5 Managing Change

 

This chapter covers:

  • Using Change Sets to streamline deployment of changes and prevent template drift, as well as understanding how they may impact deployed resources
  • Building modular templates in a way that they can be shared with other team members, to promote infrastructure code reuse
  • Promoting team collaboration and desirable division of responsibility by breaking out resources into individual Stacks by lifecycle and ownership
  • Ensuring better security of deployed infrastructure by using IAM and best practices for managing credentials
  • Protecting against accidental or unauthorized deletion or replacement of resources

5.1       Introduction

In this chapter, our focus is managing change. We will learn how to participate and contribute as part of a team using CloudFormation. We are going to explore practices and resources (such as Cross-Stack references, Nested Stacks, and Transforms) designed to facilitate infrastructure code reuse to make changes manageable.

We’ll look at ways we can make templates more flexible using Parameters, Mappings and Conditions, which are topics we’ve introduced previously, and are key elements to modularization. We will get into testing topics, exploring ways to validate templates before deployment using cfn-lint and other methods.

5.2       Using Change Sets

5.3       Building Modular Templates

5.4       Cross-Stack References

5.5       Nested Stacks

5.6       Transform and Include

5.6.1   Networking

5.6.2   Mappings

5.7    Testing and Validating CloudFormation Templates

5.7.1   Unit Testing for IaC

5.7.2   Validating Templates with cfn-lint

5.8       Understanding and Correcting Template Drift

5.9    Protecting Stack Resources

5.9.1   Using IAM

5.9.2   Stack Policies

5.10  Security Validation for CloudFormation Templates

5.11  Importing Existing Resources into Templates

5.12  Summary

sitemap