Use AWS CloudFormation Designer to modify a stack's template
Note
Infrastructure Composer in CloudFormation console mode is an improvement from AWS CloudFormation Designer. We recommend that you use Infrastructure Composer instead of Designer whenever possible. For more information, see Create templates visually with Infrastructure Composer.
You can use AWS CloudFormation Designer to modify a stack's template, and then submit it to AWS CloudFormation to update the stack. Typically, when you modify a stack, you need to get a copy of its template, modify the template in a text editor, and then use CloudFormation to update the stack. With AWS CloudFormation Designer, you can quickly get a copy of any running stack's template, modify it, and then update the stack without ever leaving the console.
In this walkthrough, we'll start with a basic web server stack, and then modify it so that the web server is scalable and durable.
In this walkthrough, we will complete the following steps:
-
We'll get a copy of a running stack's template; the same basic web server stack in the following walkthrough: Use AWS CloudFormation Designer to create a basic web server.
-
We'll use AWS CloudFormation Designer to modify the stack's template so that your website is scalable and durable by replacing the EC2 instance with an Auto Scaling group and an Elastic Load Balancing load balancer.
-
After saving the modifications, we'll update the basic web server stack with the modified template.
Note
CloudFormation is a free service; however, you are charged for the AWS resources you include in your stacks at the current rate for each. For more information about AWS pricing, see the detail page for each product on http://aws.amazon.com
. -
We'll delete the stack to clean up all of the resources.
Prerequisites
This walkthrough assumes that you have a working knowledge of Amazon Virtual Private Cloud (Amazon VPC), Auto Scaling, Elastic Load Balancing, and CloudFormation. For context, each procedure provides some basic information about each resource.
Additionally, the walkthrough assumes that you completed the following walkthrough: Use
AWS CloudFormation Designer to create a basic web server. From
that walkthrough, you should have a running stack named BasicWebServerStack
.
Step 1: Get a stack template
In this step, we'll use AWS CloudFormation Designer to get and open a copy of a running stack's template.
To get a copy of a running stack's template
-
Open the CloudFormation console at https://console.aws.amazon.com/cloudformation/
. -
From the list of stacks, select the
BasicWebServerStack
. -
Choose Actions, and then View/Edit template in Designer.
CloudFormation gets a copy of the BasicWebServerStack
stack's template and
displays it in AWS CloudFormation Designer, where you can view the template resources and their relationships.
In the following step, we'll use AWS CloudFormation Designer to modify the template.
Step 2: Modify a template
We'll modify the basic web server template by using AWS CloudFormation Designer's drag-and-drop interface and integrated JSON and YAML editor to replace the single Amazon EC2 instance with an Auto Scaling group and load balancer to make the web site scalable. If traffic to the web site suddenly increases, use Auto Scaling to quickly increase the number of web servers. The load balancer will equally distributes the traffic among the instances.
To modify a stack template
-
Remove the
WebServerInstance
resource.-
Right-click the
WebServerInstance
resource. -
From the resource menu, choose Delete (trash can icon).
-
Choose OK to confirm.
-
-
From the Resource types pane, add the following resources into the
PublicSubnet
resource: AutoScalingGroup, LaunchConfiguration, and LoadBalancer. Before adding resources, you might need to expand the subnet to include all the resources.The resources are organized by resource categories. The Auto Scaling group and launch configuration are in the AutoScaling category, and the load balancer is in the ElasticLoadBalancing category.
Note
These resources don't follow the container model, so AWS CloudFormation Designer doesn't automatically associate them with the subnet. We'll create connections later on in this step.
-
From the Resource types pane in the EC2 category, add the SecurityGroup resource anywhere in the VPC except in the subnet.
This security group will control the inbound and outbound traffic of the load balancer.
-
Rename the resources to make them easier to identify:
-
Rename AutoScalingGroup to
WebServerFleet
-
Rename LaunchConfiguration to
WebServerLaunchConfig
-
Rename LoadBalancer to
PublicElasticLoadBalancer
-
Rename SecurityGroup to
PublicLoadBalancerSecurityGroup
-
-
Create associations for the resources that you added.
-
Associate the load balancer and Auto Scaling group resources with the public subnet:
-
From the
PublicElasticLoadBalancer
resource, drag theAWS::EC2::Subnet (Property: Subnets)
connection to thePublicSubnet
resource. -
From the
WebServerFleet
resource, drag theAWS::EC2::Subnet (Property: VPCZoneIdentifier)
connection to thePublicSubnet
resource.
