Skip to main content
Skip to main content
Still in beta — questions, comments or suggestions? aramb@aramb.dev
Cloud Fundamentals

CloudFormation and Infrastructure as Code

Learn the basics of infrastructure as code, AWS CloudFormation templates, stacks, change sets, and drift.

15 min
Introductory

Learning outcomes

By the end of this lesson, the learner can:

  1. Explain what infrastructure as code (IaC) means.
  2. Explain what AWS CloudFormation does.
  3. Distinguish between a template, a stack, and a change set.
  4. Explain why CloudFormation makes infrastructure more repeatable and easier to review.
  5. Recognize why unmanaged manual changes can cause drift. (AWS Documentation)

Key terms

  • Infrastructure as code (IaC): Defining infrastructure using code so deployments are easier to version, share, replicate, and automate. AWS documentation says IaC helps speed up development, simplify configuration management, and improve deployment reliability and consistency. (AWS Documentation)
  • AWS CloudFormation: AWS's native declarative IaC service. AWS says you can model and provision your AWS infrastructure using YAML or JSON templates, and CloudFormation handles creating, updating, and deleting resources. (AWS Documentation)
  • Template: A JSON- or YAML-formatted file that describes the resources you want to provision. AWS's first-stack guide explicitly says CloudFormation templates can be written in YAML or JSON. (AWS Documentation)
  • Stack: The unit CloudFormation manages. AWS says you manage related resources as a single unit called a stack, and all resources in the stack are defined by the template. (AWS Documentation)
  • Change set: A preview of proposed stack changes. AWS says CloudFormation creates a list of changes so you can review them before executing them, and CloudFormation makes no changes until you execute the change set. (AWS Documentation)
  • Drift: A difference between the real resource configuration and the expected configuration defined by the template and parameters. AWS says drift is caused by unmanaged changes made outside CloudFormation. (AWS Documentation)

What infrastructure as code does

CloudFormation lets you describe infrastructure in code instead of rebuilding it manually in the console every time. AWS says CloudFormation can model and provision your infrastructure with YAML or JSON templates, and IaC makes deployments easier to version, reuse, and replicate. (AWS Documentation)

A simple memory rule:

  • template = the blueprint
  • stack = the deployed set of resources
  • change set = the preview before applying changes (AWS Documentation)

1) What CloudFormation is

AWS says CloudFormation is the native AWS IaC service and that it handles resource creation, updates, and deletion automatically from structured templates. AWS also says you can manage related resources as a single unit called a stack. (AWS Documentation)

Key takeaway:

  • instead of clicking through the console every time
  • you write the desired infrastructure once and let CloudFormation create it consistently (AWS Documentation)

2) What infrastructure as code means here

AWS's IaC guidance says defining infrastructure with code makes it easier to:

  • version deployments
  • share them
  • replicate them
  • review changes
  • automate deployment workflows. (AWS Documentation)

Key takeaway:

  • IaC is not just automation
  • it is also about repeatability, reviewability, and consistency across environments like dev and prod (AWS Documentation)

3) Templates: the blueprint

AWS says CloudFormation templates are written in YAML or JSON and describe the resources you want to provision. In the CloudFormation getting-started guide, AWS uses YAML because it is more human-readable, while still noting that JSON templates are also supported. (AWS Documentation)

A helpful mental model:

  • template = "the written description of what I want AWS to build" (AWS Documentation)

A tiny example of the idea looks like this:

AWSTemplateFormatVersion: "2010-09-09"
Description: Simple example
Resources:
  MyBucket:
    Type: AWS::S3::Bucket

That example is just to show the shape: a template names resources and their types.

