This project demonstrates my ability to deploy multiple layers of infrastructure with AWS CloudFormation, update a CloudFormation stack and delete a stack (while retaining some resources).
I leveraged AWS CloudFormation to:
i. deploy a virtual private cloud (VPC) networking layer
ii. deploy an application layer that references the networking layer
iii. explore templates with AWS CloudFormation Designer
iv. delete a stack that has a deletion policy
Task1: Deploying A Networking Layer
- Created stack in CloudFormation Service in the AWS management console
• Specified a template
• I uploaded my YAML template named “lab-network.yaml”
- Created a stack
• Stack name: lab-network
- Configured Stack options
• In the Tags section, I entered these values:
Key: Application
Value: Inventory
- I reviewed, clicked submit and waited for the creation to complete.
Task 2: Deploying an application layer
• Created an EC2 instance and a security group
- Specified and uploaded a new template file
- Created a stack
Stack name: lab-application
NetworkStackName: lab-network
- Configured Stack Options
• In the Tags section, I entered the following values
Key: application
Value: inventory
- Reviewed and created the new stack
- I copied the URL form the output tab and pasted it a new browser tab.
- The link opens the application which is running on the web server that this new CloudFormation stack created.
- Navigate to EC2 console and select instances.
This shows the webserver instance that was created with CloudFormation
Task 3: Updating the lab-application stack to modify a setting in the security group
i. I navigated to EC2 services and selected security groups to check the current settings of the WebServerSecurityGroup.
ii. I selected the inbound tap and this had only one rule
- The rule permitted HTTP traffic
iii. I navigated back to the CloudFormation page to modify the lab-application template.
iv. The new template had an additional configuration to permit inbound SSH traffic on port 22.
v. In the stacks, I selected the lab-application and clicked on the update tab
vi. I uploaded the new file
vii. I left everything as it was, submitted the new file and waited for the update to complete.
viii. I navigated back to the Webserver security group to verify that an additional inbound rule has been added.
Conclusion
• This demonstration shows how changes can be deployed in a repeatable, documented process.
• The AWS CloudFormation templates can be stored in a source code repository (such as AWS CodeCommit).
• Versions and history of the templates and the infrastructure that was deployed can be maintained.
Task 4: Exploring templates with AWS CloudFormation Designer
i. I navigated to the designer section of CloudFormation
ii. I uploaded the second lab-application file to show the interrelationship between the templates resources.
Task 5 : Deleting the stack
• CloudFormation can delete resources built for a stack, when the resources are no longer required
• Deletion policies can be set against resources which backs up the resources when they are deleted.
• Databases and disk volumes are retained after a stack is deleted when the deletion policy is set.
i. The lab-application stack was configured to take a snapshot of the Amazon EBS disk volume before it is deleted.
ii. The code in the template justifies this configuration. See screen print
iii. Navigated back to CloudFormation Console
-
Selected the lab-application stack
-
Chose and confirmed delete
Task 6: Verification of the snapshot of the EBS volume created before it was deleted.
i. Navigate back to the EC2 console
ii. Select snapshot under Elastic Block Store
iii. Under the snapshot status you will see the status ( either started/completed)
End.