October 31, 2020

Tagging is a crucial aspect of Management and Governance of AWS Accounts of any individual or organization.

Here are some advantages of tagging your AWS resources:

1. Organize AWS resources - Filter all resources with a particular tag
2. Use tags for Cost Allocation - what Application costs the most?
3. Use tags for automation - opt/in out your ec2 instances to stop in evenings/weekends
4. Use tags for Access Control - Restrict EC2 API calls in resources tagged as Production

I got these four advantages from an AWS Documentation page. Click here to read more.

Now we have established that tagging is useful. Let’s look at how Cloudformation allows Tag Inheritance to simplify the tagging of resources in a stack.

In addition to any tags you define for an individual resource, AWS CloudFormation automatically creates the following stack-level tags with the prefix aws: :

• aws:cloudformation:logical-id
• aws:cloudformation:stack-id
• aws:cloudformation:stack-name

All stack-level tags, including automatically created tags, are propagated to resources that AWS CloudFormation supports.

Reference:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

This feature makes tagging all your resources extremely simple when using Cloudformation to provision resources. Apply tags once at the stack level, and all the tags propagate to the supported Stack resources.

Let’s test this out!

Lab Template( Also available as a separate file on this folder). This template will only work in the US-east-1 region due to hardcoded AMI value

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

---
AWSTemplateFormatVersion: "2010-09-09"
Description: Create multiple AWS resources to test Cloudformation Tags propagation.

Resources:
  SimpleInstance:
    Type: AWS::EC2::Instance

    Properties:
      InstanceType: t2.micro
      ImageId: ami-8c1be5f6

  SimpleInstance1:
    Type: AWS::EC2::Instance

    Properties:
      InstanceType: t2.micro
      ImageId: ami-8c1be5f6

  S3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      AccessControl: Private

2 Methods of deploying this template:

1. You can use this template and add tags to the Cloudformation Stack from the AWS Management Console.
   OR
2. You can use the AWS CLI.

Steps:

• Download the template above ( also available as a separate file on this folder)

• We will use AWS CLI way of adding tags to the Stack and verify the propagation of the tag to the individual resources. Make sure the template file name in the CLI command matches the Cloudformation template file name.

aws cloudformation create-stack --stack-name cfn-tags-test --template-body file://tags-test-multiple-resource.yaml --tags Key=ProjectID,Value=53 Key=Team,Value=Security

You can verify if Cloudformation propagated tags to each resource by using the AWS Management Console. This image below shows how the tags section looked for the S3 bucket created with the above CloudFormation template.

Cleanup:
Make sure you delete your CloudFormation Stack to stop incurring charges.

aws cloudformation delete-stack --stack-name cfn-tags-test

Let me know if you have any questions.

October 31, 2020

I’m a soccer fan. When I first heard about CloudFormation this image was something that came to my mind.

After learning a few intermediate CloudFormation components like parameters and mappings and custom resources, this is how I think of CloudFormation now.

Some analogies between CloudFormation and Soccer:

• In Soccer, to play a game, all you need is a ball. Similarly in Cloudformation, to launch a stack, the only section required in a template is a resources section with at least 1 resource.

• Stack updates are like player substitution( or even a ball substitution) in a professional Soccer game

• CloudFormation has certain limits just like a professional soccer game. The new per template limits for the maximum number of resources is 500 (previously 200), parameters is 200 (previously 60), mappings is 200 (previously 100), and outputs is 200 (previously 60). This is similar to max numbers of players in a soccer game ( 11 per side), max number of substitute on bench( 7), max allowed substitution per game (3).

I’ll add more analogies in the future when they come to me. If you have any suggestions, let me know in the comments.

By the way, you can read about the new limits for Cloudformation here which lets you work with more resources/parameters/outputs per template.