🏗️

AWS CloudFormation

ManagementInfrastructure as Code (IaC)

CloudFormation is the IaC engine that turns a declarative template into real AWS resources. A stack uses that template to create, update, and roll back infrastructure in a consistent way.

▶Architecture Diagram

🔄 Process

📄Template (S3)

🏗️CloudFormation

🔒VPC

🖥️EC2

🐘RDS

⏪Rollback

Dashed line animations indicate the flow direction of data or requests

Why do you need it?

If production is changed in the console and development is recreated from memory, eventually nobody is sure which settings are the real ones. When rebuilding the same infrastructure always depends on a different order or different values, recovery and expansion both slow down.

Why did this approach emerge?

In the past, wiki documents or shell scripts were used to share infrastructure setup steps, but this approach led to drift and reproduction failures. This is why managing infrastructure as code with CloudFormation became the standard.

How does it work inside?

CloudFormation reads templates and creates resources as stacks, managing updates and rollbacks together. It bundles multiple resources like VPC, EC2, and RDS into a single deployment.

In Code

Declaring resources directly in the template

Resources:
  AppBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: my-sample-app-bucket

  AppQueue:
    Type: AWS::SQS::Queue
    Properties:
      QueueName: my-sample-app-queue

CloudFormation does not script console clicks. It declares the final resource state you want AWS to converge to.

Dependencies between resources are expressed in the same template

Resources:
  AppRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole

  AppFunction:
    Type: AWS::Lambda::Function
    Properties:
      Handler: index.handler
      Runtime: nodejs22.x
      Role: !GetAtt AppRole.Arn
      Code:
        ZipFile: |
          exports.handler = async () => {
            return { statusCode: 200, body: "ok" };
          };

Instead of creating resources one by one, you keep both the resources and their dependencies inside the same declarative file.

What is it often confused with?

CloudFormation and CodePipeline both appear in delivery flows, but their roles differ. CloudFormation is the IaC engine that declaratively creates and changes resources, while CodePipeline coordinates the stages that move a change from source to deployment. If the core problem is defining infrastructure as code, look at CloudFormation; if the core problem is sequencing build, approval, and deployment, look at CodePipeline.

Commonly Compared Concepts

🔄

CodePipeline

Fully Managed CI/CD Pipeline

Both appear in deployment contexts, but CloudFormation declaratively defines and creates/changes AWS resources while CodePipeline orchestrates the end-to-end delivery flow across deployment stages.

When should you use it?

Well-suited for repeatedly deployed environments, dev/staging/production replication, and network and compute resource standardization. Automating the entire release flow from source to deployment isn't solved by IaC alone.

Infrastructure automationEnvironment replicationChange managementDrift detection