-
-
Associate the load balancer with its security group:
-
From the
PublicElasticLoadBalancer
resource, drag theAWS::EC2::SecurityGroup (Property: SecurityGroups)
connection to thePublicLoadBalancerSecurityGroup
resource.
-
-
Associate the Auto Scaling group with the load balancer and launch configuration:
-
From the
WebServerFleet
resource, drag theAWS::ElasticLoadBalancing::LoadBalancer (Property: LoadBalancerNames)
connection to thePublicElasticLoadBalancer
resource. -
From the
WebServerFleet
resource, drag theAWS::ElasticLoadBalancing::LaunchConfiguration (Property: LaunchConfigurationName)
connection to theWebServerLaunchConfig
resource.
-
-
Associate the launch configuration with the security group:
-
From the
WebServerLaunchConfig
resource, drag theAWS::EC2::SecurityGroup (Property: SecurityGroups)
connection to theWebServerSecurityGroup
resource.
-
-
Define a dependency for the Auto Scaling group to the public route:
-
From the
WebServerFleet
resource, drag theDependsOn
connection to thePublicRoute
resource.
This dependency means that CloudFormation won't create the
WebServerFleet
resource until the public route is complete. Otherwise, if the public route isn't available when the web server instances are starting up, they won't be able to send signals (using the cfn-signal helper script) to notify CloudFormation when their configurations and application deployments are complete. -
-
-
Specify the properties for the resources that you added.
-
On the AWS CloudFormation Designer canvas, choose the
PublicElasticLoadBalancer
resource. -
In the integrated editor pane, choose the Properties tab, and then copy the following snippet and paste it between the Properties braces (
{}
).AWS CloudFormation Designer automatically added the security group and subnet association, so you need to add only the
Listeners
andHealthCheck
properties. TheListeners
property specifies where and what type of traffic to listen for, and theHealthCheck
property describes the settings for determining the health status of the load balancer.JSON
"Listeners": [ { "LoadBalancerPort": "80", "InstancePort": "80", "Protocol": "HTTP" } ], "HealthCheck": { "Target": "HTTP:80/", "HealthyThreshold": "3", "UnhealthyThreshold": "5", "Interval": "90", "Timeout": "60" }, "SecurityGroups": [ { "Ref": "PublicLoadBalancerSecurityGroup" } ], "Subnets": [ { "Ref": "PublicSubnet" } ]
YAML
Listeners: - LoadBalancerPort: '80' InstancePort: '80' Protocol: HTTP HealthCheck: Target: 'HTTP:80/' HealthyThreshold: '3' UnhealthyThreshold: '5' Interval: '90' Timeout: '60' SecurityGroups: - !Ref PublicLoadBalancerSecurityGroup Subnets: - !Ref PublicSubnet
-
Repeat this process for the following resources:
WebServerFleet
-
Add the
MaxSize
,MinSize
, andDesiredCapacity
properties. These properties specify the maximum and minimum number of instances that you can launch in the Auto Scaling group and the initial number of instances to start with. The desired capacity value refers to a new parameter, which we'll add later in this procedure.JSON
"MinSize": "1", "MaxSize": "10", "DesiredCapacity": { "Ref": "WebServerCount" }, "VPCZoneIdentifier": [ { "Ref": "PublicSubnet" } ], "LaunchConfigurationName": { "Ref": "WebServerLaunchConfig" }, "LoadBalancerNames": [ { "Ref": "PublicElasticLoadBalancer" } ]
YAML
MinSize: '1' MaxSize: '10' DesiredCapacity: !Ref WebServerCount VPCZoneIdentifier: - !Ref PublicSubnet LaunchConfigurationName: !Ref WebServerLaunchConfig LoadBalancerNames: - !Ref PublicElasticLoadBalancer
PublicLoadBalancerSecurityGroup
-
Add the following inbound and outbound rules that determine the traffic that can reach and leave the load balancer. The rules allows all HTTP traffic to reach and leave the load balancer.
