Amazon AWS Certified Advanced Networking Specialty – Automation Primer Part 2
3. CloudFormation – Stack Dependencies
Hey everyone and welcome back. In today’s video, we will be discussing about the cloud formation stack dependencies. Now during the previous video, if you remember we had created a simple VPC. However, just having a VPC is not of much use, right? Because you if you want to launch an instance inside a VPC, you need to configure a lot of things like subnets. You need to configure Internet gateway if you need an internet access or gateway routing table, et cetera, et cetera. So basically, during the configuration of those areas, like let’s say configuration of subnets, we need to provide the VPC ID. And this is where the problem actually happens.
So let’s understand on what do we mean by this. So currently I am in my VPC console. Let’s do one thing, let’s sort it out by the VPC name. So I’ll just sort it out by this specific VPC that we had created through cloud formation. So now this VPC part is created from cloud formation. Now the next thing that you typically need to do is the subletting. Now in the subnet if you click on create a subnet, you will have to specify the VPC ID. So this is extremely important. Without VPC ID, you will not be able to create a subnet. However, whenever you write a cloud formation template, you typically do not know what is going to be the VPC ID of the new VPC which is going to be created. So let’s take an example. So this is the simple VPC block. Now when I create a VPC, I will not come to know what is the VPC ID which is going to be associated with it. So in case if I create a subnet, I need to define the VPC ID where the subnet is going to be created.
So if I go into the documentation, within the documentation, if you see you have to specify the VPC ID. And if I just click on the VPC ID and if you look into the VPC ID, it says required is equal to yes. That means that this specific parameter is mandatory within your subnet type. So if this specific template gets executed, we do not know what is going to be the VPC ID. So in order to deal with such situation, typically what we do is we do a reference.
So if I quickly open up my template, you see I have a second resource type which is created of my subnet. So this resource type is called as my subnet. Now the type here is AWS EC two subnet properties. These are some of the properties. However, for the VPC ID field over here we are doing a reference of my VPC. So my VPC, this part comes from here which is under the resource. Now what this basically does is that this value, whatever value of the VPC ID that is going to be created, it would be substituted here. And whenever you deploy this specific template, you don’t really have to worry about manually adding the VPC ID here. If you use this specific block, it will automatically associate itself with the VPC ID which gets executed after this specific block. Now, along with that, there is one important part to remember specifically when you are doing a reference. Now that important pointer is let’s say that if the property of resource A uses a reference to resource B, then the following rule will apply that the resource B will be created before resource A.
This is very important part to remember and resource A will be deleted before resource B. So these are the two important pointers that you need to remember specifically when you are doing a referencing. Now in this case, we are doing a reference of my VPC from subnet. So both the rules that we have discussed would be applied here. So when you run or when you deploy this specific template, cloud formations will see that there is a resource of the name my subnet and it has a reference to my VPC. So now the cloud formation will create this specific block first. It will deploy this specific resource block first and then only it will create the block of my subnet. So this is the intelligence which cloud formation has. Now typically if you are making use of Atom Editor, it really becomes simple to sort it out. Like this is a simple YAML template. And if I can just minimize this. So from here I can see that this is a cloud formation template.
And within the resources, there are two resources. First resource is of type VPC and second is of type subnet. So if you just want to see subnet, you can just open it up here and you will be able to see over here. So this becomes much more easier to work things with. All right, so what I have done, I have saved this template and let’s deploy it within our cloud formation stack. So this is our cloud formation stack. I’ll just click on this. And now what we want to do is we want to update this tag because we have updated our document, so we need to update the infrastructure structure as well. So in order to do that, you need to click on Actions, click on Update Stack and within the update stack you can use a current template, replace current template and edit the template in designer.
So I’ll say replace the current template, update a new template file, I’ll specify the template again, I’ll do a Next, let’s do a Next, I’ll do a Next again and we’ll go ahead and we’ll update the stack. Great. So now the status has been changed to Update Complete. Now if you go to the subnets, let me just so this is the VPC that we have. And if I go to subnets, you see we have a new subnet called as my subnet one A, which is created and it is created in the VPC, which was part of the template here. So this is the VPC where it automatically got created. So this is one important part to remember is that whenever there is a need of dependencies, you can basically make use of reference to have a dependent agency based resource creation.
