How To Debug Invalid Template In Aws Cloudformation

This is the right article for you lot if you want to know:

what is CloudFormation?
how to write a CloudFormation template
deploy CloudFormation template from the command line interface
deploy CloudFormation template from AWS web interface

What is CloudFormation?

AWS CloudFormation is an Amazon infrastructure-equally-a-code service to easily group and automate the deployment of resources in the AWS Deject. In fact, creating a model is essential when nosotros want to reuse a fix of resources that depend on each other, replicate or migrate the same configuration several times without making mistakes.

But before we begin, let's start with a minor definition: what is a stack?

In computer science, astack is an abstract data blazon that serves equally a drove of elements, with two master principal operations:

Push, which adds an chemical element to the collection, and Pop, which removes the most recently added element that was not still removed.
Stack (abstract data type) – Wikipedia

CloudFormation is the tool in the AWS cloud that allows us to create a stack of internal or external resources. We can write the CloudFormation templates using JSON or YAML languages, and depict the properties and dependencies of each resource within the stack.

Have the following example:

          AWSTemplateFormatVersion: "2010-09-09" Description: MySQL dump to Amazon S3 with Python Resources:   Bucket:     Type: AWS::S3::Bucket     DependsOn:       - SNSTopicPolicy     Properties:       BucketName: !Bring together ["-", [!Ref AWS::StackName, "saucepan"]]       AccessControl: Private       PublicAccessBlockConfiguration:         BlockPublicAcls: True         BlockPublicPolicy: Truthful         IgnorePublicAcls: True         RestrictPublicBuckets: True       NotificationConfiguration:         TopicConfigurations:           - Topic: !Ref Topic             Consequence: s3:ObjectCreated:*   SNSTopicPolicy:     Type: AWS::SNS::TopicPolicy     Properties:       PolicyDocument:         Statement:           - Effect: Allow             Principal:               Service: s3.amazonaws.com             Action: sns:Publish             Resource: !Ref Topic             Condition:               ArnLike:                 aws:SourceArn:                   !Join ["", ["arn:aws:s3:::", !Ref AWS::StackName, "-bucket"]]

The template we have but seen does nil more than creating two resources related to each other:

a individual S3 saucepan
an SNS Topic Policy that allows the S3 resource to invoke an SNS Topic to send an email when we create an object in the bucket.

This simple example demonstrates how it is possible to declare dependency between two resources using CloudFormation templates. Indeed, through the DependsOn keyword, we declare that the Bucket resource depends on the SNSTopicPolicy resource. We volition encounter how to create the full CloudFormation template later in this commodity.

How to write a CloudFormation template

We can write CloudFormation templates using JSON or YAML languages. As we already said, to write a template nosotros demand to depict each resource in detail, and to specify every holding and every dependency that the resource has inside the stack.

In this article, we will create a complete CloudFormation template pace-past-step in order to obtain a stack with 3 resources:

S3 bucket: a elementary storage service by AWS to shop and retrieve object efficiently;
SNS Topic: to notify an email every time we create an object inside the S3 saucepan;
SNS Topic Policy: to requite the SNS Topic the privileges to listen to the S3 saucepan "putObject" issue.

Let's see now how to ready our first template. To start, create a "stack.yml" file and paste this lawmaking:

          AWSTemplateFormatVersion: "2010-09-09" Clarification: CloudFormation example template from Polynique Parameters:   Email:     Type: String     Default: electronic mail@example.com     Description: Email to receive S3 object created notification   BucketName:     Type: String     Default: bucket     Description: Unique S3 saucepan name Resources:   # ...

Note that we are declaring two parameters, in order to exist able to reference these values afterward in the template:

Email: the default value is "email@example.com", will be the recipient to receive the SNS e-mail notification;
BucketName: default is "bucket", we concatenate this value together with the stack name to generate a unique bucket proper name.

Create the S3 bucket resource

Later the Resources belongings, we are going to create the template for each resource. Let's get started with the S3 bucket.