JSON
"GroupDescription": "Public Elastic Load Balancing security group with HTTP access on port 80 from the Internet", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": 80, "ToPort": 80, "CidrIp": "0.0.0.0/0" } ], "SecurityGroupEgress": [ { "IpProtocol": "tcp", "FromPort": 80, "ToPort": 80, "CidrIp": "0.0.0.0/0" } ], "VpcId": { "Ref": "VPC" }
YAML
GroupDescription: >- Public Elastic Load Balancing security group with HTTP access on port 80 from the Internet SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 SecurityGroupEgress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 VpcId: !Ref VPC
WebServerSecurityGroup
-
Modify the HTTP inbound rule to allow only traffic from the load balancer.
JSON
"GroupDescription": "Allow access from load balancer and SSH traffic", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": 80, "ToPort": 80, "SourceSecurityGroupId": { "Ref": "PublicLoadBalancerSecurityGroup" } }, { "IpProtocol": "tcp", "FromPort": 22, "ToPort": 22, "CidrIp": { "Ref": "SSHLocation" } } ], "VpcId": { "Ref": "VPC" }
YAML
VpcId: !Ref VPC GroupDescription: Allow access from load balancer and SSH traffic SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 SourceSecurityGroupId: !Ref PublicLoadBalancerSecurityGroup - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: !Ref SSHLocation
WebServerLaunchConfig
-
The launch configuration has a number of different properties that you need to specify, so we'll highlight just a few of them. The
InstanceType
andImageId
properties use the parameter and mapping values that were already specified in the template. You specify the instance type as a parameter value when you create a stack. TheImageId
value is a mapping that's based on your stack's region and the instance type that you specified.In the
UserData
property, we specify configurations scripts that run after the instance is up and running. The configuration information is defined in the instance's metadata, which we'll add in the next step.JSON
"InstanceType": { "Ref": "InstanceType" }, "ImageId": { "Fn::FindInMap": [ "AWSRegionArch2AMI", { "Ref": "AWS::Region" }, { "Fn::FindInMap": [ "AWSInstanceType2Arch", { "Ref": "InstanceType" }, "Arch" ] } ] }, "KeyName": { "Ref": "KeyName" }, "AssociatePublicIpAddress": "true", "UserData": { "Fn::Base64": { "Fn::Join": [ "", [ "#!/bin/bash -xe\n", "yum install -y aws-cfn-bootstrap\n", "# Install the files and packages from the metadata\n", "/opt/aws/bin/cfn-init -v ", " --stack ", { "Ref": "AWS::StackName" }, " --resource WebServerLaunchConfig ", " --configsets All ", " --region ", { "Ref": "AWS::Region" }, "\n", "# Signal the status from cfn-init\n", "/opt/aws/bin/cfn-signal -e $? ", " --stack ", { "Ref": "AWS::StackName" }, " --resource WebServerFleet ", " --region ", { "Ref": "AWS::Region" }, "\n" ] ] } }, "SecurityGroups": [ { "Ref": "WebServerSecurityGroup" } ]
YAML
InstanceType: !Ref InstanceType ImageId: !FindInMap - AWSRegionArch2AMI - !Ref 'AWS::Region' - !FindInMap - AWSInstanceType2Arch - !Ref InstanceType - Arch KeyName: !Ref KeyName AssociatePublicIpAddress: 'true' UserData: !Base64 'Fn::Join': - '' - - | #!/bin/bash -xe - | yum install -y aws-cfn-bootstrap - | # Install the files and packages from the metadata - '/opt/aws/bin/cfn-init -v ' - ' --stack ' - !Ref 'AWS::StackName' - ' --resource WebServerLaunchConfig ' - ' --configsets All ' - ' --region ' - !Ref 'AWS::Region' - |+ - | # Signal the status from cfn-init - '/opt/aws/bin/cfn-signal -e $? ' - ' --stack ' - !Ref 'AWS::StackName' - ' --resource WebServerFleet ' - ' --region ' - !Ref 'AWS::Region' - |+ SecurityGroups: - !Ref WebServerSecurityGroup
-
-
Add the launch configuration metadata to the
WebServerLaunchConfig
resource, which instructs the cfn-init helper script to start the web server and create a basic web page.-
Choose the
WebServerLaunchConfig
resource, and then choose the Metadata tab in the integrated editor. -
If you are authoring your template in JSON: Within the
Metadata
braces ({}
), after theAWS::CloudFormation::Designer
closing brace, add a comma (,
). -
Add the following snippet, which instructs the cfn-init helper script to start the web server and create a basic web page, after the
AWS::CloudFormation::Designer
property.JSON
"AWS::CloudFormation::Init" : { "configSets" : { "All" : [ "ConfigureSampleApp" ] }, "ConfigureSampleApp" : { "packages" : { "yum" : { "httpd" : [] } }, "files" : { "/var/www/html/index.html" : { "content" : { "Fn::Join" : ["\n", [ "<h1>Congratulations, you have successfully launched the AWS CloudFormation sample.</h1>" ]]}, "mode" : "000644", "owner" : "root", "group" : "root" } }, "services" : { "sysvinit" : { "httpd" : { "enabled" : "true", "ensureRunning" : "true" } } } } }
YAML
'AWS::CloudFormation::Init': configSets: All: - ConfigureSampleApp ConfigureSampleApp: packages: yum: httpd: [] files: /var/www/html/index.html: content: !Join - |+ - - >- <h1>Congratulations, you have successfully launched the AWS CloudFormation sample.</h1> mode: '000644' owner: root group: root services: sysvinit: httpd: enabled: 'true' ensureRunning: 'true'
-
-
Add the
WebServerCount
parameter. This parameter specifies how many instances to create when CloudFormation creates the Auto Scaling group.-
Select on an open area on the AWS CloudFormation Designer canvas.
