- [Raf] Hi, it's me again, Raf here. So, according to everything
you have learned so far, CloudFormation is an
infrastructure-as-code service that you can rely in order to build your infrastructure automations. CloudFormation is one
of the core components of almost every CI/CD
workflow, and you would like to make sure your CloudFormation templates are as reliable as possible. In most cases, when the
creation of a stack fails, you will see a detailed error
from CloudFormation pointing out where the issue potentially is. The most common error
is due to permissions. Resources created or deleted
by your stack get operated on behalf of the user who
is operating the stack, so if you have a template
that creates an EC2 instance, but your user is not authorized to do so, that step will fail, and if
the stack creation is set to rollback in case of failure,
everything created so far will be deleted to
leave the infrastructure in a consistent state. Another aspect I would like to highlight is that CloudFormation is
a service that operates the resources in the given Region where the stack is running. So if you create a stack
in us-east-1, or Virginia, the resources will be
created in that Region. That being said, some
services require a property that only exists in a specific
Region, such as, for example, EC2 instances and their AMIs. The Amazon Machine Image, or
AMI, is the image containing the operating system of the EC2
instance you want to create. Each AMI has an ID, and these
IDs are different according to the Region you are operating in. If you want to create an EC2 instance and hardcode the AMI ID into the template, you would need to make sure
that the specific AMI ID exists in the Region you are creating. Otherwise, the creation would
fail because CloudFormation would be trying to launch
an instance with an AMI that does not exist in that Region. CloudFormation has a feature that makes the templates more reliable
in terms of cross-Region. So, if you want to build
a template that can run on any given Region, you can
use a CloudFormation mapping. A mapping is a feature that allows you to choose different values
according to each Region you are running, or any other value. Imagine the mapping as an if statement. For example, if you are running
the template in us-east-1, then use this specific AMI ID. If you're running in us-west-2,
then use that other one. That would fix that problem and make your templates more resilient. That can also be applied for parameters, such as if a parameter
has environment = prod, then choose a specific instance type. If the parameter has environments = dev, then choose another instance type, which could be a smaller one. Okay, cool. With the use of mappings, you can create a more flexible template, but how about the resource-creation sequence? For example, what if you have
an application that needs an RDS database up and
running before creating the EC2 instance? Another common troubleshooting topic is the dependency error. As the name suggests, a dependency error is when CloudFormation
tries to create a resource that depends on another resource that hasn't been created yet. CloudFormation creates
the resources in parallel to optimize speed, but
it may not know the order of precedence needed by
your application logic. You can add a property called
DependsOn in the creation of the EC2 instance. That would make CloudFormation
hold the creation of the instance, and only
do it after the RDS instance has been created. In the property, you can specify
one or multiple resources you want to depend on. If you're doing serverless,
dependency between resources may be more frequent, such as
creating an API Gateway endpoint and Lambda functions associated with it. That's why the usage of SAM, or Serverless Application Model, brings you good help, because
it is an abstraction layer that gives you a serverless-oriented view, so it already knows some obvious dependencies among resources. There are also other
troubleshooting topics described in the AWS documentation,
but you guess what? Alana told me she will add that
link to the course readings so you don't miss anything.