Paste the post-obit lawmaking after the "Resources" property in the "stack.yml" file:

          Bucket:   Type: AWS::S3::Bucket   DependsOn:     - SNSTopicPolicy   Properties:     BucketName: !Join ["-", [!Ref AWS::StackName, !Ref BucketName]]     AccessControl: Private     PublicAccessBlockConfiguration:       BlockPublicAcls: True       BlockPublicPolicy: True       IgnorePublicAcls: Truthful       RestrictPublicBuckets: True     NotificationConfiguration:       TopicConfigurations:         - Topic: !Ref Topic           Consequence: s3:ObjectCreated:*

Hey! Some definitions!

!Ref role: nosotros apply !Ref to "reference" a dynamic value from the template. For case, !Ref AWS::StackName refers to the variable stack name or !Ref Bucket refers to the S3 saucepan proper name;
!Join function: nosotros use !Bring together to "join" strings with variables. For case, !Join ["-", [!Ref Saucepan, "resource"]] volition apply "-" as character to join the variable !Ref Bucket (the reference to the proper name of the bucket) with the string "resource", producing something like "mybucket-resource"

Besides, if we read the template, nosotros run across that:

BucketName: we use the StackName to dynamically generate the name of the bucket, together with the "BucketName" variable. This ways that, if the stack proper noun is "mystack" and the BucketName parameter is "mybucket", BucketName volition be: "mystack-mybucket". We do this to reduce the run a risk of having an already used bucket proper name because in AWS every bucket must have a unique name.
PublicAccessBlockConfiguration: the S3 bucket is private;
NotificationConfiguration: nosotros specify to transport a notification to the !Ref Topic resources when the s3:ObjectCreated event will trigger. We will create the Topic resources subsequently in this tutorial;
DependsOn SNSTopicPolicy: the Bucket resource depends on the SNSTopicPolicy resources. This is of import considering explicitly says to CloudFormation to create the SNSTopicPolicy followed by the Saucepan;

Allow's now create the SNS Topic resource that will transport a notification to a specific electronic mail address. To do so, paste the following lawmaking into the "stack.yml" file:

          Topic:   Type: AWS::SNS::Topic   Backdrop:     DisplayName: !Join ["-", [!Ref AWS::StackName, "topic"]]     TopicName: !Join ["-", [!Ref AWS::StackName, "topic"]]     Subscription:       - Protocol: e-mail         Endpoint: !Ref E-mail

This is pretty piece of cake:

DisplayName and TopicName: as we saw in the Bucket template, we utilize the stack name to generate the name of the Topic dynamically;
Subscription: we specify that the topic is an email subscription, and the email to subscribe is the value retrieved from the E-mail parameter (email@example.com)

Finally, we need to create the Policy to give the permissions to the S3 bucket to invoke the SNS notification when and object is created.

To practice so, paste the post-obit code into the "stack.yml" file:

          SNSTopicPolicy:   Type: AWS::SNS::TopicPolicy   Properties:     PolicyDocument:       Statement:         - Effect: Allow           Principal:             Service: s3.amazonaws.com           Action: sns:Publish           Resources: !Ref Topic           Condition:             ArnLike:               aws:SourceArn:                 !Bring together [                   "",                   [                     "arn:aws:s3:::",                     !Join ["-", [!Ref AWS::StackName, !Ref BucketName]],                   ],                 ]     Topics:       - !Ref Topic

Similar nosotros saw earlier, we use the BucketName parameter and the StackName to reference the bucket resource, and !Ref Topic to reference the SNS Topic resource.

Complete CloudFormation template

Here you can find the complete "stack.yml":

          AWSTemplateFormatVersion: "2010-09-09" Description: CloudFormation case template from Polynique Parameters:   Email:     Blazon: String     Default: email@example.com     Description: Email to receive S3 object created notification   BucketName:     Type: Cord     Default: bucket     Clarification: Unique S3 saucepan name Resource:   Bucket:     Type: AWS::S3::Bucket     DependsOn:       - SNSTopicPolicy     Backdrop:       BucketName: !Join ["-", [!Ref AWS::StackName, !Ref BucketName]]       AccessControl: Private       PublicAccessBlockConfiguration:         BlockPublicAcls: True         BlockPublicPolicy: True         IgnorePublicAcls: True         RestrictPublicBuckets: True       NotificationConfiguration:         TopicConfigurations:           - Topic: !Ref Topic             Consequence: s3:ObjectCreated:*   Topic:     Blazon: AWS::SNS::Topic     Properties:       DisplayName: !Bring together ["-", [!Ref AWS::StackName, "topic"]]       TopicName: !Bring together ["-", [!Ref AWS::StackName, "topic"]]       Subscription:         - Protocol: email           Endpoint: !Ref Email   SNSTopicPolicy:     Type: AWS::SNS::TopicPolicy     Properties:       PolicyDocument:         Statement:           - Effect: Allow             Main:               Service: s3.amazonaws.com             Action: sns:Publish             Resource: !Ref Topic             Status:               ArnLike:                 aws:SourceArn:                   !Join [                     "",                     [                       "arn:aws:s3:::",                       !Join ["-", [!Ref AWS::StackName, !Ref BucketName]],                     ],                   ]       Topics:         - !Ref Topic

