1 00:00:00,980 --> 00:00:03,640 - [Raf] Hi, it's me again, Raf here. 2 00:00:03,640 --> 00:00:07,110 So, according to everything you have learned so far, 3 00:00:07,110 --> 00:00:09,820 CloudFormation is an infrastructure-as-code service 4 00:00:09,820 --> 00:00:11,690 that you can rely in order to build 5 00:00:11,690 --> 00:00:13,290 your infrastructure automations. 6 00:00:14,180 --> 00:00:16,600 CloudFormation is one of the core components 7 00:00:16,600 --> 00:00:20,320 of almost every CI/CD workflow, and you would like 8 00:00:20,320 --> 00:00:22,090 to make sure your CloudFormation templates 9 00:00:22,090 --> 00:00:24,510 are as reliable as possible. 10 00:00:24,510 --> 00:00:27,990 In most cases, when the creation of a stack fails, 11 00:00:27,990 --> 00:00:30,730 you will see a detailed error from CloudFormation pointing 12 00:00:30,730 --> 00:00:33,440 out where the issue potentially is. 13 00:00:33,440 --> 00:00:36,320 The most common error is due to permissions. 14 00:00:36,320 --> 00:00:39,820 Resources created or deleted by your stack get operated 15 00:00:39,820 --> 00:00:42,620 on behalf of the user who is operating the stack, 16 00:00:42,620 --> 00:00:45,410 so if you have a template that creates an EC2 instance, 17 00:00:45,410 --> 00:00:48,200 but your user is not authorized to do so, 18 00:00:48,200 --> 00:00:51,490 that step will fail, and if the stack creation is set 19 00:00:51,490 --> 00:00:54,810 to rollback in case of failure, everything created so far 20 00:00:54,810 --> 00:00:57,080 will be deleted to leave the infrastructure 21 00:00:57,080 --> 00:00:59,040 in a consistent state. 22 00:00:59,040 --> 00:01:01,560 Another aspect I would like to highlight 23 00:01:01,560 --> 00:01:03,910 is that CloudFormation is a service that operates 24 00:01:03,910 --> 00:01:05,700 the resources in the given Region 25 00:01:05,700 --> 00:01:07,340 where the stack is running. 26 00:01:07,340 --> 00:01:10,890 So if you create a stack in us-east-1, or Virginia, 27 00:01:10,890 --> 00:01:13,690 the resources will be created in that Region. 28 00:01:13,690 --> 00:01:16,800 That being said, some services require a property 29 00:01:16,800 --> 00:01:20,450 that only exists in a specific Region, such as, for example, 30 00:01:20,450 --> 00:01:22,410 EC2 instances and their AMIs. 31 00:01:23,573 --> 00:01:26,940 The Amazon Machine Image, or AMI, is the image containing 32 00:01:26,940 --> 00:01:30,450 the operating system of the EC2 instance you want to create. 33 00:01:30,450 --> 00:01:34,150 Each AMI has an ID, and these IDs are different according 34 00:01:34,150 --> 00:01:36,530 to the Region you are operating in. 35 00:01:36,530 --> 00:01:38,420 If you want to create an EC2 instance 36 00:01:38,420 --> 00:01:41,250 and hardcode the AMI ID into the template, 37 00:01:41,250 --> 00:01:44,760 you would need to make sure that the specific AMI ID exists 38 00:01:44,760 --> 00:01:46,540 in the Region you are creating. 39 00:01:46,540 --> 00:01:49,630 Otherwise, the creation would fail because CloudFormation 40 00:01:49,630 --> 00:01:52,020 would be trying to launch an instance with an AMI 41 00:01:52,020 --> 00:01:54,003 that does not exist in that Region. 42 00:01:54,910 --> 00:01:56,680 CloudFormation has a feature that makes 43 00:01:56,680 --> 00:02:00,010 the templates more reliable in terms of cross-Region. 44 00:02:00,010 --> 00:02:02,410 So, if you want to build a template that can run 45 00:02:02,410 --> 00:02:06,720 on any given Region, you can use a CloudFormation mapping. 