4) Stacks: the deployed unit

AWS says when you use CloudFormation, you manage related resources as a single unit called a stack. You create, update, and delete the whole collection through the stack, and all resources in the stack come from the template. AWS gives examples like a web application stack containing a load balancer, an Auto Scaling group, and a database. (AWS Documentation)

Key takeaway:

  • you do not think only in terms of "one bucket" or "one server"
  • you can think in terms of "this whole app environment" as one managed deployment unit (AWS Documentation)

5) Parameters and reuse

AWS says you can pass values such as an instance type when you create a stack instead of hard-coding every value into the template, which makes templates easier to reuse in different situations. (AWS Documentation)

Key takeaway:

  • one template can often be reused for multiple environments
  • only the input values change, such as instance type, environment name, or database size (AWS Documentation)

6) Change sets: preview before applying

AWS says change sets summarize the changes CloudFormation will make to a stack and let you review them before execution. AWS also says CloudFormation does not make changes until you execute the change set. (AWS Documentation)

This matters because updates can sometimes replace resources. AWS gives the example that changing the name of an RDS database instance can cause CloudFormation to create a new database and delete the old one, so reviewing a change set helps you catch risky updates before they happen. (AWS Documentation)

Key takeaway:

  • change set = safety preview
  • it helps you see whether your update is harmless, disruptive, or replacing something important (AWS Documentation)

7) Drift: why manual changes are dangerous

AWS says drift happens when a stack's actual resource configuration differs from the expected configuration defined in the template and parameters. AWS best practices specifically warn against changing stack-managed resources outside CloudFormation because that creates a mismatch between the template and the real environment. (AWS Documentation)

Key takeaway:

  • if CloudFormation owns the resource, let CloudFormation keep owning it
  • manual console edits can make future updates confusing or risky (AWS Documentation)

8) Why CloudFormation is useful

AWS IaC guidance says infrastructure as code improves consistency, collaboration, and auditability. AWS CloudFormation best practices also say you should store templates in version control, use code reviews, and use automated testing or CI/CD pipelines when possible. (AWS Documentation)

Key takeaway:

  • CloudFormation is useful because it makes infrastructure:
  • repeatable
  • reviewable
  • easier to recreate in another account or Region
  • less dependent on memory and console clicking (AWS Documentation)

9) A practical workflow

A simple CloudFormation workflow is:

  1. write a template in YAML or JSON
  2. create a stack from it
  3. update the template when infrastructure changes
  4. create and review a change set
  5. execute the change set
  6. let CloudFormation update the stack
  7. avoid manual edits outside CloudFormation to reduce drift (AWS Documentation)

10) One important permission note

AWS says that if your stack template creates IAM-affecting resources, you must explicitly acknowledge the capability by specifying CAPABILITY_IAM or CAPABILITY_NAMED_IAM when creating a change set or stack. (AWS Documentation)

Key takeaway:

  • CloudFormation can create powerful resources
  • AWS sometimes requires explicit acknowledgement before allowing that deployment (AWS Documentation)

Quick comparison table

ConceptMental model
IaCDefine infrastructure in code
TemplateBlueprint of resources
StackDeployed unit of related resources
Change setPreview of proposed changes
DriftReal resources no longer match template expectations

CSV version:

Concept,Mental model
IaC,Define infrastructure in code
Template,Blueprint of resources
Stack,Deployed unit of related resources
Change set,Preview of proposed changes
Drift,Real resources no longer match template expectations

These meanings are based on AWS's CloudFormation and IaC documentation. (AWS Documentation)

Micro-activity 1: Match the term

Micro-Activity

Match the CloudFormation term to its meaning

Match each CloudFormation concept to the correct definition.

Examples

Choose one, then match it on the right

Characteristics

Select an example first

0 of 4 matched so far.

Micro-activity 2: Explain the benefit

Think about it

In two or three sentences, explain why CloudFormation is better than manually rebuilding the same environment by hand every time. A strong answer should mention repeatability, reviewability, version control, and safer updates through change sets.

Summary

CloudFormation is AWS's native infrastructure-as-code service. AWS says you can describe infrastructure in YAML or JSON templates, then create, update, and delete collections of resources as stacks. This makes deployments easier to automate, reuse, review, and replicate. (AWS Documentation)

The most important ideas are:

  • template = blueprint
  • stack = deployed resources
  • change set = review before update
  • drift = manual changes outside CloudFormation caused the real environment to stop matching the template (AWS Documentation)

The simplest memory rule is:

  • CloudFormation = infrastructure described as code and managed as stacks (AWS Documentation)

Knowledge Check

Knowledge Check
1 / 6

What is AWS CloudFormation?

Next lesson

Lesson 4.22: Service Selection Practice