1
00:00:06,336 --> 00:00:08,220
- Now let's run through a demo

2
00:00:08,220 --> 00:00:12,531
of creating resources
with AWS Cloudformation.

3
00:00:12,531 --> 00:00:14,759
Here we are back at the console.

4
00:00:14,759 --> 00:00:16,608
From here, from the dashboard,

5
00:00:16,608 --> 00:00:19,525
I'm gonna click on Cloud Formation.

6
00:00:21,780 --> 00:00:25,222
From here you can see we
don't have any stacks yet.

7
00:00:25,222 --> 00:00:28,180
Before we get into creating a stack,

8
00:00:28,180 --> 00:00:30,558
I want to show you a
template that I've created

9
00:00:30,558 --> 00:00:33,121
that will create a VPC,

10
00:00:33,121 --> 00:00:34,107
subnets,

11
00:00:34,107 --> 00:00:35,065
an internet gateway,

12
00:00:35,065 --> 00:00:37,448
and a few other things.

13
00:00:37,448 --> 00:00:40,147
So here's our template.

14
00:00:40,147 --> 00:00:41,799
Again, we have our parameters,

15
00:00:41,799 --> 00:00:45,903
which will specify some
CIDR ranges four our VPC

16
00:00:45,903 --> 00:00:48,384
and for various subnets.

17
00:00:48,384 --> 00:00:50,706
And then you can see
the rest of the template

18
00:00:50,706 --> 00:00:53,068
is dedicated to creating resources.

19
00:00:53,068 --> 00:00:54,729
We have route tables,

20
00:00:54,729 --> 00:00:55,812
network ACLs.

21
00:00:56,999 --> 00:00:58,666
We have ACL entries.

22
00:01:01,478 --> 00:01:02,908
A little bit farther down here,

23
00:01:02,908 --> 00:01:04,591
here's our VPC.

24
00:01:04,591 --> 00:01:06,727
You can see we're referencing

25
00:01:06,727 --> 00:01:08,701
the CIDR parameter.

26
00:01:08,701 --> 00:01:10,846
We're also going to tag this

27
00:01:10,846 --> 00:01:15,213
and reference the stack
name that we give our stack.

28
00:01:15,213 --> 00:01:18,361
And you can see this template
does get fairly involved.

29
00:01:18,361 --> 00:01:20,807
There's quite a bit going on here.

30
00:01:20,807 --> 00:01:22,912
There's quite a number of resources

31
00:01:22,912 --> 00:01:27,079
that are being created and
managed by this template.

32
00:01:28,174 --> 00:01:30,063
I would recommend looking for tools.

33
00:01:30,063 --> 00:01:32,185
There are a number of tools out there

34
00:01:32,185 --> 00:01:35,207
that will help create
these templates for you.

35
00:01:35,207 --> 00:01:37,366
One of them is, of course,

36
00:01:37,366 --> 00:01:40,283
the designer within Cloudformation.

37
00:01:42,002 --> 00:01:45,426
We can use the designer
which is just a rich UI

38
00:01:45,426 --> 00:01:47,494
and drag and drop tool set.

39
00:01:47,494 --> 00:01:50,674
There are other services
out there such as VisualOps

40
00:01:50,674 --> 00:01:52,734
just to name one.

41
00:01:52,734 --> 00:01:56,299
And these tools can
allow you drag and drop

42
00:01:56,299 --> 00:01:57,367
different resources

43
00:01:57,367 --> 00:01:59,866
and they will create the template for you.

44
00:01:59,866 --> 00:02:03,819
So, a template as rich as
this one and as complex

45
00:02:03,819 --> 00:02:07,746
can be challenging to
start writing from scratch

46
00:02:07,746 --> 00:02:11,823
just because there's a lot of
room for syntactical error.

47
00:02:11,823 --> 00:02:15,549
But as long as you're
using an appropriate editor

48
00:02:15,549 --> 00:02:17,937
that can highlight errors like this

49
00:02:17,937 --> 00:02:19,693
by causing a syntax error

50
00:02:19,693 --> 00:02:21,583
we'd get a highlight there,

51
00:02:21,583 --> 00:02:24,404
then that does make it a lot easier.