4. CloudFormation – DependsOn Attribute
Hey everyone and welcome back. In today’s video we will be discussing about it depends on attribute of cloud formation. So first of all before we begin, I would like to apologize because during the video my eyes might go small. Basically it is late night. Generally I prefer to record the videos in the early morning like during 03:00 A. m. Or 04:00 A. m. Or during the late nights around one A. The reason is because in such timings you will not see much noise, otherwise you might hear neighbors cooking, food or someone singing et cetera et cetera. So anyways, so with this let’s begin and understand the depends on attribute. Now, in the earlier video of stack dependencies, we already discussed about one of the important pointer which states that if the property of resource A uses a reference to resource B, then there are two conditions that would apply. First is that the resource B will be created before resource A and resource A is deleted before resource B.
Specifically when you are deleting your stack. This is something that we’ll be looking in today’s demo as well. So basically referencing is one of the ways in which you can reference on which resource might be created first. But this is not always the right approach depending upon the use cases that you have. So let’s understand one of the use cases where reference might not be an ideal way to use. Now in our sample use case, what we have is we have an application one which basically needs three resources. First is EC two instance, second is RDS and third is S three bucket. Now there is a little note over here which states that application inside EC two instance won’t get initialized if the RDS instance is not ready.
So basically what you want is you want RDS to be ready first, then easy to instance because one easy to instance comes up and all the user data and those scripts gets initialized. Then if the RDS instance is not ready then the application will not get initialized and it will fail. So for such use cases you want the RDS instance to be created first and once that happens, then you want the EC to instance to be created first. So for such kind of a dependencies you need to make use of the depends on attribute. So this is a simple cloud formation template. Now within this template if you would see I have two resources which are defined over here similar to the use case.
First is the EC two instance and second is the database. Now if I open up the EC two instance you see the type is AWS EC two instances you are giving the image ID. This is basically the Amazon Linux AMI ID and you have the instance type which is T two micro and you also have resource call as my DB. The type is AWS RDS DB instances and it has the associated properties like master username, master password, the DB instance class, the engine which is MySQL. Now, what we wanted was we wanted that the database should be created first because if the DB does not get created then your application would not get initialized. And this is the reason why in the last line associated with the EC to instance we have a depends on attribute. Now this depends on attribute says my DB. So basically this specific resource would be dependent on the Mydb resource.
So what cloud formation would do, the cloud formation will deploy the RDS instance which is defined under my DB over here. And once the RDS instance gets created, then the cloud formation will go ahead and deploy the EC to instance. So this is what that depends on attribute speaks about. So let’s do one thing, let’s jump to practical and we’ll look into how exactly it would look like. So I’m in my cloud formation console and we’ll do a create stack. So we’ll be deploying a new stack over here. So let’s click on upload a template file. I’ll choose a file and once you select the depends on, one interesting thing is you should always verify by view in designer console. Basically this is a quick way to see on what exactly would be happening based on the template. So if you see over here there are two resources. One is EC two instance and second is the database. Now there is a connector. So this is basically depends on. So this basically states that the EC two instance is dependent on the RDS instance and Cloud formation will hence create the RDS first and then the EC two instance would be created. So this is how the GUI looks like.
So I think this is something that we are looking forward for based on the use case that we were discussing. So let me just quickly close it and I’ll quickly create a stack again. So once you have done that, you can go ahead and you can click on Next. Let’s give this tag name as depends on we’ll do a Next. We’ll just leave everything as default and we’ll click on create stack. So one important part to remember is specifically if you are creating RDS instances, that is something that would take a long amount of time. So you should have a patient specifically if cloud formation or even if you are doing things in a manual basis, RDS instance is one of the resources which takes little amount of time. However, if you typically so now if you see the first thing that is being created is the resource under the logical idea of Mydb.
