I’m not ashamed to admit that I’m somewhat of a newbie when it comes build AWS CloudFormation templates, but that hasn’t stopped me from trying to learn how to harness the power they provide. Thus, last week I spent some time trying to build a CloudFormation template to deploy a Cisco ASAv. At this point, I’m not necessarily trying to make it production ready, but I just wanted to create a “beta” CF template to deploy a new VPC and an Cisco ASAv with 3 interfaces in a management, an outside, and an internal subnet.
Again, because I’m a sorta newbie to CloudFormation templates, I like “cheat sheets”….preferably examples that go beyond the basic syntax you see on the AWS documentation sites (though the examples there are pretty good). Well, in searching for template examples that I find more suitable, I came across a link for AWS CloudFormer. AWS CloudFormer is a template creation tool that creates an AWS CloudFormation template based on AWS resources that currently exist within your account.
I manually built a new VPC with 3 subnets, an Internet and NAT Gateway, as well as a BYOL version of the Cisco ASAv from the AWS Marketplace with NICs for each subnet, then I deployed CloudFormer to create a baseline CloudFormation template of the environment.
Deploying CloudFormer
CloudFormer is easy to deploy as its a CloudFormation template. While logged into your AWS account, open CloudFormation, deploy a new stack, and when prompted to select a template, choose the CloudFormer sample template as shown below.
Depending on how you specify the template details, CloudFormer can be configured to create a new VPC or use an existing one. Either way, an EC2 instance with a public IP address will be created that provides access to the CloudFormer page with the username and password you specify under the Parameters heading.
Using CloudFormer
- When the deployment of the CloudFormer stack is complete, notate the public IP address assigned the instance it creates. Open a web browser, connect to https://publicIP, and enter the credentials you specified in the template details.
- On the AWS CloudFormer page, select the AWS region that contains the resources you wish to serve as the basis of your CloudFormation template and then click Create Template.
- CloudFormer will begin to analyze the account….this could take a minute or two so be patient.
- On the Template Information screen, enter a Template Description and click Continue.
- I won’t provide a screenshot of every option you can select but you’ll step through a process of selecting the resources you want to include in the CloudFormation template. You’ll be prompted to select options for DNS, VPC, VPC Network, VPC Security, Network, Managed Services, Compute, Storage, etc. As a note, VPC Network is where you’ll pick the subnets to include whereas the Network screen is where you’d specify any load balancers, elastic IPs, and CloudFront distributions to include. Additionally, you’ll need to select resources using their ID numbers so be mindful of that.
- On the Summary screen, click Continue. CloudFormer will display the contents of the new CloudFormation template based on the options you selected within the web browser. Click Save Template to save the file to a location on your computer.
At this point, what you really have is a starting point for a new CloudFormation template. What you’ll want to next is “generalize” and “customize” the template to remove specifics so as to use the template repeatedly. The CloudFormer start page offers the following suggestions:
- Add Parameters to enable stacks to be customized at launch
- Add Mappings to allow the template to be customized for specific environments
- Replace static values with “Ref” and “Fn:GetAtt” functions to flow property data between resources
- Remove any static IP addresses, AZs, and other environmental properties to create more generalized configurations
- Use CloudFormation metadata and on-host helper scripts to deploy files, packages, and run commands on EC2 instances
- Customize or add more stack outputs to list important information as needed by the stack user
Conclusion
Though there is still work to do to generalize your CloudFormer templates for production readiness, I found CloudFormer extremely helpful in providing the “cheat sheet” I need to create, generalize, and then customize CloudFormation templates. Over time, as you get familiar with CloudFormation template syntax and structure you may need CloudFormer less and less but if you’re new to CloudFormation or perhaps even get stuck trying to build your own template, CloudFormer has the potential to be a great tool to help you build CloudFormation templates.
“CloudFormer has the potential to be a great tool to help you build CloudFormation templates.”
Totally agree. However, CloudFormer’s lack of support for about 80% of the resources I use (Api-Gateways, Lamdas, etc.) means that for many of us, CloudFormer is not living up to this potential.