Table of content

What is an AWS CloudFormation Stack? 

A CloudFormation stack is a blueprint for a collection of services that can be managed as a single unit, hence the name "stack." However, the best practice is to group only correlated AWS services and resources into a single stack.

For example, a possible stack could include an EC2 instance, an RDS database, an S3 bucket, and related IAM roles — all defined to support a single application. Whereas services such as AWS WorkSpaces or individual Marketplace SaaS subscriptions should not typically be treated as part of a CloudFormation stack.

Since all changes to the CloudFormation stack are done through code, changes are also reflected through code, and rollbacks can be performed in a similar VCS-like manner.

Common use cases of AWS CloudFormation

AWS CloudFormation, enabling IaC (Infrastructure as Code), has a variety of applications and use cases. Here are a few top ones:

  1. Infrastructure Provisioning: Tasks like EC2 instance provisioning, adding S3 buckets, or defining IAM roles can all be automated through CloudFormation.
  2. DevOps and CI/CD Pipeline Development: CloudFormation can be used to automate infrastructure setups required for continuous integration and delivery workflows.
  3. Stack Creation and Management: CloudFormation stack templates simplify the grouping of correlated AWS services. Through CloudFormation, developers can perform CRUD operations on their cloud resources directly through code.
  4. Enabling Dynamic Infrastructure Changes: With CloudFormation templates, users can manage scaling and deployments automatically. Using code and automation reduces the chances of manual errors and improves reliability.

Advantages of AWS CloudFormation

AWS CloudFormation has several important features that make it the go-to choice for cloud engineers for managing critical services of their AWS infrastructure.

However, it is essential to note that the primary benefit of CloudFormation is that it enables developers to write code for their services, thereby saving time from managing everything through the console.

Here are the top benefits of AWS CloudFormation:

  1. Centralized change tracking of infrastructure: All services are managed through the code written in the CloudFormation template. All the changes are also defined in the template files. Thus, similar to VCS for any other code file, it is easy to track changes and implement rollbacks.
  2. Time saving through automation: CloudFormation allows for incremental deployment of services since it automates creating, configuring, and managing resources through the code written by developers.
  3. Better cost savings: AWS best practices go into creating standardized templates of infrastructure stacks. Moreover, since these templates with your custom code can be reused across different environments, it cuts down on development costs.
  4. Efficient integration with AWS services: With the supported services, CloudFormation seamlessly integrates and, through code itself, simplifies monitoring, auditing, and management of AWS infrastructure.

These are the key benefits of AWS CloudFormation. However, there are certain limitations too.

Limitations of AWS CloudFormation

While being a key utility that saves crucial development time and standardizes processes, there are a few limitations of AWS CloudFormation. The following are the top, notable ones:

  1. Quota of CloudFormation: Several key utilities, such as dynamic references, hooks, resources, and stacks, come with limits per AWS account. The limits are 60, 100, 500, and 2000, respectively.
  2. AWS Exclusivity: CloudFormation poses significant challenges when used in multi-cloud or hybrid cloud setups. For example, if an organization is running workloads across AWS and Azure (say, EC2 on AWS and Azure Virtual Machines with a shared Kubernetes cluster), CloudFormation cannot natively manage the Azure resources, leading to fragmented infrastructure management.
  3. Coverage Limitation: Not all AWS services can be managed with CloudFormation templates. For example, services like Amazon WorkSpaces, Amazon Connect, and certain Marketplace AMIs are not fully supported by CloudFormation.
  4. Steep Learning Curve Due to Template Complexity: JSON and YAML templates are verbose, with YAML being slightly simpler. Still, new developers face challenges getting comfortable with CloudFormation and its associated tooling, like the AWS CDK (Cloud Development Kit).
  5. Deployment Bottlenecks: All resources in CloudFormation stacks are deployed sequentially (with dependency ordering), which can slow down deployment speed for large stacks with many interdependent services.

Best Practices while Using AWS CloudFormation

To extract maximum performance and efficiency out of your CloudFormation stacks, CloudKeeper recommends you follow the following best practices:

  1. Avoid embedding credentials in CloudFormation templates: Always use AWS Secrets Manager or Systems Manager Parameter Store instead of hardcoding credentials to ensure security and compliance.
  2. While deploying on EC2 instances, use AWS::CloudFormation::Init: This helps configure applications and software packages during instance launch through metadata-driven automation.
  3. Be on top of usage quotas of dynamic references, hooks, resources, and stacks: Regularly monitor these limits using the AWS Service Quotas console to prevent stack deployment failures.
  4. Adopt modular development practices to reuse templates for configurations: Break large templates into smaller, reusable nested stacks to improve maintainability and scalability.
  5. Use Macros for complex transformations: Macros allow developers to extend template functionality by programmatically transforming templates before deployment.

Frequently Asked Questions 

  • Q1.Which services cannot be managed with AWS CloudFormation?
    A small number of newer or niche AWS services may not be immediately supported. However, you can often manage them using a generic Custom Resource to call their API directly.
  • Q2.Does AWS CloudFormation have additional charges beyond the services it automates?
    No, AWS CloudFormation itself is a free service. You only pay for the AWS resources (e.g., EC2, S3) that it provisions and manages on your behalf.
  • Q3.What is the difference between AWS CloudFormation and Terraform?
    CloudFormation is AWS-native and only manages AWS resources. Terraform is multi-cloud, using the HashiCorp Configuration Language (HCL), and can manage infrastructure across AWS, Azure, Google Cloud, and hundreds of other providers.
  • Q4.What are CloudFormation Hooks?
    CloudFormation Hooks are a guardrail feature that checks resources before they are provisioned. They enforce compliance rules by preventing a deployment if the resource configuration violates organizational policies.

Speak with our advisors to learn how you can take control of your Cloud Cost

Contact us
  • 1
  • 2
  • 3
  • 5
  • 6
  • 8
  • 9
  • 10