Now, we have already seen that the resource within the Mydb is the RDS instance. So what cloud formation did was it read through the template, it saw that the resource associated with EC two instance has a dependency attribute on Mydb. And now cloud formation is going ahead and creating the resource which is part of mydb once this is created, then Cloud formation will go ahead and create the EC Two instance. So if I quickly refresh, it’s still in Create in progress. So basically it will take ten to 15 minutes for things to work out. So I’ll just pause the video and I’ll resume once the resources are created. All right, so now the resources are created.
So you would typically see once the logical idea of my DB has the Create complete status, then the EC Two instance has started to create. Now we can also quickly verify this. Let’s go to RDS and along with that let’s go to EC Two. So within the RDS we have one DB instance which is up and running. So this is the RDS instance which got created and under the EC to console, you also have one instance with T two micro which is created. Now this is the basics about depends on attribute. But before we conclude this video, there is one more pointer that I wanted to discuss is regarding the first slide. So we were discussing specifically when you are using references or when you are using depends on attribute, what really happens is the resource B. In this case if resource A is using a reference to resource B, it can be reference or depends on, then the following rules will apply. So resource B is created before resource A. This is something that we already discussed.
So let’s say that I’ll just write it down so it becomes easier. So let’s say this is resource A and this is resource B. So if in resource A we have a depends on attribute or a reference, then the resource B will be created first. So this is the first point that we were discussing. However, the second pointer, like whenever we are terminating the stack, the resource A is deleted before resource B. This is very important to remember as well. So what would happen is in our case whenever we delete the stack, the resource A would be terminated first and then the resource B would go ahead for the termination. So let’s quickly verify if this actually holds to be true. So what I’ll do, this is our stack name. I’ll go to Actions and I’ll click on Delete Stack. So I’ll go ahead and I’ll delete the stack and let’s click on Refresh. And now you see the logical idea of EC two instance is getting terminated first. So this is something that we already discussed that the resource A will be deleted before resource B. So if you look in this representation it would be easier.
So this is resource B and this is resource A. So this resource A will be terminated first and then this resource B would be deleted. So again, it will take little amount of time for the deletion to happen. So let’s quickly wait till the resources are deleted. So now it says the new events are available. So let me do a refresh here. And it says that the EC to instance Deletion is completed. And once the EC to instance Deletion is completed, now the Delete in progress status is associated with my DB. So if I quickly go to EC two instance, you see it is terminated. And now, basically, your DB instance is also deleted. So I hope you understood what exactly the two pointers within this slide is all about.
5. CloudFormation – Errors and Rollbacks
Hey everyone and welcome back. In today’s video we’ll be discussing about the errors and rollback specific pointers for cloud formation. Now, generally, whenever you go ahead and deploy a cloud formation template, there are two types of error categories that you will typically deal with. First is the validation error and second is the semantics error or the postpaid call error. Now, the validation error generally occurs when cloud formation is not able to parse the template. This typically happens when you have made some mistake within the template itself. Now, the semantics error is generally not detected unless and until the resource has been created or updated. So in semantic error, this error has more to do with the logic rather than the validation.
So it might happen that your cloud formation template is correct, but there is some error within the logic due to which whenever you go ahead and create the resource, something fails or whatever API the cloud formation is sending the request to, it gives an error. So we’ll look into both of them in today’s video. So this is a simple file call as Cfyphon error dot YML that I have created. Now, one mistake that I have done in fact, this is a perfectly working file except this section where instead of resources I have removed the O warrior so it should be resources but I have removed an O. So basically what happens is that there is a template error here. So I have saved it and let’s go ahead and deploy it in cloud formation and see what type of error cloud formation gives us.
So I’m in my cloud formation console, let’s go ahead and create a new stack. So I’ll click on upload a template file and I’ll select the file. So this is the CA python error YML file. Now, if you click on next over here, you would typically see at the top it says invalid template property or properties and it is giving you the exact pointer where there is an error which is occurring. So this really becomes easier. So now you can see that there is a missing O. You can put the O and you can go ahead and deploy it again and your template will work perfectly. So this is part of the validation error where cloud formation cannot parse the template. The second type of error is more of a semantic error. Let’s go ahead and understand more about this as well. So I have two type of examples over here. First example basically just creates a simple s three bucket.
