Amazon AWS Certified Advanced Networking Specialty – Automation Primer Part 3

  • By
  • January 16, 2023
0 Comment

6. CloudFormation – Change Sets

Hey everyone and welcome back. In today’s video, we will be discussing about the change set feature of cloud formation. Now, typically, if you are using cloud formation in your production environment, the chances are that you would be regularly updating your cloud formation template and deploying that new template within your AWS environment. Now, typically when you deploy the changes that you make to your template, it is important for you to understand on what are the delta changes that your updated template is going to make.

So, I still remember it has been many years. So we used to use cloud formation actively and in one of the organizations that I have been working with, one of the colleagues, she changed a description and few other parameters within the security group and she went ahead and she did an update stack. However, instead of having the change that she expected, the template that she updated, it completely did a negative thing due to which the production system went down. So during that time, it was not really possible to see what exactly your updated template is going to do. So this is something that I really like about TerraForm.

So TerraForm, when you do a TerraForm plan, it will show you on what exactly the TerraForm template that you have written or you have updated, what exactly are the changes that it is going to do. So now what cloud formation has come up with? It has come up with a feature of Change Sets. Now, Change Sets is basically a feature which allows you to see on what changes your updated template is going to make within your production environment. So if we typically look into this diagram, this is a new change set which has been created and you see it is saying that it is going to remove a specific subnet and it is going to add one more subnet over here.

So before applying your changes, if a subnet is getting removed, that is a blocker or a red light, specifically if you are doing it in production. So you can just stop your apply or stop your update stack and review the changes. So let’s look into the changes in a practical aspect. So I have a simple cloud formation template. All it does is it creates one VPC over here and it creates a subnet and the subnet block is 1077. CIDR block for VPC is 10770 00:16.

So I’m in my Mumbai region, let’s go ahead and create a stack. I’ll say upload a template file and I’ll choose a relevant file. Let’s select next. I’ll name it as custom VPC. Let’s do a next. I’ll do a next. I’ll leave everything as default and we can click on Create stack. So it is going ahead and creating a VPC. So meanwhile, this is getting created. Let’s go to the VPC console so that we can quickly verify. So the VPC creation is now completed.

And now it is going ahead and doing a subnet creation. So if you quickly go to your VPCs, you should see a VPC with the CID R of 10770 00:16. And let’s quickly verify if subnet is created. And yes, it is created. Now if you just select the VPC. So this is the new VPC. If you go to subnet, you should see one subnet with 1077 one dot 00:24. All right. So now this is your first change that you have done via template. So in the future perspective, let’s say that you want to update and you want to see what is the exact impact that it might make to your production environment. So let’s try it out on how exactly it might work. Now, let me do one thing. I’ll change the CIDR block from 1077 10 to 1077 20 and I’ll go ahead and save my changes. Now what I can do, I can just click on my template. I can go to Actions and let’s click on Create Change set for the current stack.

So here I’ll click on Replace current template and let me upload the same file again. So this is the file where we had changed our subnet. Let me do a Next, Next and next again. We’ll leave everything as default for the timing. And I’ll click on Create change set. I’ll name it as version two. And I’ll click on Create change set. So what this will do, like if you have come from an symbol, the closest thing that I can relate to that is the dry run. So this is some kind of a dry run where it will do the change. It will not actually perform, it will try to perform and it will tell you on what are the changes that it will do if you execute it. Now here, if you see it says that it is modifying a subnet.

And notice this word replacement is true. Replacement basically means that the older resource would be deleted and it would be recreated. Now, if you are fine with this, you can go ahead and do an execute. If you are not fine, you can go ahead and do a delete. So in our case, we have a subnet call as 1077 one dot 00:24. We know that there will be a replacement. So let’s go ahead and do an execute and we’ll see on how exactly it might work. Great.

So now, if you see there is something called as delete in progress. So the earlier subnet which was present, it is getting deleted. And the new subnet of 1077 200:24 which we were creating, it would have been created. Let’s quickly verify. So currently update is complete. And now here you see, you only see one subnet 1077. Whatever earlier subnet was present 10, it got deleted. So this is the reason why whatever changes that you typically do, it is idle to go through the chain sets and then only go ahead and do the execute if everything is fine there.

7. CloudFormation – Parameters

Hey everyone and welcome back. In today’s video we will be discussing about the cloud formation parameters. Now, parameter is a pretty useful feature in cloud formation and basically it allows us to put a custom value specifically whenever you deploy a template within the cloud formation console through create or update stack. So let’s understand this with the use case. Now, let’s say that we have created a cloud cloud formation template or the DevOps team have created a cloud formation template which basically creates an EC to instance. So any developer within the organization, if they want to use or if they want to create an EC two instance, they must use the template which is being created by the DevOps team.

So that is the requirement. However, there is a problem. The problem is the template has a hard coded value of m five dot large and depending upon where the instance gets created, it might happen that developer wants to test a cluster and that cluster requires a much more bigger instance, much more higher than m five large. Then by default they cannot directly use the cloud formation templates which the DevOps team has given. Or in a similar way, if a developer has a pretty small application and he needs a t two micro, again, if he just deploys the template of m five large, that would just increase the cost unnecessarily. So what we want is we want that dynamicity within the template where developer should be able to put what is the value that he needs in the template. And that feature is something which the parameters allows us to do.

Now, if you look into the parameters section here, there is an instance type parameter over here where a developer can select which is the type of instance that he needs, whether he needs a t two micro or m one small or whatever value that is defined by the DevOps team within this specific section. So let’s do one thing, let’s directly jump into practical and we’ll understand this in a better way. So I have a file call as parameters within our lab section. And what this basically does, if you see this is a very simple cloud formation template. The type is AWS EC two instance, it has a hard coded AMI and the instance type is m five large.