52
00:02:24,404 --> 00:02:28,571
So, from here, I'm going to
just say create a new stack.

53
00:02:29,638 --> 00:02:31,638
I'm going to upload one.

54
00:02:35,717 --> 00:02:38,134
I'm gonna choose my VPC.JSON.

55
00:02:41,435 --> 00:02:43,185
I'm gonna click Next.

56
00:02:44,393 --> 00:02:48,060
And of course it'll ask
us for a stack name.

57
00:02:49,226 --> 00:02:51,886
I'm gonna call this one AWS

58
00:02:51,886 --> 00:02:52,719
live ...

59
00:02:53,905 --> 00:02:55,632
lessons ...

60
00:02:55,632 --> 00:02:56,465
VPC.

61
00:02:59,956 --> 00:03:03,413
And this one is going to create ...

62
00:03:03,413 --> 00:03:04,559
a VPC

63
00:03:04,559 --> 00:03:07,543
and it's gonna give us
three private subnets

64
00:03:07,543 --> 00:03:10,052
and three public subnets.

65
00:03:10,052 --> 00:03:12,402
Typo there in my
description, but that's okay.

66
00:03:12,402 --> 00:03:15,423
As long as my parameters
are named correctly,

67
00:03:15,423 --> 00:03:18,246
that's really what matters
in this particular case.

68
00:03:18,246 --> 00:03:20,770
So, I'm going to choose,

69
00:03:20,770 --> 00:03:24,937
for this example I'm
gonna choose 10.10.0.0/16.

70
00:03:29,615 --> 00:03:31,370
And for my private subnets,

71
00:03:31,370 --> 00:03:34,620
I'm gonna go with 10.0.0/24,

72
00:03:38,872 --> 00:03:40,622
10.1.0/24,

73
00:03:44,387 --> 00:03:46,720
and 10.10.2.0/24.

74
00:03:50,759 --> 00:03:54,576
So those three ranges will
be my private subnets.

75
00:03:54,576 --> 00:03:56,062
I'm gonna copy those.

76
00:03:56,062 --> 00:03:59,188
This is just a comma delimited list.

77
00:03:59,188 --> 00:04:03,355
So my private subnets need
to be three different ranges.

78
00:04:05,037 --> 00:04:07,588
So I left off at two.

79
00:04:07,588 --> 00:04:09,671
So here I can do 10.10.3,

80
00:04:13,363 --> 00:04:14,196
10.10.4,

81
00:04:15,976 --> 00:04:16,976
and 10.10.5.

82
00:04:19,110 --> 00:04:21,706
Just want to glance at that
real quick and make sure

83
00:04:21,706 --> 00:04:26,355
I'm not missing any periods
or slashes or whatnot.

84
00:04:26,355 --> 00:04:28,777
Alright, I'm gonna click next.

85
00:04:28,777 --> 00:04:32,944
And here I have the opportunity
to tag my resources.

86
00:04:34,062 --> 00:04:38,066
So I might want to add
like an environment tag

87
00:04:38,066 --> 00:04:40,725
such as dev, stage, production,

88
00:04:40,725 --> 00:04:42,279
so on and so forth.

89
00:04:42,279 --> 00:04:45,279
I might want to call add a name tag.

90
00:04:49,656 --> 00:04:53,183
Or maybe I want to call
this one networking.

91
00:04:53,183 --> 00:04:54,724
Now I do want to point out something

92
00:04:54,724 --> 00:04:56,135
under the advanced tab.

93
00:04:56,135 --> 00:04:59,162
We do have the option to get notifications

94
00:04:59,162 --> 00:05:02,234
from this Cloudformation stack

95
00:05:02,234 --> 00:05:03,961
if it were to fail or succeed,

96
00:05:03,961 --> 00:05:06,686
we could get those by leveraging the

97
00:05:06,686 --> 00:05:09,604
Amazon Simple Notification Service.

98
00:05:09,604 --> 00:05:11,849
Another important point here is

99
00:05:11,849 --> 00:05:13,168
the Rollback on Failure.

100
00:05:13,168 --> 00:05:14,721
This defaults to Yes.

101
00:05:14,721 --> 00:05:18,973
So let's say that we get
90% of the way through.

