In my last project, I added a root CloudFormation stack that contains a few things. Following that post, I wanted to start doing things a little cleanly. The main thing I want to fix is the fact that I use a role with a lot more privilege than I should. In order to fix that, I wanted each of my services deployed through Serverless to also have a CloudFormation stack. This stack will contain mostly two roles: deploy and runner. While playing around with that, I got annoyed by the AWS cli for handling CloudFormation stacks. Therefore, I did a small tool to wrap that part of the tool. Here is how I now easily deploy CloudFormation stacks.
I know I could probably use Ansible instead of doing my own tool. But I strongly feel that understanding the underlying technology is a good thing, so I prefer to dig deeper to learn it!
As always, all the code I wrote is available on my GitHub page.
The goal of the tool
Deploying a CloudFormation stack manually is not complex per se. But the command lines to use to do the actions are quite long and you need to use the right one at the right moment. For example, a basic flow would be:
- Create the CloudFormation stack:
aws cloudformation create-stack --stack-name MyStack --template-body file://myCFStack.yml
- Wait for the stack to be created:
aws cloudformation wait stack-create-complete --stack-name MyStack
- Update your stack:
aws cloudformation update-stack --stack-name MyStack --template-body file://myCFStack.yml
- Wait for the stack to be updated:
aws cloudformation wait stack-update-complete --stack-name MyStack
And this was only the basic, non-safe, no advanced features, flow. If you want to create IAM roles in your stack, you’ll need to add some –capabilities CAPABILITY_IAM to the creation and update commands.
If you want to make things a bit safer, you’ll want to use changesets. These will allow you to see and approve the actions when you do an update. Basically, you need to create a changeset (create-change-set) and wait for it to be ready (wait change-set-create-complete). Once it is created, you’ll be able to list the changes (describe-change-set). You’ll then be able to decide if you want to execute the change (execute-change-set) or scrap them (delete-change-set). Again, each of these needs multiple parameters.
The aim of my tool is to abstract all of that. You don’t need to remember which AWS profile to use, your stack name or if that stack is even deployed. It will check if the stack is deployed, create a changeset, show you the change and allow you to execute.
Using the tool
The tool is meant to be as easy to use as possible. Define your stacks and how you want them to be deployed, then call the tool saying which one you want to be deployed.
The tool is written in python, therefore it can be installed through pip: pip install cloudformation-helper.
Here is a sample of the configuration file:
1 2 3 4 |
MyStackAlias: stack: MyStackName file: myStackFile.yml use_changesets: false |
With this file, you’ll be able to deploy your stack using cfhelper deploy MyStackAlias. By default, it will look in the current directory for a configuration file named stacks.cfh. This can be overridden using a flag on the command line (cfhelper –config ../path/to/stacks.cfh deploy MyStackAlias) or with the CFHELPER_CONFIG environment variable.
A lot of things are still missing from the tool for it to be ready for production, but the basis is there!