So let’s assume that if the DevOps team directly gives this template to every developer, any developer who runs this template EC two instance will be created of type m five large. So now, if developer wants to have an instance type which is other than m five dot large, either he updates his template or he creates a new template. So this is not a very idle approach of doing things. So with this we discuss about parameters. So there’s a file called parameter v two over here. Now, what happens in this type of approach is that you see, within the instance type we are doing a reference to the instance type parameter over here. And within the parameter section I have an instance type parameter type a string and the default value is t two micro.

And the allowed value is t two micro. M one small or m one large. Now, if the developer does not specify any value, the template will take t two micro by default. However, the developer will have options to select one of these instance type values whenever they deploy the template. So ideally this is just for example but this list might be long depending upon the use case that is there within the environment. So let’s go ahead and deploy this and see on how exactly it might look like. So I’m in my Cloud Formation console, let’s click on Create Stack, I’ll use upload a template file option and I’ll select the parameter v two TXT. Let’s click on next. And now you see by default here, the instance type is t two micro. However, if you go to the drop down you also have option for m one large and m one small. So these are the options which are available.

So typically whenever you have a larger environment, parameters is something that you will be quite often be using within your Cloud Formation template. So this is just one example, let’s say second example I can give you is of key. So if you want the Cloud Formation template which creates an easy to instance so you cannot hard code your key because if developer is launching his instance, he wants his instance to be created with his key. So he should be able to specify his key from the parameter and Cloud Formation will create the template with the key which is a developer has specified within the parameter section over here.

8. CloudFormation – Deletion Policy Attribute

Hey everyone and welcome back to the Knowledge Portal video series. And in today’s lecture we’ll be speaking about the Deletion Policy attribute of the Cloud formation. Now, this is a quite important topic as far as exams are concerned. So make sure you pay close attention on this. So in cloud formation, basically when we delete the stack, all the resources which created through that stack will also be deleted. Now, in certain cases we want that certain resource should not be deleted or snapshot must be taken before the resources are terminated. Now, let me give you one of the examples. So in the earlier lecture we had created an easy to instance with cloud formation. So this is the stack which is KP Labs Hyphen sample. Now, if I go ahead and click on Delete stack, what would happen is it would delete all the resource which were created in this stack.

So basically the instance now you see, the instance state is now shutting down and after this it will be deleted. Now, in many of the cases, specifically when you have RDS or EBS volumes, you don’t want them to be deleted or certain times you want that before they get terminated a snapshot should be taken. So those aspects can be controlled by the Deletion Policy attribute in cloud formation. So as discussed, Deletion Policy attribute basically allows us to preserve or backup a resource when the stack is deleted. Now, in order to do that, we must specify a Deletion Policy attribute for each resource that we want to control. So in this example, we are creating an S three bucket. You see, the S three bucket is the resource. And within the deletion policy. I have a deletion policy of retain. So whenever I create a stack, it will create a bucket. And when I delete the stack, although the stack will be removed, but the bucket will not be deleted. And the reason is because there is a Deletion policy of type retain. So retain mean do not delete the resource.

So there are two options when we use the Deletion Policy attribute. One is retain and second is snapshot. So as the name itself suggests, whenever we use the Deletion Policy of retain, cloud formation keeps the resource without deleting it. So even if we delete the cloud formation stack, it will not delete the underlying resource which were created. And second is of type snapshot where cloud permission creates the snapshot of the resource before deleting it.

Now, this can be associated with, let’s assume EBS instance or RDS or even Elastic Cache cluster. So let’s assume that you are deleting a stack of RDS and it has a Deletion policy with snapshot altribute. So what cloud formation will do is before it deletes the RDS, it will take the snapshot and after snapshot then it will go ahead and terminate the RDS instance. So this is about the theoretical part. Let’s go ahead and look into the practical aspect. So again, I have a clean slate of Cloud Formations stack.

So let’s do one thing. Let’s go ahead and create a new stack from a design. So I’ll go to my designer and let’s select S three and I’ll go ahead and create a bucket. So automatically it gave us the template of the bucket. Now, if you will see over here within the deletion policy, it is giving us the blank output. So let’s do one thing. Let’s copy this up and I’ll paste it in my item editor. And within the deletion policy, I’ll put Retain. Perfect. So this seems to be quite good. Let’s do one thing. Let’s create a new text file. I’ll copy this a template and I’ll save it as S three JSON. Perfect. So we have our S Three dot JSON which is created. Let’s go to Cloud Formation. Now let’s go to Cloud Formation. I’ll click on Create and use that. And basically I’ll upload the s three dot JSON file.

Click on next. Let’s give it a stack name. I’ll say KP Labs Dell Policy. I’ll click on Next. Next. And I’ll click on Create. So basically, this will go ahead and create a S Three bucket. The S Three bucket which has been created, it has a deletion policy of Retain. So once the S Three bucket is created, after that, even if we delete this specific cloud formation stack, it will not delete the S Three bucket. So let’s just wait for a while for the status to get completed. Perfect. So the creation is completed. So let’s do one thing. Let’s open up our S three. And this is the S Three bucket which got created by the cloud formation. So now let’s do one thing. So this is Kplabs Hyphen Dell Policy.

You see, the bucket name also has KP Labs and Dell Policy. So perfect. So now let’s do one thing. Let’s quickly verify the template. The template has a deletion policy of retail. So in order to test it, let’s go ahead and delete the stack and see whether our S Three bucket gets terminated or not. Perfect. So the stack is now removed. Now, if you go ahead and refresh the page, you see our S Three bucket is still present. And this is what the deletion policy attribute is all about. So as far as Exam is concerned, do remember about what deletion policy attribute are all about. Do remember the two options which we can specify while putting the deletion policy attribute which is Retain and snapshot.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img