102
00:05:18,973 --> 00:05:22,334
We've created nine out
of the 10 resources.

103
00:05:22,334 --> 00:05:25,558
And right there on the 10th
resource there is an error

104
00:05:25,558 --> 00:05:29,203
that prevents that
resource from being created

105
00:05:29,203 --> 00:05:33,483
and as a result prevents the
entire stack from completing.

106
00:05:33,483 --> 00:05:37,882
Rollback on Failure, if we
have this checked as Yes,

107
00:05:37,882 --> 00:05:41,607
that would essentially
stop the stack creation

108
00:05:41,607 --> 00:05:45,685
and then go back and delete
all of those nine resources

109
00:05:45,685 --> 00:05:46,953
that were successful.

110
00:05:46,953 --> 00:05:49,206
And it would roll it back
all the way to the beginning

111
00:05:49,206 --> 00:05:51,057
as if nothing ever happened.

112
00:05:51,057 --> 00:05:52,985
Sometimes you want that,

113
00:05:52,985 --> 00:05:54,526
but in other cases,

114
00:05:54,526 --> 00:05:57,129
by having it Rollback on Failure,

115
00:05:57,129 --> 00:05:59,477
if there was a problem,

116
00:05:59,477 --> 00:06:03,544
and then it rolled back
and deleted that resource,

117
00:06:03,544 --> 00:06:05,673
that could make it
difficult to troubleshoot

118
00:06:05,673 --> 00:06:07,349
what the problem was.

119
00:06:07,349 --> 00:06:09,424
So a lot of times I will say no,

120
00:06:09,424 --> 00:06:11,044
don't Rollback on Failure.

121
00:06:11,044 --> 00:06:13,505
Just stop there, leave everything in place

122
00:06:13,505 --> 00:06:16,526
so that I have an opportunity to go in

123
00:06:16,526 --> 00:06:18,535
and do some troubleshooting.

124
00:06:18,535 --> 00:06:21,063
So, from there we'll click next

125
00:06:21,063 --> 00:06:22,802
just to review this real quick.

126
00:06:22,802 --> 00:06:24,568
We have our stack name.

127
00:06:24,568 --> 00:06:27,889
We have the CIDR range of our VPC.

128
00:06:27,889 --> 00:06:31,614
We have our six private subnet ranges.

129
00:06:31,614 --> 00:06:34,781
And I'm gonna go ahead and hit Create.

130
00:06:35,779 --> 00:06:39,590
You can see our stack is
now actually creating.

131
00:06:39,590 --> 00:06:42,023
On the events tab we
can see things coming in

132
00:06:42,023 --> 00:06:44,478
in pretty much real time

133
00:06:44,478 --> 00:06:47,315
as different resources are being created.

134
00:06:47,315 --> 00:06:49,285
You can see I've got an internet gateway,

135
00:06:49,285 --> 00:06:51,285
a VPC being initialized.

136
00:06:53,102 --> 00:06:53,935
There we go,

137
00:06:53,935 --> 00:06:56,854
our gateway and our VPC are both complete.

138
00:06:56,854 --> 00:07:00,038
Some subnets and route
tables and security groups

139
00:07:00,038 --> 00:07:01,521
that still need to be created.

140
00:07:01,521 --> 00:07:03,347
So we're still waiting on those.

141
00:07:03,347 --> 00:07:04,804
I'm gonna hit refresh.

142
00:07:04,804 --> 00:07:05,884
You can see that.

143
00:07:05,884 --> 00:07:08,705
Here are all of our network ACL entries,

144
00:07:08,705 --> 00:07:09,622
our routes,

145
00:07:10,620 --> 00:07:13,453
a few other things have completed.

146
00:07:15,018 --> 00:07:17,156
While that's going I can
show you a few other things,

147
00:07:17,156 --> 00:07:18,948
like the template itself.

148
00:07:18,948 --> 00:07:22,755
We can see the template that's being used.

149
00:07:22,755 --> 00:07:26,052
We can see the parameters that we entered.

150
00:07:26,052 --> 00:07:29,746
We can see the tags that we applied.

151
00:07:29,746 --> 00:07:32,208
We can also go back here
and see the resources.

