over the past year, the Serverless Application Repository (SAR) service has improved a lot. I have grown to enjoy it more and more, and have contributed a few applications myself: lambda-janitor: cron job to delete old, unused versions of all Lambda functions in the region to free up storage space. auto-subscribe-log-group-to-arn: subscribes new and existing …

How to include Serverless Repository apps in serverless.yml Read More »

CloudFormation protip: use !Sub instead of !Join

CloudFormation supports a number of intrinsic functions and Fn::Join (or !Join) is often used to construct parameterised names and paths. The Serverless framework, for instance, uses it extensively. A quick look in a CloudFormation it generates I can see Fn::Join used for: IAM policy names IAM role names IAM principals API Gateway URIs Resource ARNs and …

CloudFormation protip: use !Sub instead of !Join Read More »

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close