Scaling with CloudFormation StackSets – Establishing a Deployment Strategy – SAP-C02 Study Guide

Scaling with CloudFormation StackSets

Imagine you have created your AWS resources using CloudFormation templates only to realize some time later that you actually need to roll out and manage the same stack in multiple accounts across multiple AWS Regions.

If the stacks were to be managed independently of each other, creating them separately one by one would make sense. However, since in this case you want to manage them centrally, it doesn’t. This is where StackSets comes in handy. StackSets allows you to manage and roll out the same CloudFormation template across multiple accounts and in multiple Regions. It also lets you specify how many accounts the deployment should be applied to concurrently. Therefore, you can decide whether you prefer to maximize the speed of deployment or to be more conservative and roll out one at a time, possibly starting with the lowest-impact region, if any, to measure impact first.

Another important aspect of StackSets is security. Deploying a stack set means having the necessary permissions to roll out a CloudFormation template in the target accounts across the target Regions. You can naturally handle this yourself with self-managed permissions, creating an IAM role with enough permissions to let CloudFormation operate. However, it becomes particularly interesting when you manage accounts in your organization using AWS Organizations. CloudFormation is integrated with AWS Organizations, which allows you to leverage service-managed permissions, provided that you have enabled all features in AWS Organizations (and not consolidated billing only). When all features are enabled, CloudFormation creates the necessary roles for you in your organization’s accounts so you can more easily roll out stack sets across your organization.

CloudFormation is a vast topic and covering it in detail is beyond the scope of this book. Please refer to the resources listed in the Further Reading section of this chapter to learn more. You’ve looked at the general concepts around cloud deployment, along with some of the ideas you should be concerned with when designing a deployment. Now we will look at how we can use AWS to define IaC using the AWS Cloud Development Kit.

The AWS Cloud Development Kit

The AWS Cloud Development Kit (CDK) is an open source framework created by AWS to allow cloud application developers to leverage widespread programming languages, such as Java, Python, TypeScript, and more, to create AWS resources using an IaC approach. The AWS CDK uses CloudFormation behind the scenes and translates code written in Java, Python, TypeScript, and so on into CloudFormation templates.

The AWS CDK provides a higher-level programming language interface, abstracting away CloudFormation YAML and JSON templates. Its basic building block is called a construct. A construct defines an AWS component that maps to one or more AWS resource(s). The AWS CDK comes up with a library of constructs, called the AWS Construct Library, which provides constructs for many AWS resources out of the box. You will, for instance, find constructs to define an S3 bucket, a DynamoDB table, and many more. Constructs can also be more complex and can group together multiple AWS resources, for instance, an S3 bucket and an EC2 instance, to provide a higher level of abstraction for resources frequently used by your applications and to simplify your deployment process.

Construct Hub, which can be found at https://packt.link/M5DwN, provides a centralized repository for CDK constructs offered by AWS, various providers, and the CDK community of users.

Take a look at the following simple example that highlights the benefits of using the CDK. It illustrates the creation of an S3 bucket using the AWS CDK in TypeScript:

import { App, Stack, StackProps } from ’aws-cdk-lib’;

import * as s3 from ’aws-cdk-lib/aws-s3’;

class MyFirstCdkStack extends Stack {

  constructor(scope: App, id: string, props?: StackProps) {

    super(scope, id, props);

    new s3.Bucket(this, ’MyFirstBucket’, { versioned: true });

  }

}

const app = new App();

new MyFirstCdkStack(app, “MyFirstCdkStack”);