152
00:07:32,208 --> 00:07:34,633
These are all of the various resources

153
00:07:34,633 --> 00:07:37,834
that are being managed under the umbrella

154
00:07:37,834 --> 00:07:40,217
of this particular stack.

155
00:07:40,217 --> 00:07:42,544
And like I mentioned before,

156
00:07:42,544 --> 00:07:44,001
all of these things,

157
00:07:44,001 --> 00:07:45,889
if we were to do this manually,

158
00:07:45,889 --> 00:07:47,053
look at all these resources.

159
00:07:47,053 --> 00:07:48,785
It would take time.

160
00:07:48,785 --> 00:07:50,495
It would take a lot of time.

161
00:07:50,495 --> 00:07:51,720
Even just to do it once,

162
00:07:51,720 --> 00:07:53,542
let alone to do it multiple times

163
00:07:53,542 --> 00:07:57,284
across multiple environments
or multiple regions.

164
00:07:57,284 --> 00:08:00,062
And then of course we have
the human error factor.

165
00:08:00,062 --> 00:08:01,832
So, you can see that,

166
00:08:01,832 --> 00:08:05,415
even just with a simple
template like this,

167
00:08:07,018 --> 00:08:11,517
that the Cloudformation
service makes managing

168
00:08:11,517 --> 00:08:13,945
all of these resources a whole lot easier.

169
00:08:13,945 --> 00:08:15,632
At some point if we decide that

170
00:08:15,632 --> 00:08:17,751
we no longer need these resources,

171
00:08:17,751 --> 00:08:20,532
we can just simply highlight this stack,

172
00:08:20,532 --> 00:08:22,462
go up here and say delete.

173
00:08:22,462 --> 00:08:24,245
And then it will handle the deletion

174
00:08:24,245 --> 00:08:26,334
of all of those resources for us.

175
00:08:26,334 --> 00:08:27,565
And there we go.

176
00:08:27,565 --> 00:08:31,156
Our stack has gone into
the create complete status.

177
00:08:31,156 --> 00:08:33,977
We can see here that all of our resources

178
00:08:33,977 --> 00:08:36,798
have completed their creation.

179
00:08:36,798 --> 00:08:40,333
We can see here are all of our resources

180
00:08:40,333 --> 00:08:43,824
and now of course if I were to go back to,

181
00:08:43,824 --> 00:08:45,491
let's go back to VPC

182
00:08:46,855 --> 00:08:49,888
and I'll show you that here we are.

183
00:08:49,888 --> 00:08:52,169
We have the new VPC that was just created,

184
00:08:52,169 --> 00:08:53,502
the 10.10 range.

185
00:08:54,613 --> 00:08:58,113
And you can see that we have three private

186
00:08:59,837 --> 00:09:01,504
and three public ...

187
00:09:02,982 --> 00:09:03,815
subnets.

188
00:09:04,952 --> 00:09:07,119
We have some route tables.

189
00:09:08,690 --> 00:09:11,553
We have an internet gateway.

190
00:09:11,553 --> 00:09:15,682
We also have some network
ACLs for public traffic

191
00:09:15,682 --> 00:09:17,841
and for back-end private traffic

192
00:09:17,841 --> 00:09:22,202
along with corresponding
network ACL entries.

193
00:09:22,202 --> 00:09:23,498
So, again,

194
00:09:23,498 --> 00:09:26,077
these were a lot of individual resources

195
00:09:26,077 --> 00:09:29,271
that were created very
quickly and very easily

196
00:09:29,271 --> 00:09:32,863
by leveraging the Cloudformation service.

197
00:09:32,863 --> 00:09:35,696
So just to go back real quick

198
00:09:35,696 --> 00:09:37,029
and review that.

199
00:09:37,950 --> 00:09:39,367
All we did was,

200
00:09:39,367 --> 00:09:40,717
you know we created a stack,

201
00:09:40,717 --> 00:09:42,432
we uploaded our template,

202
00:09:42,432 --> 00:09:44,197
added a few parameters,

203
00:09:44,197 --> 00:09:46,762
and allowed the Cloudformation engine

204
00:09:46,762 --> 00:09:50,929
to build the resources that
were specified in this template.

205
00:09:52,161 --> 00:09:56,328
So that is creating resources
with AWS Cloudformation.