-
In the integrated editor pane, choose the Parameters tab.
-
Add the following parameter in the integrated editor. If you're authoring the template in JSON, add a comma as needed.
JSON
"WebServerCount": { "Description": "Number of Amazon EC2 instances to launch for the WebServer server", "Type": "Number", "Default": "1" }
YAML
WebServerCount: Description: Number of Amazon EC2 instances to launch for the WebServer server Type: Number Default: '1'
-
-
Modify the template output to show the DNS name of the load balancer.
-
In the integrated editor pane, choose the Outputs tab.
-
Modify the JSON to use the load balancer DNS name, as shown in the following snippet.
JSON
{ "Outputs": { "URL": { "Value": { "Fn::GetAtt": [ "PublicElasticLoadBalancer", "DNSName" ] }, "Description": "Newly created application URL" } } }
If you're authoring your template in YAML, use the following snippet.
Outputs: URL: Value: !GetAtt - PublicElasticLoadBalancer - DNSName Description: Newly created application URL
-
-
On the AWS CloudFormation Designer toolbar, choose Validate template (check box icon) to check for syntax errors in your template.
View and fix errors in the Messages pane, and then validate the template again. If you don't see errors, your template is syntactically valid.
-
From the AWS CloudFormation Designer toolbar, save the template locally by choosing File menu (the file icon) and then Save.
You now have a modified CloudFormation template that you can use to update the basic web server stack. In the next step, we'll use this template to update the basic web server stack.
Step 3: Update the stack
To implement your template changes, we need to update the basic web server stack. You can launch the CloudFormation Update Stack Wizard directly from AWS CloudFormation Designer.
To update the stack
-
On the AWS CloudFormation Designer toolbar, choose Create Stack (cloud icon with up arrow).
AWS CloudFormation Designer saves the opened template in an S3 bucket and then launches the CloudFormation Update Stack Wizard. Because we modified the
BasicWebServerStack
stack's template, CloudFormation launches the Update Stack Wizard for that stack. -
CloudFormation automatically populates the template URL; choose Next.
-
In the Stack section, in the Name field, verify that the stack name is
BasicWebServerStack
. -
In the Parameters section, use the existing values; choose Next.
-
For this walkthrough, you don't need to add tags or specify advanced settings, so choose Next.
-
Ensure that the stack name is correct, and then choose Update.
It can take several minutes for CloudFormation to update your stack. To monitor progress, view the stack events. For more information, see View stack information from the CloudFormation console. After the stack is updated, view the stack outputs and go to the website URL to verify that the website is running. For more information, see View stack information from the CloudFormation console. You successfully updated a template and a stack using AWS CloudFormation Designer.
To ensure that you aren't charged for unwanted services, you can delete this stack.
Step 4: Clean up resources
To make sure you aren't charged for unwanted services, delete your stack and it's resources.
To delete the stack
-
From the CloudFormation console, choose the BasicWebServerStack stack.
-
Choose Delete Stack.
-
In the confirmation message, choose Yes, Delete.
It can take several minutes for CloudFormation to delete your stack. To monitor progress, view the stack events. After the stack is deleted, all the resources that you created are deleted. Now that you understand how to use AWS CloudFormation Designer, you can use it to build and modify your own templates.