46 00:02:06,720 --> 00:02:08,780 A mapping is a feature that allows you 47 00:02:08,780 --> 00:02:11,870 to choose different values according to each Region 48 00:02:11,870 --> 00:02:14,540 you are running, or any other value. 49 00:02:14,540 --> 00:02:17,190 Imagine the mapping as an if statement. 50 00:02:17,190 --> 00:02:21,010 For example, if you are running the template in us-east-1, 51 00:02:21,010 --> 00:02:23,690 then use this specific AMI ID. 52 00:02:23,690 --> 00:02:28,020 If you're running in us-west-2, then use that other one. 53 00:02:28,020 --> 00:02:30,130 That would fix that problem and make 54 00:02:30,130 --> 00:02:32,350 your templates more resilient. 55 00:02:32,350 --> 00:02:35,050 That can also be applied for parameters, 56 00:02:35,050 --> 00:02:38,910 such as if a parameter has environment = prod, 57 00:02:38,910 --> 00:02:41,430 then choose a specific instance type. 58 00:02:41,430 --> 00:02:44,100 If the parameter has environments = dev, 59 00:02:44,100 --> 00:02:46,150 then choose another instance type, 60 00:02:46,150 --> 00:02:48,660 which could be a smaller one. 61 00:02:48,660 --> 00:02:49,850 Okay, cool. 62 00:02:49,850 --> 00:02:52,040 With the use of mappings, you can create 63 00:02:52,040 --> 00:02:54,850 a more flexible template, but how about 64 00:02:54,850 --> 00:02:57,120 the resource-creation sequence? 65 00:02:57,120 --> 00:03:00,300 For example, what if you have an application that needs 66 00:03:00,300 --> 00:03:03,930 an RDS database up and running before creating 67 00:03:03,930 --> 00:03:05,850 the EC2 instance? 68 00:03:05,850 --> 00:03:07,860 Another common troubleshooting topic 69 00:03:07,860 --> 00:03:10,010 is the dependency error. 70 00:03:10,010 --> 00:03:12,370 As the name suggests, a dependency error 71 00:03:12,370 --> 00:03:14,730 is when CloudFormation tries to create a resource 72 00:03:14,730 --> 00:03:16,650 that depends on another resource 73 00:03:16,650 --> 00:03:19,030 that hasn't been created yet. 74 00:03:19,030 --> 00:03:21,620 CloudFormation creates the resources in parallel 75 00:03:21,620 --> 00:03:24,880 to optimize speed, but it may not know the order 76 00:03:24,880 --> 00:03:28,090 of precedence needed by your application logic. 77 00:03:28,090 --> 00:03:31,520 You can add a property called DependsOn in the creation 78 00:03:31,520 --> 00:03:33,170 of the EC2 instance. 79 00:03:33,170 --> 00:03:35,770 That would make CloudFormation hold the creation 80 00:03:35,770 --> 00:03:39,210 of the instance, and only do it after the RDS instance 81 00:03:39,210 --> 00:03:40,920 has been created. 82 00:03:40,920 --> 00:03:44,420 In the property, you can specify one or multiple resources 83 00:03:44,420 --> 00:03:46,840 you want to depend on. 84 00:03:46,840 --> 00:03:50,230 If you're doing serverless, dependency between resources may 85 00:03:50,230 --> 00:03:53,840 be more frequent, such as creating an API Gateway endpoint 86 00:03:53,840 --> 00:03:56,350 and Lambda functions associated with it. 87 00:03:56,350 --> 00:03:58,266 That's why the usage of SAM, 88 00:03:58,266 --> 00:04:00,308 or Serverless Application Model, 89 00:04:00,308 --> 00:04:03,610 brings you good help, because it is an abstraction layer 90 00:04:03,610 --> 00:04:06,150 that gives you a serverless-oriented view, 91 00:04:06,150 --> 00:04:08,240 so it already knows some obvious 92 00:04:08,240 --> 00:04:10,153 dependencies among resources. 93 00:04:11,900 --> 00:04:14,760 There are also other troubleshooting topics described 94 00:04:14,760 --> 00:04:17,260 in the AWS documentation, but you guess what? 95 00:04:17,260 --> 00:04:20,080 Alana told me she will add that link to the course readings 96 00:04:20,080 --> 00:04:21,563 so you don't miss anything.