Orchestrates large Cloudformation deployments
This is a script that will help you deploy your Cloudformation project without hassle:
- Handle Cloudformation deployments of any scale
- Allow to do multiple deployments of the same code with a different installation name
- Automate Lambda code handling
- Get rid of hard dependencies of Cloudformation Exports, instead pass around Output values between stacks
- Package the whole deployment in a Docker image and version it
- Automatically create an S3 bucket according to the project name
- Upload the Cloudformation templates into the bucket
- Package and checksum your Lambda code and upload it into the bucket
- Upload arbitrary artifacts into the bucket so that they are available to your deployment
- Create and manage Cloudformation stacks
- Create, roll out and manage Stacksets
You need a Mac or a Linux machine/VM to run the Seed. Windows is not supported, but it may work on Windows too if you really want it to.
You need to have Docker on the workstation.
Every Cloudformation template you use has to have 4 mandatory parameters that will be supplied by the Seed:
TemplatesS3Bucket- the Seed will automatically create an S3 bucket and every template will have its name passed down in this parameter, so it can be made available to Lambda functions, autoscaling groups, e.t.c.
InstallationName- installation name is what makes you able to deploy your project multiple times without name clashes. Every template will have it in this parameter and you have to use it in the names of your resources to make them unique across multiple installations
RuntimeEnvironment- name of the runtime environment (read Deployment configuration)
Route53ZoneDomain- DNS domain associated with your deployment. The Seed doesn't require it to exist, you can use it as part of your resource naming convention
Here's a snippet you can copy and paste:
Parameters: TemplatesS3Bucket: Type: String Description: S3 Bucket with the components templates InstallationName: Type: String Description: Unique DNS stack installation name RuntimeEnvironment: Type: String Description: The runtime environment config tag Default: dev Route53ZoneDomain: Type: String Description: Route53 zone domain that represents the environment
First things first:
- Create a new directory for your project
- Copy everything from the
examplesdirectory to the root of the project
parameters/dev.yamlto your needs
- Add more templates with
.cf.yamlextensions under the
cloudformationdirectory and include them in
Authenticate to AWS using your method of choice, make sure that you have set the AWS Region you need for deployment. Run
cloudformation-seed -c my-project -i x0 -e dev -d my.domain.cld deploy
Take the dockerfiles and makefiles from the
examples directory and massage them around to suit your needs.
The Seed will automatically create an S3 bucket for operating the deployment. The name of the bucket is derived from the installation name and project name from
Makefile.particulars. The name of the bucket will be passed down to every Cloudformation template in your deployment as
RUNTIME_ENVIRONMENT=dev clause in the deployment directive points to the configuration file
dev.yaml located under the
You can have multiple runtime environments for the same project with different configuration, for example if you have dev, test and prod environments that reuse the same Cloudformation but need different configuration, for example VPC and subnet IDs.
A runtime environment is a YAML file that:
- defines the sequence in which the Cloudformation stacks will be deployed
- sets parameters for the Cloudformation stacks
The runtime environment contains two sections:
In this section you can specify Cloudformation parameters that will be picked up by every stack in the deployment as a default value (i.e. if a stack has the same parameter on it it will take precedence)
common-parameters: VpcId: vpc-00000000
You can use
!StackOutput (read below) in
common-parameters and it will work as expected.
common-parameters you can also use YAML anchors like this:
SAMLUsername: &SAML_USERNAME okta_sso stacks: - name: centralservices-iam-set type: stackset template: sets/iam.cf.yaml parameters: SSMLogsLambdaS3Key: !LambdaZip ssmLogsConfig.zip SAMLUsername: *SAML_USERNAME
You can also tag your stacks/stacksets by defining your tags as a dictionary and referencing them using the YAML anchors within your stacks like this:
tags_a: &TAGSA testkey1: testvalue1 testkey2: testvalue2 tags_b: &TAGSB testkey3: testvalue3 stacks: - name: example-stackset-template type: stackset template: sets/example-stackset-template.cf.yaml rollout: - account: '000000000000' tags: *TAGA - name: my-project-kms-decrypt-lambda template: support/kms-parameters-lambda.cf.yaml parameters: LambdaSourceS3Key: !LambdaZip kmsParameters.zip tags: *TAGSB
Main configuration where you describe the Cloudformation stacks you want to deploy.