Deploy CloudFormation template from CLI

To deploy a CloudFormation template using the command line interface, firstly we need to install the AWS CLI. Subsequently the installation, we need to configure the CLI to access our AWS account and publish the resources in a specific region.

To configure the AWS CLI, run:

          aws configure

Afterward the AWS CLI is gear up, nosotros are now finally able to deploy a CloudFormation template. To do and then, open a terminal window and go to the directory where you created the "stack.yml" file.

Once in the directory, you can simply run:

          aws cloudformation deploy --template-file stack.yml --stack-proper noun my-cloudformation-case-template --capabilities CAPABILITY_NAMED_IAM

The "–stack-name" argument is followed by the proper name y'all want to give to the stack. In my case, I'yard using my-cloudformation-example-template, but you can supplant it with any other proper noun you want to assign to your stack. As well, "–capabilities CAPABILITY_NAMED_IAM" is required because nosotros are creating an SNSTopicPolicy.

Deploy a template with parameters

Equally you may remember, nosotros created some parameters in our "stack.yml" template file. How do we override those parameters?

This is straightforward. To override a template parameter, nosotros add together the "—parameter-overrides" argument followed by "ParameterName=value". For instance, if nosotros want to change the Electronic mail that will receive the SNS notification, we simply demand to run the post-obit command:

          aws cloudformation deploy --template-file stack.yml --stack-name my-cloudformation-example-template --parameter-overrides E-mail=mynewemail@case.com --capabilities CAPABILITY_NAMED_IAM

Likewise, keep in mind that you tin update the parameters re-deploying the stack. Indeed, every fourth dimension you run the command with different values, the CloudFormation stack volition update with the new parameters.

Deploy CloudFormation template from AWS spider web

To deploy a CloudFormation template using AWS web interface, go to the AWS console and search for "CloudFormation":

then click on "CloudFormation". Into the CloudFormation dashboard, click on the "Create stack" and and so "With new resources (standard)" button:

This will open a guided magician to create the stack. Firstly, we need to prepare the template and upload the "stack.yml" file we created in the previous section. Click on "Template is ready", "Upload a template file" and "Cull file" to upload the stack file:

Nosotros now demand to specify the "Stack proper name" that volition be the name used to place the stack and change the parameters according to our needs. Try to not give the stack a very generic name, because every bit nosotros know we used the stack name reference to create all the other resource names. As well, note that in the "Parameters" section we see the default values already populated as we have specified in our template.

Requite the stack a name and change the Email parameter with your email accost, and so click on "Next":

setting CloudFormation stack parameters and name

So, we "Configure stack options". A good practise is to requite a Tag with the "Name" key and a unique value that identify the stack. This tin exist useful to easily place costs in AWS.

Give the stack a Tag, and then click on "Next":

Review your stack, and finally click on "Publish":

CloudFormation Events and Resources

Afterward clicking the "Publish" push button, nosotros volition be redirected to the "Events" section of our stack. In this section, we can see every stack's event, in detail, we encounter that all the resources specified in the template are in the "CREATE_IN_PROGRESS" status because we but created the stack:

After a while, if we refresh the page we finally see the "CREATE_COMPLETE" status in all the resources:

If we want more than details virtually the resources that make our stack, we tin navigate to the "Resource" section:

Also, nosotros can click on the "Physical ID" of each resources to open up the respective resources page in AWS.

That's it! We successfully deployed our stack in CloudFormation using a template file.