1. What is CloudFormation?

AWS CloudFormation is an Infrastructure as Code (IaC) service that lets you define your entire AWS infrastructure in a declarative template file (JSON or YAML). CloudFormation creates, updates, and deletes resources automatically based on the template.


Core Concept

CloudFormation = write a template describing your infrastructure → CloudFormation provisions it. Change the template → CloudFormation updates only what changed. Delete the stack → CloudFormation removes everything. Repeatable, version-controlled, and automated infrastructure management.

2. Key Concepts

3. Template Sections

CloudFormation Template Structure:

AWSTemplateFormatVersion: '2010-09-09'
Description: My infrastructure template

Parameters:       # Input values (instance type, env name)
Mappings:         # Static key-value lookup tables
Conditions:       # Conditional resource creation
Resources:        # AWS resources to create (REQUIRED, only mandatory section)
Outputs:          # Values to export (VPC ID, ALB DNS, etc.)
Metadata:         # Template metadata
Rules:            # Validate parameter values
Transform:        # Include macros (SAM, includes)

Template Sections Detail

4. Template Example

# Simple CloudFormation Template (YAML)
AWSTemplateFormatVersion: '2010-09-09'
Description: Web server with security group

Parameters:
  InstanceType:
    Type: String
    Default: t3.micro
    AllowedValues: [t3.micro, t3.small, t3.medium]
  Environment:
    Type: String
    AllowedValues: [dev, staging, prod]

Conditions:
  IsProd: !Equals [!Ref Environment, prod]

Resources:
  WebServerSG:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Allow HTTP
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0

  WebServer:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: !Ref InstanceType
      ImageId: ami-0abcdef1234567890
      SecurityGroupIds:
        - !Ref WebServerSG
      Tags:
        - Key: Environment
          Value: !Ref Environment

Outputs:
  ServerPublicIP:
    Value: !GetAtt WebServer.PublicIp
    Export:
      Name: !Sub ${AWS::StackName}-PublicIP

5. Intrinsic Functions

6. Stack Features


Cross-Stack References

  1. Stack A exports an Output (e.g., VPC ID)
  2. Stack B imports it with !ImportValue
  3. Creates dependency: Stack A must exist before Stack B
  4. Use for: separate networking, compute, and database into independent stacks


Nested Stacks

  1. A stack can include other stacks as resources (AWS::CloudFormation::Stack)
  2. Parent stack manages child stacks. Child stacks are templates stored in S3.
  3. Use for: reusable components (e.g., a VPC template reused across projects)
  4. Different from cross-stack: nested = parent-child hierarchy; cross-stack = independent stacks sharing exports


Stack Policies

  1. JSON policy that protects specific resources from being updated or deleted during stack updates
  2. Example: prevent accidental replacement of an RDS database during stack update
  3. Applied to the stack (not the template)


Rollback

  1. If stack creation fails: all resources are rolled back (deleted) by default
  2. If stack update fails: rolls back to previous known-good state
  3. Can disable rollback for debugging (see error before cleanup)
  4. CREATE_FAILED → ROLLBACK_COMPLETE: stack must be deleted and recreated


DeletionPolicy

Drift Detection

  1. Detects when actual resource config differs from what CloudFormation expects
  2. Caused by: someone manually changed a resource in the Console/CLI outside CF
  3. Drift detection does NOT auto-fix — it reports differences
  4. Fix: update the template to match reality, or re-deploy to enforce template state

7. CloudFormation + CI/CD

  1. CodePipeline deploy action: CreateChangeSet + ExecuteChangeSet
  2. Automate infrastructure changes through the same CI/CD pipeline as application code
  3. Review Change Sets before execution for safety
  4. Store templates in Git alongside application code

Exam Tip

CloudFormation: "Infrastructure as Code" = CloudFormation. "Repeatable infrastructure" = CF. Resources = only required section. !Ref = reference parameter/resource. !GetAtt = get attribute. !ImportValue = cross-stack. DeletionPolicy: Retain = keep on delete, Snapshot = backup before delete. "Detect manual changes" = Drift Detection. "Deploy across many accounts" = StackSets. Change Set = preview before apply.