Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS cloudformation: One big template file or many small ones?

I'm about to rewrite a lot of my aws deployment code to launch everything with cloudformation controlled by boto, instead of bringing up each element on its own with boto. Does anyone know if its "best practice" to use one giant template file, which kicks everything off together, or a lot of smaller ones?

The advantage of one giant one seems to be that AWS handles all the dependancies for you so will bring things up slightly faster. The clear disadvantage is that it seems like a nightmare to maintain.

Has anyone tried combining their template files at run time so that they are treated as one large one, or does that get difficult to maintain?

like image 936
TristanMatthews Avatar asked Aug 12 '14 20:08

TristanMatthews


People also ask

What is the limit to the number of CloudFormation templates?

The new per template limits for the maximum number of resources is 500 (previously 200), parameters is 200 (previously 60), mappings is 200 (previously 100), and outputs is 200 (previously 60). CloudFormation allows you to model and provision cloud resources as code in a safe, predictable, and scalable manner.

Why is CloudFormation so slow?

AWS CloudFormation is S-L-O-W. CloudFormation can seem slow because it tries very hard not to get into a state where your infrastructure is broken. Both CloudFormation and Terraform try to execute as much in parallel as possible (keeping dependencies between resources in mind).

What type of file is an AWS CloudFormation template?

What is an AWS CloudFormation template? A template is a declaration of the AWS resources that make up a stack. The template is stored as a text file whose format complies with the JavaScript Object Notation (JSON) or YAML standard.


3 Answers

There's no easy answer, but several important points to keep in mind:

  • when you write several small templates, write a master template which will call the small ones (nested stacks). When you want to update a small one, do the change in the file, and update the master one. Only the resources that have changed will be updated, and the result of the stack update will be atomic (all clear or rollback everything). CloudFormation will still run the nested stacks in parallel, so it's not that slower.

  • there's a limitation in CloudFormation regarding the number of resources (200 resources per stack). It's very easy to reach, if you've got SecurityGroupIngress/Egress rules for example. Not sure this limit can be updated by the support.

  • on the other hand, feeding parameters to nested stacks can result in big files with not that many information... consider this: you have to feed all the parameters to the call, inside the nested stack you have to declare all the parameters again. Two levels of nesting is a real pain, believe me!

The best solution I've found is using a CloudFormation template frontend (I use troposphere - in python), so that you really describe infrastructure as code, with all the advantages of code (loops, conditionals, external file, functions) and in the end, you've got a genuine CloudFormation template.

I've been able to write huge CloudFormation templates with this system, without any maintenance nightmare...

like image 195
huelbois Avatar answered Oct 20 '22 14:10

huelbois


We started out with everything in one large template but eventually refactored it a bit to include a nested stack with some resources to avoid duplicating it in other templates.

One of the biggest challenges I've found is that having a monolithic stack makes it more difficult to update things piecemeal, and also makes it awkward when there are other stacks that depend on the resources in the monolith (e.g. security groups).

There was a session at re:Invent 2014 with a number of useful tips: APP304 - AWS CloudFormation Best Practices. Slides / Video

They recommend breaking stacks up based on a combination of layers or shared bits such as: identity, base network, shared services, backend services, frontend services.

While I'm loathe to deal with a lot of parameters and outputs (feeding them between stacks is annoying), it seems like a more flexible way of composing desired infrastructure.

like image 23
kylesm Avatar answered Oct 20 '22 14:10

kylesm


I know I am late for this discussion, but I want to share cfpack.js CLI tool that allows you to create multiple small CloudFormation templates that will be combined into the big one and deployed to a CloudFormation stack.

like image 26
Eugene Manuilov Avatar answered Oct 20 '22 14:10

Eugene Manuilov