Videos

AWS re:Invent 2019: [REPEAT 1] Best practices for authoring AWS CloudFormation (DOP302-R1)

Parameters: Avoid hardcoding values, can add validation to users and improve UX with console grouping, labels, descriptions; keep secrets in SSM Parameter Store and Secrets Manager
Mappings: As a case statement, helps maintain a set of information for various environments
Conditions: Simple if/then statements (e.g. if dev do this, if prod do that)
Imports and exports, leverage cross-stack references or export/import values through SSM
Use !Sub over !Join
Leverage SSM Parameter Store for latest AMI instance IDs

Run Lint in headless mode, prevent promoting templates with errors
Use TaskCat to live-test infrastructure
Use ChangeSets to know what effect the change will have on the underlying resources before actually deploying it
Use StackSets to deploy across multiple accounts and regions
Use automated deployment pipelines to deploy infrastructure changes
Refactor large stacks with resource import
Detect and remediate drift

Partially deploy your CloudFormation StackSet updates to reduce blast radius; great for sanity testing / releasing incrementally
Depending on your speed needs, consider setting a higher concurrent account limit
Use parameter overrides to define specific parameters in account-region pairs
Separate stacks by function and frequency of changes needed

Last updated 4 years ago