stacks: - name: in-cld-managed-zone # name of the CF stack, INSTALLATION_NAME will be prepended template: centralservices/r53-zone.cf.yaml # CF template relative to cloudformation directory parameters: # Parameters to the CF stack ManagedZoneDomainName: in.cld ManagingAccountArns: arn:aws:iam::000000000000:root - name: in-cld-provisioning # name of CF stack, INSTALLATION_NAME will be prepended template: centralservices/r53-provisioning.cf.yaml # CF template relative to cloudformation directory parameters: LambdaSourceS3Key: !LambdaZip provisionR53.zip # points to the lambda function under src/provisionR53 (read below) SharedServiceR53ZoneRoleArn: !StackOutput in-cld-managed-zone.ManagedZoneCrossAccountRole # will take the output called ManagedZoneCrossAccountRole from the above stack called in-cld-managed-zone Route53DomainName: !StackOutput in-cld-managed-zone.ManagedZoneDomainName ExportOutputs: 'false' # put numbers and booleans in quotes - name: centralservices-iam-set type: stackset # set type to stackset template: sets/iam.cf.yaml parameters: # parameters to the StackSet SSMLogsLambdaS3Key: !LambdaZip ssmLogsConfig.zip SAMLUsername: *SAML_USERNAME SAMLProviderName: *SAML_PROVIDER_NAME pilot: # when StackSet is updated only update instances in these accounts accounts: - '000000000000' rollout: # manage StackSet instances - account: '000000000000' override: # parameter override Route53ZoneDomain: prod.innablr.lan - account: '111111111111' regions: # in this account it goes into two regions - ap-southeast-2 - eu-west-1 override: Route53ZoneDomain: preprod.innablr.lan - account: '222222222222' override: Route53ZoneDomain: dev.innablr.lan - account: '999999999999' regions:  # this is how you delete an instance override: Route53ZoneDomain: dontwant.innablr.lan
Automated Lambda functions
If your deployment contains Lambda function they can be handled by the Seed automatically. In the
examples directory you can find an example of a Lambda function called
- Create a directory under
srcfor your Lambda, say
- Do the development
- Create a
Makefilein the directory you have created and make sure that the default target of the Makefile produces a zip-file, say
- In your runtime environment configuration use
!LambdaZip kmsParameters.zipto pass the zip-file name to the CloudFormation template (see the example above)
If your Lambda function is used in a StackSet and needs to be available from other AWS accounts make sure that you give access to the Seed bucket from those accounts. Refer to the stack
bucket-policy.cf.yaml that is included in the examples.
If you want to include any configuration objects for your software or other relatively lightweight artifacts you can create a directory called
config/<runtime_environment> under the root of your project and anything you put in this directory will be uploaded in the Seed S3 bucket under a key called
Let's say you have
config/dev/myapp_cert.pem and you deploy a runtime configuration called
dev. The file will be uploaded in the bucket as
In the runtime environment configuration you can use the following tags in stack parameters specification:
!LambdaZip kmsParameters.zip- will pass the correct S3 key to the uploaded kmsParameters.zip, so you can use it in your Lambda resources together with
!CloudformationTemplate support/bucket-policy.cf.yaml- works very similar to
!Lambdazipbut for Cloudformation templates. Will pass down the correct S3 key to the specified CloudFormation stack
!StackOutput stack-name.OutputName- will read the corresponding output from the specified stack and pass it down here. The stack needs to have been created above in the sequence.
!ArtifactImage- these three tags are used together with a release manifest in release management
deploy_stack.py can read a release manifest file if you specify it in the
-m commandline argument. Release manifest contains images, their versions and other information about the software that is being deployed by the Seed. You can then inform your Cloudformation stacks about the versions and images you are deploying using the
!ArtifactImage tags in the runtime environment configuration.
More documentation about release management is coming soon.
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|Filename, size||File type||Python version||Upload date||Hashes|
|Filename, size cloudformation_seed-0.10.0-py3-none-any.whl (24.7 kB)||File type Wheel||Python version py3||Upload date||Hashes View hashes|
|Filename, size cloudformation-seed-0.10.0.tar.gz (24.8 kB)||File type Source||Python version None||Upload date||Hashes View hashes|
Hashes for cloudformation_seed-0.10.0-py3-none-any.whl
Hashes for cloudformation-seed-0.10.0.tar.gz