So let’s go ahead and deploy this specific template in cloud formation. So I’ll create a new stack, I’ll upload a template file. This time I’ll select the s three dot TXT which basically creates a s three bucket. I’ll name it as s three bucket creation. Now, if you notice it did not give any template error. That means there are no issues related to the validation of the template. Let’s go ahead and we’ll just do a create stack. So currently creation is in process, so let’s quickly wait for a moment. And now you see it gave an error. Basically it says that the test Seven website already exists. So, although there was no issue with the cloud formation template, the API when cloud formation makes a call to the Sri to create a new Sere bucket with this name, that API, when it gives an error to the cloud formation, cloud formation in turn will fail.
So this is referred as the postapi call error as well. We’ll also be discussing about the semantics error, which has more to do with the logic of the sequence that you put within the template. Now, I have a file called as rollback hyphen two TXT. And this is a perfectly valid file. Basically, what it creates, it creates a VPC. And once the VPC is created, it has the subnet resource part. Now, within the subnet resource part, you see under the VPC ID, we are doing a reference to my VPC. So in such situation, what will happen is my VPC will be created first and then the subnet would be created. So although here everything is perfectly fine, let’s go ahead and deploy it and let’s see whether it works or not. So I’ll go back to my stacks, let’s go and create a new stack. I’ll put rollback Hyphen two TXT, let’s quickly do a Next. I’ll say custom VPC resources, I’ll do a Next, I’ll do a Next and we’ll go ahead and we’ll create a stack. So the first thing that it is doing that it is creating a VPC over here.
So let’s go to VPC. And if you just click on VPCs, currently you see there are no VPCs which are available. So typically, if I just refresh the page now, it basically says Create Fade. Now, the reason why it set the Create failed is because it says the value US West one C for the parameter Availability Zone is invalid. Now, this is basically happening because within the cloud formation template we have an Availability Zone of US Hyphen One C. However, we are deploying this specific template within the Mumbai region. And Mumbai region starts with AP south and not US west. And this is the reason why your template, when you deploy it, it is failing. And this is what the second pointer says, that it is not detected until the resource has been created or updated.
This is one important part to remember over here. Now, one more important thing that I wanted to show you is that whenever a template fails, you see here my VPC. Earlier it was Create in progress, then again my VPC create complete. So at this step, the VPC creation was completed and then the subnet creation started over here. Now, as soon as the subnet creation failed, what cloud formation started to do, it started to roll back all the resources which got created. So here it deleted the subnet and here it deleted the VPC. So generally, cloud formation, if something fails within your stack, it will roll back the entire things which are created by this specific template. So there is a way, if you do not want it to roll back completely, there is a way that you can define within the cloud formation as well. So let me quickly show you this as well. So let’s create a stack. This time we’ll use the same template. I’ll do a next. This time let’s say custom VPC, no rollback. I’ll go ahead and I’ll do a Next. And at the bottom there is an option called as tag creation options.
So let me click here and here. Within the rollback on failure, you see, it is enabled by default. That basically means that whenever a failure happens while you are deploying your template, then cloud formation will automatically roll back all the changes and whatever resources that were created as part of the stack would be deleted. So what you want to do is you want to disable this. So let’s disable it now. I’ll do a Next and I’ll create a stack. So now, as we know, the first thing that it will do is that it will go ahead and it will create a VPC. So let’s just quickly wait for a moment here. So here you see within the logical idea of my VPC, it says Create in progress. And now the VPC create is completed. And now the subnet Create in progress has been initiated. The creation has failed. However, there is no rollback now. So basically now if you just refresh the VPC, you would see that your VPC is present over here and rollback has not happened. So this is one of the options that you can use in case if you intend to not roll back your stack in case of failure.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »