 حسنا now the infrastructure has a code or IAC well actually I got this from the Wikipedia now as you can see it is the process of managing and provisioning computer data centers through machine readable definition files so rather than physical hardware configuration or interactive configuration tools so you are defining and implementing all of your infrastructure within a code so you write the code and then you run it and that code is responsible to build your infrastructure so this is why it is called infrastructure as a code or IAC حسنا now if you scroll down you can see that there are a lot of tools for the infrastructure as a code like the shift, the puppet, alter, start stack, CF engine, terraform and actually terraform is very popular and you can see ansible ansible tour and there are other tools like the AWS cloud formation which is our subject here حسنا now actually regarding the popularity I think terraform is more popular than AWS cloud formation actually it's not like it's better or something like that no but the thing is because terraform has this feature or has this something called the cloud agnostics or multi cloud provider so you have specific services from AWS for example and another services from Google cloud حسنا so you have specific services on Azure or just Google cloud and Azure or Google cloud and AWS and so on so that we can have or build our infrastructure on all of these cloud providers with just simple code okay but actually that doesn't make cloud formation is less than or less powerful حسنا will actually cloud formation is very powerful and widely used so the thing is if you have all of your services and servers running on AWS so cloud formation comes more handy and more powerful because everything you are using is on AWS so why not to use AWS cloud formation and each new features each new حسنا because each new functionality each new services on AWS it will be updated immediately on cloud formation but on the other hand that terraform it will take time until they make update and blah blah blah and so on right but you may ask me who may use AWS itself or just AWS حسنا well actually there are a lot of use cases a lot of companies just use AWS they didn't use Google cloud or Azure like for example Netflix Netflix is very popular company حسنا all of their services just using AWS it doesn't use any other cloud providers so in that case building your own infrastructure using cloud formation is more powerful and has its own browse rather than using other tools like terraform for example حسنا now in the next lecture we will handle the cloud formation we will have a quick overview and and see the structures the syntax and how it works and so on right so I will see you there حسنا now AWS cloud formation now as I told you the cloud formation is infrastructure as a code tool it gives you an easy way to model a collection of related AWS and third-party resources حسنا so you provide the code or the infrastructure as a code then you will provision all the resources and build the infrastructure you want just with a few clicks or even you can automate that using CLI API and so on right حسنا so as you can see you can use a template to create update or delete entire stack as a single unit حسنا as often as you need to now you may asking what is template what is stack what all of that I don't know anything about don't worry we will talk about these in detail حسنا but for now let's have some of the benefits so as you can see it automate best practices so for a DevOps engineer actually the automation is very crucial thing so you need this is some of the best practices to automate everything even though your infrastructure حسنا so your infrastructure is deleted you don't need to worry about it you can just few clicks and have all of your infrastructure up and running حسنا or if you need to copy all your infrastructure to another region for example you don't need to have all the weekend or have a whole week just deploying the infrastructure on that region you just click right click in a few seconds and you have them there حسنا well actually not a few seconds depends on how large your infrastructure and so on حسنا there are a lot of factors in fact حسنا now you can scale your infrastructure worldwide you can integrate with other AWS services حسنا as you can see with like I AWS I am for access control AWS config for compliance and AWS service catalog for trunkey application distribution and additional governance حسنا now we can manage a third party and private resources حسنا and will as extend cloud formation with the community حسنا so how it works now this is the most important thing حسنا now here as you can see this is the diagram حسنا and I intended actually to give you that from the official documentation حسنا so you need to get used of using AWS official documentation حسنا something you want حسنا this is for vlogs، you just go there حسنا or Google it حسنا or search any using any search engine حسنا but it is better to use or to get the information from the official documentation حسنا حسنا الحسنا now as you can see حسنا the code infrastructure حسنا حسنا so you type حسنا your code infrastructure حسنا from scratch حسنا you write حسنا and this is something you can get from scratch حسنا حسنا forigers your write a template حسنا حسنا حسنا and this is something وهذا شيء يسمى مدينة مدينة actually so using any language so either yam language or jason format right now in this course we will handle yam which is yet another markup language actually because it is very simple now it's not complicated and it is human readable actually so you can write read anything it's very easy to read and write programs okay so you write your template and this is what we talked about which is the template the template is your code written in iam or jason format and then you will upload it to an s3 bucket so as you can see you upload it to s3 bucket or you can put it locally now everything here is from the console all right so you don't worry about doing that manually all right so you from the console few clicks and you have then AWS cloud formation as you can see use via the browser console or command line tools or api to create the stack based on your template code now you may ask me what is the stack well actually the stack is a collection of the aws resources that you have implemented in the code so you write in the code you want to deploy ec2 instances or rds databases or dino db or security group eip whatever okay load balancer and so on so all of these resources will be inside something called stack and this stack you can create more stack like that you can put nested the stacks you can delete it you can edit it you can modify it even if there is something called drift detection don't worry we will handle that in this course in this section precisely so all of that resources will be in this stack all right then the output as you can see AWS cloud formation provisions and configures the stacks and resources you specified on your template so finally you will have an infrastructure ec2 security group load balancer and so on here are some of the featured customers as you can see coinbase expedia as you can see expedia use AWS cloud formation with shift to deploy its entire front and back in stack into its AWS environment now you can read more about that actually there are a lot of blogs a lot of articles if you want to read about it actually i will which i recommend you to do that um that here some of the features like the extensibility cross account and cross region management which is something we talked about and very important authoring with jason yaml authoring with familiar programming lounge language if you are using cdk which is the cloud development kit build serverless application with sam safety controls preview change to your environment dependency management all right now one of the cool features from AWS cloud formation actually it is free you don't pay anything as you can see there is no additional charge for using AWS cloud formation with the resources provided in the following name space as you can see in this case you can pay for AWS resources only so you pay for the underlying resources so as you can see you only pay for what you use as you use it there are no minimum fees and no required upfront so you don't pay anything for using cloud formation you just pay for the resources so if you deploy or if you provision easy to instances you pay for that or for those easy to instances that's it and you don't need to pay or you don't pay anything for using cloud formation which is something very cool and well it is from AWS within so it is good you can read there are some of the examples um here if you are interested we'll actually recommend you to do that okay now let's have a real quick from the console so as you can see from here you go to the cloud formation and from here you can see that we have stacks stack sits for design up here you can create the stack you can see how much stacks I have and this is the main bait how it works there are some of the benefits and more okay now don't worry we will handle all of these and all the important things and I will try my best as much as I can to give you everything important for you as a developer or as a DevOps engineer okay so keep with me work with me step by step and you will learn a lot all right I will see you in the next lecture all right now this lecture actually is give you a very brief quick view for the YAML syntax so you will come to understand the basics of using YAML and how it works so actually YAML is a key value bear as you can see type and the value of type this is some examples so the first thing it starts with three dashes as you can see then on the same level as you can see we can have resources and for the resources as you can see here there are two spaces if you if you notice here there are two spaces this means that my instance here is inside the resources inside the resources tree okay so here as you can see the type there are two more spaces as you can see so which means that the my instance here inside it there are something called type and the type here is aws easy to instance whatever this is some value we will talk about these in details when time comes but for now as you can see it is a key value bear all right and the type here which is inside the my instance that inside resources as you can see now the same thing for properties the properties is for the my instance as you can see two spaces here as you can see the properties for the my instance so my instance here have type of this value wherever and have these properties and these properties they are inside the properties as you can see there are two spaces here for each one the availability zones the image id the instance type and so on so the instance type the image id the availability zone these are properties of my instance that are inside the resources okay now let's have another example which is this one as you can see this is a bigger example we started with three dashes as well the barometer is here wherever we used security group which is inside the barometer tree and we have this description for this security group description as you can see this is the description and the type here is for the security group as you can see the type here is not for the description here the type here is for the security group description as you can see there are هناك أشياء هنا ، حسنًا ، فهي يم is very easy to read very easy to use and to write at and here as you can see the resources so if you notice we don't have spaces here which means that the resources here is a complete or the whole new tree so for the parameter has the security group inside it and inside the security group description and type now a new thing called resources inside it my instance and inside the my instance type and properties and these inside the properties and as you can see here the security group we inside it there are lists as you can see there are dash this means that there this is a list of this value and we will talk about this don't worry there if function in terms of functions we don't worry don't worry about that and here is you can put the comment as well it doesn't matter and if you notice here as you can see this is the first resource we have and this is the second resource so if you notice there are two spaces here the my eib there are two spaces which means that my eib is inside the resources as well and this is the same for the asset security group the server security group and so on all right so from its structure it is very simple it is very easy to to use it's very easy to read and you can write it right away you can write a lot of yaml now after you see that as you can see it's very easy and very simple just a key value bear and these bear inside that tree okay now depends on the spaces we have so as I told you all right I will see you in the next lecture where we will start creating our stacks and we need for that are creating the resources we want and as you can see the here is are some of the resources we will create the like the security group like that the instances eip databases and so on all right don't worry we will take that step by step slowly so until you get it 100% all right but for now we got the idea how to use the yaml what is yaml and how to use it how to write programs or how to write scripts with it and it is you saw that it is very easy it's not that complicated or hard all right I will see you there the first thing let's go to the cloud formation console and let's create our first stack so create stack like as simple as that you will find this template is ready or you can use assemble template from here from the list or you can create a template using that design as you can see but for now we have our template ready and here you can either choose to upload them using s3 so you have your template already uploaded to s3 you can just provide the s3 URL here or you can upload the template and in my case I will upload the template and actually regarding this template which is the symbol EC2 instance .yaml you can find it I already provide you with that if you need to practice with me so I already provide you that as a downloadable content you can find it there just download it and use it if you want step by step and don't worry actually it is free as you can see this is empty to micro so it will not cost you any time and I recommend you to do that to practice with me all right now let's choose the file choose the template you want and that's it all right but before that you can see that the image ID here you need to provide it with the AMI you want so in my case I go to the instances from here lunch instance and here I will use the amazon linux 2 AMI as you can see here are the AMI for 64 bit or 86 or you can have this AMI for the 64 bit okay in my case I will use this AMI as you can see I will copy and paste it here okay and by the way you will find this file again as a downloadable content with this AMI if this AMI is not working with you you need to change it as I told you all right now another thing I want to mention that I am using the north virginia region so if you have a look on the yaml file you can see that the availability zone here is us east 1a and us east 1 is north virginia all right so don't forget that okay let's close it on this and let's upload it now here is the file the symbol easy to instance then you can click on next here the stack name let's name it test stack for now okay next oh yeah and here you can um but any tags you want for my case I bought name test stack for now the permission if you have a specific yaml for now we'll leave it as is for the advanced options we have the stack policy now here the stack policy for now we'll leave it as is but we can have no stack policy or enter a stack policy here as a json formatted text or we can upload a file with a json formatted file for the stack policy for now we'll leave it as no stack policy now here the roadmap configuration so as you can see you can specify alarm for cloud formation to monitor when creating or updating the stack so you can monitor as you can see option with 10 minutes number of money of minutes after the operation complete so after 10 minutes it will go to alarm or whatever here the cloud watch arn cloud watch alarm arn then you can see that we have a notification option so if you want to send sns topic which is email or sms to anyone whatever all right for now we'll leave it as is and here you can see that we have the stack creation options which is rolled back on failure so if some failure happened you can roll back so you can enable or you can disable it if you don't need to roll back so you want to investigate why this happened or something like that you don't need to roll back you can just keep it as disabled but for now i will leave it as enabled and the time out here the number of minutes before the stack creation time out okay and the termination protection if you want to prevent the stack from being accidentally deleted okay i will leave it as disabled so i will click on next so here are the stack you can see the estimate cost but in our case it will not cost us anything actually because if you have a look here you can see that this is an amazon linux 2 and with a t2 micro on north virginia all right and this is the type of the something i am creating or the resource we are creating so which is the the instance or ec2 instance all right so another look three dashes the resources the first one is name its name is my instance its type is aws ec2 instance and this means that this is an ec2 instance and its name inside this template i mean is my instance the type is ec2 instance as we as i told you and the properties is available to zone inside this available to zone the image id this image id the instance type which is this instance type as simple as that actually this is a simple ec2 instance now let's close it from this you can see the estimation you can see the parameters there are no parameters here the tags there are one tag i already create i have created as you can see the permissions tag policy that you'll back the creation stack creation which is and so on okay so here you can see that we have a quick create link and you can use it as you can see a single page wizard to create stacks with the same basic configuration as this one okay but for now we don't need that now let's create the stack now as you can see we have created the stack so here are some of the stack on information like the stack id description as you can see the status is create in progress if you scroll down there are no iam roll last drift check don't worry about the drift check we will handle this in a separate lecture actually and this is something very useful and the drift status the tags stack body c roll back configuration notification and so on so for the events as you can see it is in here the user initiated as and as you can see it is create in progress here create in progress but this is my instance as you can see here the create in progress with resource creation initiated with my instance if i refresh again you can see that my instance here create complete the test stack create complete so everything is working fine so if i go to the resources here you can see that i have this resource this ec2 instance so again if i go to the ec2 instance here from here and go to the running instances in the north virginia region you can see that i have this ec2 instance with its name is this stack and if i go to the tags you can see that i have the tag that i already named which is that is the stack by the way okay but you can see that there are other tags which is the aws cloud formation stack id as you can see this is something generated by aws and we have the aws cloud formation stack name and the aws cloud formation sorry about this yeah the logic logical id which is the my instance as you can see this is the logical id in the template if you have a look here which is my instance here this is the logical id all right which is the one that we defined inside the template all right so let's go back so here these are the resources the outputs here there are no outputs because we didn't define any but don't worry we will have a separate section for that or a separate lecture the parameters there are no parameters as well because we didn't define any and again we will have a separate lecture for that again the template here you can see that this is our template as you can see the resources in my instance the instance type and the instance type here right and here the changes it now there are no changes it have been created or something empty as you can see but again we have a separate lecture for that don't worry about this now one thing before we finish this lecture is the designer so you can see that we can see our template here using the designer so if i click on view in designer you will see that i have my infrastructure here so if i scroll down here let's you can see that i have my instance here which is the type is easy to instance here as you can see and i can put any instance i want as you can see st3 access point bucket policy and so so you can just write your own infrastructure with a graphical user interface with a drag and drop functionality as simple as that but actually to be honest i don't prefer this method because it will not make you use the the functionality of infrastructure as a code as you can see as a code so you don't you can't have your infrastructure written as a code you will have it one by one well actually but on the other hand you can put wherever resources here and finally generate the code then use the code over and over with an automated way yeah actually everything it depends on you after all what you prefer and and that you want but for me i don't like that anyway it's up to you after okay now i will see you in the next lecture where we will update this stack and we will delete it so i want to add more instances for example i want to add an elastic load balancer elastic ip address i want for example to attach elastic ip to this instance that already created how to do that we can we will learn that in the next lecture all right i will see you there all right now let's update our stack now we already created our first stack which is creating a simple ec2 now here if you click on the stack and you can see that we have this option which is the update stack and delete delete it will delete it as simple as that but the update here if you click on it you can see that we can use current template replace the current template or edit template in designer for now we will replace current template with uploading to upload a new template file from here and actually as you can see ec2 with sg and eip dot m now here we will have ec2 instance with security group and that with elastic ip address will be attached to the ec2 instance but remember we already created our ec2 instance so now we will create an elastic ip address and we will attach it to the instance and we will have and we will customize this instance with security group now we will see right away but before that let's have a look on the yaml file you can see that the same format or syntax but we added a parameters now now these parameters as you can see security group description the description for the security group and here we add the description here this is the description and the type is strength all right the resource is the same thing as you can see the type is as easy to instance but by the way the type of the resources actually is reserved so you cannot put anything you want you need to go to the documentation and you will have all the resources you want there or you can just open the designer template designer and put or take any resources you want from there actually there are a lot of approaches okay and the properties is the same as you can see the image id here the instance type is t2 micro the security group now here the thing is as you can see here there are two spaces so these are for what for the security groups but here we use the rift function now this is something new actually but we will have a separate lecture for it but for now these are called the intern sick functions and as you can see the which means references so i reference the ssh security group as you can see the ssh security group from here and the security group which is the reference security server security group which is the other one so if i go to the first one which is the ssh security group you can see that the type is awsec2 security group and again this is a reserved name the type i mean these are aws resources so you cannot put anything here you will choose the resources that they are existed as well as they must have the right or the exact format so aws as you can see colon colon ec2 colon colon security group and the properties is group description enable ssh 22 actually i get as you can see these templates i got them from the official documentation from aws they provide you with a load library with templates for what you need as well as you can modify depends on the application the company the policy you are walking with and so on depends on your criteria let's see id r i put anything and allow 22 from the board 22 to the board 22 using this ip protocol actually i didn't memorize anything i just copy and paste and use whatever i want depends on the criteria i need so as you can see this is the first security group the second security group is the same as you can see but this time we referenced the security group description as you can see for the type is a ec2 but the properties here we refer the group description we didn't in hardcoded like the above here as you can see here we hardcoded it but here we referenced this from the security group description which is the from the parameters as you can see the description is security group and this must be entered or typed when we click next and we will see right away after i click next you can see that but for now keep with me as you can see the ip protocol is tcb from 80 to 80 the cid from anywhere and the board 22 22 and the cid r ip which is this ip address only okay now actually this is just a test i want to show you as simple as that okay so this is the second security group now finally the elastic ip address now again uh don't forget that there are two spaces here which means they these are related to the resources as you can see my instance two spaces which means that my instance is inside the resources and again the my ip there are two spaces here which means that my ip is inside the resources as you can see we have a line here if you are using a sublime i'm using sublime currently but you can use video one studio actually it is very good as well so here the my ip the type is easy to eip and again this is a reserve name you cannot put anything here for the type and the properties is instance id and we want this elastic ip address to be attached to this instance which is my instance as you can see which is this one but you may ask me how did i know about these well actually i didn't give them from my house let's say or my home these are from all the official documentation i get them from there they have their own format their own syntax you need to learn what is the syntax and how to use it okay so far so good all right now let's see here we upload this thing yeah by the way another thing i already upload that as a downloadable content so you can find it there if you want to practice with me step by step all right and actually i recommend you to do that as well okay now here i upload that as a template we replace it with ec2 with sg and eip let's click on next and here you can see this is the something i talked about which is the parameters as you can see this time the security group here we need to provide the security group description and this we saw that actually here as you can see we saw that that when we when we create our instance and the security groups one of them is the server security group and the security group here the one that we that use a reference to the security group description which is something within the parameters as you can see so this parameter need to be entered or typed using a string type as you can see so i need to type any description here so okay so far so good right now if i click next you can see that we have all the tags we want so like the name these are from the previous stack the first one we created the same as permissions stack policy rollback configuration notification options so if you configured any of these you will find it here but because i didn't configure anything you will not find anything here okay so let's click on next here you can see that these these are the parameters the key the permission notification option and so on but what is important here actually is the change set preview so you can see that we have four changes the first thing is the add which is we added my eib and the resource type is ec2 eip elastic ib address so if i open this again you can see that we added an elastic ib address which is this one as you can see this is a new all right now the the second thing is modify the action is modify so we modify the logical id of my instance which is this my instance this is the logical id i we modify that to new instance as you can see the replacement is true here here is the type of the resource the replacement is true and this is the physical id not the logical logical id which means within the template the physical id this is something already existed as a real life or let's say that already deployed or already provisioned okay but for them eib because we didn't create it yet so no physical id yet again for the here we added a security group as you can see and we added another security group server security group and as a security group okay so everything cool for now let's update our stack and see what will happen yeah as you can see when we created there are a lot of events happened so the first thing the create in progress these are from the previous actually until we reach the create complete these are from the previous but here is the new thing which is the update in progress as you can see user initiated update in progress so if i refresh this you can see that now we have resource creation initiated update in progress as the same time and here we have requested update requires the creation of a new physical resource hence creating one as you can see so if i refresh again you can see that it is update complete for my instance and don't forget that we already as you can see create complete for the asset security group the server security group already create complete as they were in the create in progress and here the my instance update complete then we have the my eib now all of these the logical id so if i open the template again you can see that the logical id the my eib the my instance if i scroll down server security group as such security group all of these on the resources i mean these are called logical id so if i refresh that you can see that delete in progress for my instance because here update complete clean up in progress here as you can see now as you can see delete complete for my instance and now the test stack update complete okay so far so good now let's head to the resources now for the resources we have four resources the my eib this this one now as you can see now it has a physical id because it has been provisioned my instance here these are the my instances the physical id so if i go here to the ec2 instances to the running instances you can see now we have a new one and the old one is terminated so as you can see we already terminated that and we created a new instance with a new with attached eib as you can see this is the test stack if i go to the tags you can see that it has other information the logical id stack name the stack id and so on as well as for the security group so if i go down to the security group from here we have them here which is the test stack this one and if you can see the group name is test stack and so on and here which is this one as well as if i click on this one you can see if i scroll down to the description you can see that i have this description the one i added to the barometer as we defined so as you can see inside this one which is the security group description in the description in this one when we use it inside as a reference inside the server security group we referenced the security group description which is this one from the barometer's scope right so far so good okay so the outputs here we didn't provide any outputs but the parameter as you can see we add this parameter the security group description and the value is here we added it manually okay and if i click on the template you can see that the template has been updated so far so good now finally if i click on delete here i will delete the stack and all the resources inside it okay so i delete it like this so if i go to the event you can see that the delete is in progress it starts with my eib my instance the server asset security group or the asset security group and so on until everything is deleted so if i click on here delete in in progress for the test stack so far so good now again if you want to try this step by step with me i already uploaded the template that i worked on here on this lecture as a downloadable content you can find it download it upload it and try it out you will not lose anything it will cost you zero well nothing it will not cost you anything okay i will see you in the next lecture now the cloud formation parameters so you can use the optional parameter section to customize your templates parameters enable you to input custom values to your template each time you create or update a stack now this is something we already saw as you can see from here you can see that we used parameters for the security group description and we referenced for the group description for this server security group we referenced the security group description which is something inside the parameter here and we bought the description the type and we entered the our type the value we want which was that this description we entered here as you can see this is the official documentation you can read more about this there are something i want to mention here actually so as you can see this example declares a parameter named instance type parameter this parameter let's you specify an amazon easy to instance type for the stack to use when you create or update the stack not here the instance type parameter has a default value which is t to micro this value that either is going to use it to provision the stack and this another value is provided okay now here we have the json format and the yaml but in our case we need the yaml actually because it is bitter and easy to read as we mentioned so the parameters here as you can see the syntax inside inside it we bought as you can see two spaces here instance type parameter the type is strength the default here is t to micro as you can see the allowed values is t to micro m1 small m1 large the description for that this instance type parameter enter t to m1 m1 large m1 small default is t to micro so what is new here is the default is t to micro this one and the allowed values which is these ones so if we entered anything other than these it will not work as you can see these only are the allowed values all right so far so good and if we want to reference the parameter within the template we need to use the riff which is the reference intrinsic function and this is something again we already saw as you can see here if you scroll down we use that inside this using the reference function this is the intrinsic functions we will talk about these in details in a separate lecture so here this example as you can see we reference the instance parameter for the instance type okay but this time as you can see it use another syntax which is this one inside the instance type we reference this as a key value but actually it will work again if you put it on the same line here i mean and with using the exclamation mark shift plus one inside all on the same line here but put it the exclamation mark before the riff without using the colon here that just the same as using this one as you can see we have it on the same line without putting it under the tree or under the group description tree okay so it works either way so here are some of the requirement for the parameter i mean i want to mention the first thing you can have maximum of 60 bar in the AWS cloud formation template each parameter must be given a logical name also called the logical id and this is something we already saw which must be alphanumeric and unique among all logical names within the template each parameter must be accessed a parameter type that is supported by AWS cloud formation so you can't put the type anything you want these are must be supported by the AWS each parameter must be assigned a value at a runtime for AWS cloud formation to successfully provision this tag and the parameters must be declared and referenced from within the same template so far so good and as you can see here you can reference parameter from the resources and outputs section of the template and the outputs here this is something we will handle it on a separate lecture don't worry okay for now as you can see this is the the syntax the parameters here the parameter logical id the type must be supported by AWS and the parameter property which is value so here you can read more about more options and more things and so you can see the important you can see you read more depends on what you need what i want now if i want to scroll down to see this example as you can see basic input parameter so as you can see the following example parameter section declare two parameter the db board parameter is one of type number with the different value of this one and the minimum value that can be satisfied is this and the maximum value can be this and the db board which is another parameter pwd is a type string with no different value and the no equal property is set to true to prevent describe stack calls such as AWS cloud formation describe stacks okay now let's scroll down here and have a look it's better actually than reading out loud so we have two parameters the db board and db pwd so for the db board the default one is this one these are the description the type is number as you can see and this is the minimum value and the maximum value so far so good so this is the first parameter as you can see the second parameter is db pwd no equal is equal true the database admin account password this is the admin account password the type is strength the minimum is one the maximum is 41 and these are the allowed better as you can see you can read more more examples as you can see but for now we will stop on this we already declared that we already saw how to use parameters now it's up to you depends on the architecture the program or the infrastructure you are building you can modify what whatever parameter to use it over and over all right now the cloud formation resources the required resources section declares AWS resources that you want to include in the stack such as amazon ec2 instances or st3 bucket and so on okay now this is the syntax as you can see the resources section consists of the key name resources the following sudo template outline the resources section so let's see the am format the resources inside it then we will put the logical id which is something we already saw the type here the resource type and again the resource type here is something reserved we cannot put anything this must be supported by AWS and the properties we can put the set of properties depend on the resource type okay now here you can read more from the some examples and so on but we already saw that so let's have a look here with the AWS resources and proper types in France these are all of the AWS resources that that's supported currently okay so this is the syntax or the form service provider service name and data type name so if i open this so you can see that these are the resources this is the logical id which is my instance the type is AWS ec2 instance okay so it's this instance ec2 and it is instance the properties is like these okay so here are all of the resources we have for code pipeline config ec2 s3 elastic load balancer lambda route 53 step function a lot of things actually so for now let's see ec2 which is something already saw and here you can see all the resources types regarding the ec2 so we have a customer gateway vbn route we have instance which is something already saw internet gateway network acl route vbc vbn gateway and so on okay now all of these you can define and use whatever you want so if i go to the instance which is something we already saw now again now this i got this from the official documentation as you can see so you can just google it or using any search engine just all AWS cloud formation resources and you will find it on the same on the first search result so no big deal actually okay so here are the syntax for the ec2 instance for the yaml let's see the yaml here are all the properties we have the additional info affinity block device mapping cpu options actually everything everything in details here everything okay and we can read more about these actually so for example the cpu options you can see this is the cpu option for the instance required no and the type is cpu option update requires as you can see it is the replacement okay so everything in details you will find it here so if you are trying or you are writing your own cloud formation template for your own company for your own organization or the people you are working with regardless actually so just head out to the AWS cloud formation AWS official documentation and there you can find wherever you want depends on the criteria you are working on okay thanks for watching i will see you in the next lecture all right now let's start with the mappings now the optional mappings section match a key to corresponding set of named values so for example if you want to set values based on a region you can create a mapping that uses the region name as a key and contains the values you want to specify for each specific region and you can use the fn find in map intrinsic function to retrieve values in map now actually don't confuse of this part which is the fn with double columns as you can see well actually this is the same as replacing the fn double common with exclamation mark okay so you can put this syntax or with the exclamation marks it is the same here i think you cannot include parameters pseudo parameters or intrinsic function in the mappings section as you can see because this must be a hard coded value okay and actually it is very useful so let's have an example here as you can see this is the syntax mappings mappings zero one the key name is value key two name value key three name value okay so let's see some examples well actually it is better so these are basically mapping so the following example showing mapping section with map region map okay so which we contain five keys that map name value containing a syncing string values and the keys are region named each name value bear is ami id for the hvm 64 ami in the region represented by the key so let's have a look for the yaml language so you can see mappings then the region map for the us east one we have this value this key for this value so you can see this is the ami for this hvm 64 but if it is inside the us west one for the hvm 64 this is the ami for the eu west one for the hvm 65 this is the ami the ami id i mean so as you can see i we can use the hvm 64 ami and you know that the ami is looked to the region so ami in specific region doesn't mean the same ami in other region you know that so by doing a mapping for each region we make sure that we know all the ami for all the region for this specific ami or this specific image all right which is the hvm 64 okay now here are some other examples i'm mapping with multiple values so you can see the same thing but hvm 64 which is this ami hvm g2 this ami this is for us east one the same for us it was two us west one us eu west one ap north east one and so on all right here we can return a value from a mapping by using this thing which is the find in map intrinsic function as you can see by using this format or using the exclamation mark it is the same again so let's have a look on the yamel so here format virgin the mapping region mapping as you can see we use that until we reach as you can see we declare that in the mappings in the region map and here in the resources we use that inside the properties the image id find in map as you can see we use this time we use the exclamation mark as you can see find in map the region map and reference from the aws region hvm 64 so please find the hvm 64 inside the aws region that we are in regarding from the region map so again from region map which is this one please find the hvm 64 either this one sorry either this one or this one or this one or this one or or this one depends on the region we are currently in which is using the riff aws region as you can see so depends on the region we in we will take the image ami or the ami id so if we are inside the us east one for example and we want hvm 64 so this is the hvm 64 and this is the ami id inside the region map so we will put this image id instead of that so the image id will be this one if we assume that we are in the us east one and the insta style is m1 small as you can see here are another examples like input parameter find in map so here the yaml as you can see you can read more about it actually the documentation is very rich depends on your criteria and whatever you want okay thanks for watching now the cloud formation outputs now the optional output section declares output values that you can import into other stacks so this is to create across stack references and return in response to describe stack calls or view on the cloud formation console so for example you can output the s3 bucket name for a stack to make the bucket easier to find but here are some important note i want to mention so that cloud formation doesn't redact or obfuscate any information you include in the output section so we strongly recommend that you do not use this section to output sensitive information such as password or secrets so don't use that to put sensitive information that's for sure okay so here this is a syntax as you can see the outputs then you put your logical id here are some of the description the value to return and you can export whatever value to export okay so here you can read more about the output fields as you can see here are some of the notes for the export so for each AWS account export name must be unique within the region you cannot create cross stack reference across regions you can use the intrinsic function import value to import only values that have been exported within the same region and for outputs the value of the name property of an export cannot use reference or get attribute that depend on a resource and you cannot delete stack if another stack reference of its output you cannot modify or remove an output value that is referenced by another step okay so let's see this example of actually the outputs backup load balancer dns name this is the description which is the dns name of the backup load balancer the value we will get the attribute backup load balancer dns name the condition create broad resources whatever the condition we will talk about it later on the instance id here you can see that the description the instance id the value reference the easy to instance which is something from other stack okay so let's have a cross stack output actually so you can see that in the following examples the output named stack vbc return the id of a vbc and then export the value of cross stack references with this name vbc id up into the stack's name so here an example outputs stack vbc description here the id of the vbc and the value as you can see my vbc as you can see we got my vbc and we export that as as you can see we will use the substitution intrinsic function and we use the adb stack name which is the name of the stack with the vbc id as you can see the vbc id so we export that the stack vbc we export it all of all of these information and these things we export it as this name actually and we will import it on another stack we just put from export instead of export we will use import and we put the name here we receive from there okay as simple as that well actually this is just a theory so you can see that here there is another thing so here you can see that we use the fn import value and the value we got the network stack named security group id this is some value from other stack template and you can see here are the supported functions we can use inside the import value the basics for finding map if join select split sub reference and so on all right this is just was a theory lecture actually we don't have any hands on on that but it's no big deal actually but you need to use the import and the export value inside the output name in your template to get across stack values so to exchange information or values between two different stacks so after you create it and implement that into your template and run it on your stack you can find that inside your outputs there are some outputs there so this is just an example as you can see this is a photo so you can find everything here inside the output tab we just that we just so inside the stack interface then we can use the key depends on the value and so on with using import and export depends on what your needs okay now cloud formation conditions now the optional conditions section contains statement that define the circumstances under which entries are created or confirmed so for example you can create a condition and then associate it with a resource or the output so that it is cloud formation only creates the resource or output if the condition is true so as you can see here you might condition you want to reuse template that you can create resource in different contexts such as test environment versus production environment the default regions specific regions and so on okay well actually it's better if we go to the examples but for that here are some important notes during start update you cannot update conditions by themselves you can update conditions only when you include chains that add modify or add all the resources okay so here are some of that or here the syntax the conditions then you bought your logical id the intersec function which are the and equals if not all right okay so here are some example using the amel as you can see add the last template format virgin the mappings that with the region map and depends on the region all of that okay now the parameters here the n type the description environment type the default is test the type here is string and the allowed values either brought or test and the constraint description you must specify brought or test so this is something we already saw as a hand zone the parameter when we add and typed our parameter manually when we created or even updated our stack actually so when you update or create a stack you provide the parameter which is the n type either it is test or brought and if you didn't specify anything it will be test okay now let's scroll scroll here we will use the conditions so create brought resource if it is equal to as you can see here reference n type brought so if it if the create brought resources if it is if the environment is equal to brought from the n type here so if the environment is brought then we will create a brought resources and then we will use that inside all the resources we want okay let's have a look actually so here's the first resource the easy to instance here the image find in map whatever the mount point as you can see so the type is volume attachment we want to attach this volume wherever some volume the condition here to create brought resources so if we specified manually the remember when we specified manually the parameter so here we will if we specified the parameter the n type as a brought then we can attach this volume as you can see because we specify the condition to be create brought resources and if you go up here to the conditions to the create brought resources the crowd the create brought resources is equal to type is equal so which means that if the n type is brought or equal brought as you can see equal brought so n type equal brought then yes go and create brought resources so the condition must be true if you specified as a brought your condition as a brought your n type i mean your parameter then you can create and attach the volume here are the brought vertices instances id volume id and so on let's scroll down again here you can see that we have a new volume now we will create a new volume for this easy to instances instance the type is volume and we have again a condition so and the condition is create brought resources so the condition is create brought resources we will go up to the to the conditions to the create brought resources which is this one if the inf type equal to the brought but don't forget to brought the reference in type because the inf type here is parameter as you can see as you can see the inf type is inside the parameter so we referenced the inf type if the inf type is equal to brought and again we entered or we specify that manually don't forget that if it is equal to brought then everything is good the your condition must be okay or equal yes it is equal which means this is true so the condition is true so everything work fine we can create a new volume and the size is 100 meg 100 gigabyte availability zone get the tribute from this as availability zones and here the outputs the volume id for the outputs and the condition as again to output that so we can use it on another stack for cross region and cross stacks if the condition create brought resources then yes the value reference new volume which is this one as you can see we put it as outputs so we can export it we can import it as much as we can for this stack okay so far so good all right thanks for watching i will see you in the next lecture now for the intrinsic functions now we already saw some of the intrinsic functions so as you can see a diverse cloud formation provides several built-in functions that help you manage your stacks and you can use the intrinsic something in your template to assign values to properties that are not available and in runtime as you can see so you can use intrinsic functions only in specific part of a template currently you can use intrinsic function in resource properties outputs metadata attributes and update policy attributes as you can see you can use it to conditionally create stack resources so here are the intrinsic functions like base 64 c id r condition functions so if we have look here like the end equals if not all and all of those find in map get attributes get az which is the availability zones import value join select split sub transform reference okay now you can use them depends on what you need okay well this was actually a short lecture okay thanks for watching i will see you in the next lecture all right now let's start with the cloud formation user data okay now the user data is something we already saw when we launched our instances so when you launch your instance and you want to run specific commands for example you can put whatever you want as a user data and i assume that this is something you already saw actually and used so this is just an example of the user data as you can see here so for example you want your update why and you want to install the batch server you want to make the user mode as a batch change the owner of this www the directory and so on there are a lot of commands actually then put the php here symbol php command inside the php info to php so you go to the php to info using your public ip address now this is just a simple example now one thing i want to mention is is the user data output will be here var log cloud init dash output dot log so all the output of the user data commands will be here okay now and this is something we will write away okay so don't worry okay now this is regarding the ec2 now regarding that cloud formation it is just the same but we implement that as a code inside our template okay so let's have a look here so here as you can see the user data dot ml file uh don't worry i already upload this file you can find it as a downloadable content okay in this section sorry in this lecture okay now here we put parameters but this time as a key you can see so here you need to have at least a key bear as such for connecting that's already created so you can type its name here and next next okay so for the resources it is the instance as you can see just as in the instance t2 micro and the key name as you can see now we used the key name and we referenced the ssh key which is the something we provide in the parameter and here the security group for the ssh security group okay which is something we i think we already saw that which is allowed from everywhere and 80 allowed from everywhere okay now what is new here is the user data as you can see here so user data here if you notice it is inside the properties for this instance so the user data for this instance will be like this we used the intrinsic function base 64 because the user data must be base 64 after all okay must be encoded using the base 64 either you encode it and put the encoded here the base 64 encode here or you can use the intrinsic function which is the f and base 64 okay now now we will use the vertical pipe here so you can put multi lines okay so this used actually to provide a multi line okay so bin bash dash xe which means that execute everything show us the execution and exit if there are any errors you can read more about it yum update dash y yum install the sttpd which is the batch started enable it so on startup it will run on startup and equal hello word from user data and we will put it in the bar w index.html okay this is just a symbol user data actually we want to install a batch and then we put a symbol hello word inside it okay now let's see the hand zone here we will create a new stack the template is ready we want to upload it we will choose the user data .yml next here the stack name user data stack or put any name but now we have a parameter which is the ssh key as you can see you can choose i have a lot of ssh key bears i will choose this it's okay just create one if you don't have yeah actually i forget without underscore must be dashes like this the name let's put name and put this this stack it's okay no iam role no policy no nothing okay so go next and as you can see we are ready now let's create the stack all right now the stack create in progress so let's wait a little bit until it is created successfully all right everything is created successfully as you can see the state complete for the user data stack there my instance the ssh security group and so on all right now if i have a look on the resources you can see that we have this instance now if i go to it like this now here is the stack we want now and with and it has a public ip address so if i scroll down you can see the key bear name is tt as you can see so everything is right the tags here you can see that it has the cloud the stack id the stack name the logical id and for the security you can see that we have everything allowed from board 80 and board 22 as you can see this is the security group all right now let's connect to it and check that first and i will connect using the browser actually all right so if i go to cat bar log cloud init dash output dot log you can see that we have all the information here so as you can see clean up download this download this as you can see we downloaded and installed Apache and as you can see there are other packages that have been downloaded you can see that we have other file which is the cloud init logs and here you can see that if you want to debug more okay now if i take the public ip address and i want to check now it should give us hello world from user data so everything is working fine now as you can see in this lecture you learned how to use user data in your template in your cloud formation template and you can update that you can use that as much as you want okay all right i will see you in the next lecture all right now for the cloud formation cfn init well the cfn init is the same as user data but cfn init is used when your user data or your running commands are very complex or let's say they are complex somehow all right as you can see the cfn init hilba script reads template metadata from the AWS cloud formation init key and adds accordingly to fetch and bars metadata from AWS cloud formation install packages write files to disk enable or disable start or stop services all right so far so good so let's have a real quick example here so as you can see this example and you can install specific things do specific things and so on okay now just have a look on the syntax here you can see that it is the same we use user data and we use 64 okay now let's start with the hands on actually i already uploaded a file which is called cfn init as you can see now this is um real life actually it is better than that that example so you can see that here the same we have the parameter for the key bear there is instances the resources which is for the resources the instance and it is the same this is am i t2 micro the sr key for the security group but now for the user data now it is somehow different okay so if you have a look here for the user data this time we used sub as you can see so if i return here you can see that in the user data for the user data yaml in the user data we use base 64 and we put the vertical vibe and we put all the scripts all all the commands we want all the bash commands but here we use the sub intrinsic function and we use the vertical pipeline and here we put bash for xe so then we gain update dash y aws cfn bootstrap so this to get the latest transformation packages and when then we will start the cfn init script or utility so you can see opt aws bin cfn init dash s for the aws stack id this is the stack id dash r for this instance for the logical id as you can see for the region the region that the stack in and if there are some errors so we will put this error exit failed to run cfn init okay so if we have or if we paste any error okay so far so good right it's just the user data we use 64 and but this time we use sub with the vertical pipe not just the vertical pipe okay now here the new things actually is which is the metadata okay so you can see that but as you can see this is not inside the properties this is inside the instance at the same level of type or properties as you can see the metadata is inside that my instance here as you can see we have we the metadata is inside it okay but the user data is inside the properties for the instance okay and the metadata here as we saw as we talked about so the metadata here is inside the my instance and this as you can see we have comment for this metadata we want to install a simple abatchy abatchy so aws cloud formation in it actually these are from the official documentation and this is from the aws they have its own format okay this is the format so aws cloud formation in it config we want to boot a packages or use specific packages and for these packages we want to we're using yum packages and the name of the package is httbd which is the abatchy server and then we have these files as you can see the files here is inside the config again the packages is inside the config and we have yum httbd and the files is inside the config as you can see two spaces here one two okay the same for this one two as you can see the files inside the config okay and for the file this file the www html index.html the content of it will be like this hello world from ec2 instance this was created using cfn in it okay and you as you can see this is h1 and this is abarabra all right and the mod for this file will be like this then we will use the commands and again the commands inside is inside the config the same level as provides the same levels as packages and the command is hello world as you can see and command eco hello world all right and then the services and again the services on the same level as files as commands as packages which is inside the config then we have cv in it httbd enabled through ensure running through okay so we will make sure that the httb abatchy server is running correctly okay and again this is the same security group configuration and so on okay now as you can see this is i know we have written more things more lines and the yamel file now is bigger than the first one which is this one but actually this is if you have a complex setup or you have a lot of things you need to handle and you don't need to handle them in a simple way okay because user data actually is a symbol but cfn in it is more powerful powerful actually and in the next lecture we will talk about the cfn weight and signal and condition which is something very important and actually here's come the powerful of using cfn in it over user data but for now keep with me now let's run this actually again the cfn in it yam file i already upload it you can find it and download it as a as a downloadable content and if you want to practice with me step by step and actually i recommend okay so let's create a stack use a template cfn in it next the SSH key i will use tt here the name is test-name-stack next but anything for the tax permission the stack policy is the same next now as you can see everything is working fine let's create a stack now let's wait a little bit until it is created successfully okay now as you can see everything create complete now if i hit to the resources to the my instance as you can see then i want to connect to it actually so if the first if i copy the public ip address and put it here let's see you can see that we have everything as we expected which is hello world from easy two instances as a h1 tag and this was created using cfn which as a paragraph tag okay so everything working fine now let's connect to it actually and see inside it let's have a look on the logs and see what have been done so if i go to cat bar log cloud in it dash output do it look you can see that we already have downloaded the AWS cfn bootstrap which is something we we already saw here as you can see yum update that's why cfn bootstrap and if i scrolled up a little you can see that we have downloaded that all the packages needed for the hctpd which is the Apache server all right so far so good now in the next lecture we will talk about the cfn weight how to use cfn in it with the weight condition and a cfn signal and this is actually something very powerful and it is used to make sure that your instances that are configured correctly so how did we assume that this worked fine or worked 100% we didn't we just assume it is working but we didn't make sure it is running as we as we as expected so in the next lecture we will learn that okay i will see you there all right now the cloud formation cfn signal now as you can see the cfn signal help script signals AWS cloud formation to indicate whether amazon ec2 instances have been successfully created or updated okay or if you install and configure software application in your instances so you can signal AWS cloud formation when those software applications are okay so you will use cfn signal with the weight condition with the creation policy as you can see here are some of the examples if you check the official documentation but don't worry about that actually i already upload a script as you can see which is the cfn signal dutyml you can find that as a downloadable content as you can see the cfn signal dutyml the same thing as you can see the barometer the resources the same thing but here on the inside the user data we have the after we install or update our AWS cfn bootstrap after we run the cfn in it utility here we run the cfn signal as well and we execute the dollar sign question mark here and this is a bash script actually or this is a bash which means that the previous command did it run correctly or did it run wrong okay so if it did run correctly we will go to the to this stack id to the resort sample weight condition and this is something we will see it here and for the region for the current region for the stack okay so we will boot or we will send this signal to the sample weight condition which is this one all right and we will send either if it is run correctly or if it is run wrong so as you can see this command which is the cfn in it if it is run correctly we will send that we will send that to the sample weight condition yes it is run correctly if it is run wrong we will send that to the way sample weight condition it is run wrong okay now again i already uploaded this file as downloadable content you can find it يجب أن تحاوله ويجب أن تحاول ذلك مرحباً حسناً so this is the same actually from the previous but for the sample weight condition now as you can see we used the creation policy and the resource signal here we put a time out we will wait two minutes and the count as you can see is one so we will receive one signal and here as you can see the type is aws cloud formation weight condition okay so we will wait two minutes if within two if after two minutes nothing received we will make there is a problem heaven or cloud formation will declare that this is there is something wrong okay okay now let's test that right away actually here create a stack upload a template file cf and signal this time next the stack name anything test stack the key i will use dte like this and whatever tags you want permission no permission nothing just click next and create the stack so if i refresh here as you can see it is create in progress let's wait a little bit you can see that we have a sample weight condition that create on in progress again sample weight condition but this resource created initiated now let's have a look here for the as such security group created successfully the instance create in progress resource creation initiated now you can see that the instance create complete now you can see that this stack is complete as you can see so if you notice here you can see that at 458 but the first thing at 456 so let's see the sample weight here at 456 and here at 458 as you can see we waited two minutes until everything then we give it as you can see the weight condition here yeah actually the sample weight condition as you can see we received the signal and the sample weight condition is create complete which means that everything is working fine okay so this means that we made sure that the EC2 instances are configured correctly 100% no errors nothing wrong happened and so on okay by that you can guarantee your servers are running fine without any issues or any problem and you can see you can check the resources as well as the parameters which is that such key we implement all right thanks for watching i will see you in the next lecture all right now let's start with the rollback so rollback actually as simple as that if we face any problem or any error we will roll back we will return to the previous version or previous template all right and we will delete every resource in the current stack but sometimes we need for the rollback to be disabled so we can investigate as such into the instances for example and investigate why there is error on something so if we go to here and i choose next just type anything actually i'm just showing you and you scroll down you can see that inside the stack creation options here is the rollback on failure so specify whether the stack should be rollback if stack creation fails so either it is enabled or disabled and as well as you can type the time out before stack creation times out okay and here you can put determination protection as well so if we face any failure we will just rollback or if we face any failure no don't rollback don't delete anything don't delete the created resources we want to as such into them and investigate why this happened it is this as simple as that actually okay all right now working with nested stacks now nested stacks are stacks created as part of other stacks so you can create a nested stack within another stack by using the adbs cloud formation stack resource all right so as you can see as the description if your instructor is a gross common pattern can emerge in which you declare same component in multiple templates so you don't need to use that over and over okay actually this is bad practice but the best practice is to use an nested stack so as you can see this example assume that you have a load balancer configuration that you use most of your stacks instead of copying and testing the same configuration into your templates over and over you can just create a dedicated template for the load balancer then you can just use the resource to reference that template from within other templates and this is the best practice all right so let's see this diagram well actually I intended using the AWS configuration because I want you to get used to it so you can see that we have all the information in the official documentation so for example here let's say this example this diagram so this is the stack A as you can see is the root of all other stack nested stacks in hierarchy this is the green one which is A so stack B stack A is both baron stack as well as the root stack so as you can see A we have stack B so stack B is baron for the stack C and as you can see the green one is the root stack the gray one is the nested stack and this blue line is the baron which means C stack is baron to D stack and B stack is baron to C stack as well as A for B and the orange line you can see this means the root so with what is the root for D the root for D is the A stack and the root for C and B as well is the A stack all right so you can see here for stack D stack C is the baron stack while for stack C stack B is the baron stack as I told you all right so here is as you can see this is considered a co-opist practice actually okay now you can read more actually but I already prepared a template and I upload it as a downloadable content you can see this now actually I got this from the official documentation to be honest so you can see that we have the parameters here the same thing with the SSH key bear now for the resources now this time we have the my stack the logical ID and the type is cloud formation stack as you can see the properties is the template URL now you can see this is the template URL now this is now this is I got it from the ready templates provided by AWS you can see this is the single instance so if I copy and paste that actually here you can see this is the template cloud and the description and have the parameters the DB name and a lot of things actually it is very huge but for you for this the outputs you can see we have website URL the description URL for a newly created lamsta the value join HTTP with the get attribute of web server instance public DNS name as you can see all right so let's have another look again so for the parameters for this stack we have key name and reference the key name which is the SSH parameter so as you can see these parameters are exclusive for this stack all right so for this stack these parameters are only for this stack but this parameter for everyone or for everything in the template all right so the key name we will get it as a reference from the SSH parameter key for up here up there the DB name the db user db password the db root password instance type the t2 micro and as such location from anywhere to anywhere as you can see or there from anywhere and the outputs here we get a stack reference where the value from my stack here the for the value and the output from nested stack as you can see we use this now and the value will get attribute from my stack which is this one outputs the website URL there's something that I show you here from the URL it's copy and pasted again as you can see the website URL and the value as you can see all right so far so good all right now let's upload it and see what this again I already upload this file for you as a downloadable content if you want to practice step by step okay now let's create a stack here now let's upload a template its name is nested stack dot m the stack name is test the SSH key is tt as you can see next here if you want to enable or disable rollback on failure let's enable it or let's disable it as you wish next now you will see now something new here which is the capabilities so you can see the following resource require capabilities as you can see cloud formation stack this template contains IAM resources check that you want to create each of these resources as you can see I acknowledge that AWS cloud formation might create IAM resources with custom names I acknowledge that AWS cloud formation might require the following capability or to expand as you can see so you need to make sure because we used nested stacks here so this will just give you a warning you need to be aware of that's it so let's create the stack so you can see let's have a little let's wait a little until it is created and we will have a look okay now you will see that the stack we name it test that have been created completely okay now if I return to the stacks you can see that now we have two stacks actually the stack we created this one and we include and we upload the template and we have the nested stack and if I if you if you can see we have a nested stack here actually and this is a cloud this is the description for it and this is the one that we include it as a stack or as a nested stack so you can see that we have all the events here as you can see the resources the outputs you can see the outputs we have the website URL so if I click on it you can see that we have the phb.info file as well as the parameters and his here is the template as you can see the template the one that we provide as a nested but here on the test if I click on the template you can see that we have the template and we have this as a stack as you can see the type is stack on inside the resources and use its own parameters all right one last thing if you deleted the test stack the stack you created or the root stack that all of the nested stack will be deleted as you can see so this one have been deleted and if I try to delete the nested stack it will warn me that don't know you need to delete the root stack or you need to go to the root stack and it will give you some warning all right thanks for watching all right now let's start with the cloud formation change sets well actually when you need to update a stack understanding how your changes will affect your running resources before you implement them as you can see before you implement them can help you update stacks with confidence so change sets here allow you to preview how to propose changes to a stack that might impact your running resources so for example whether your changes will delete or replace any critical resources adbs cloud formation makes the changes to your stack only when you decide to execute the change set allowing you to decide whether to proceed with your proposed changes or explore other changes so let's scroll down here as you can see we have this diagram and this is from the official documentation of AWS now the first thing this is the origin stack you need to create or modify it you just create a change set so after you create a change set these are the changes for example you can view the change set so you can view them I will replace this for this and I will add more delete more and so on now if you are not satisfied you can as you can see this is the third create additional change set until you are satisfied then you can see the fourth step here execute the change set and you will update your stack okay okay now let's have a real quick now okay I will create a stack and the stack will be a symbol EC2 actually this one actually the one that we used the first on the from the first lecture as you can see just a symbol EC2 server our instance with this AMI ID and on the north virginia with T2 micro okay and I want to make a change set using EC2 with SG and EIB the one that we used when we updated our stack okay so this one's okay all right so the first thing I will make an EC2 instances symbol all right symbol one the stack name is symbol stack next you can just put anything we don't need any let's go next and then we create the stack now let's wait until it is created all right now the symbol stack has been created completely now you will go to the change set from here and you will create a change set okay so here we will use the current template or edit the template in designer or replace the current template but we want to replace it with the EC2 with SG and EIB YAML file okay actually we used this file when we updated our stack after we created it now you may ask me but what is the difference actually between the update and the change set when actually we already talked about the update will update immediately without warning you or anything but the change set will give you what will be updated what we will do what we until until you are satisfied then you can execute it now we will see right away so from here as you can see we'll go to the next the description anything it's okay anything it's no big deal the IAM role nothing IAM role nothing here next and you can see if I scroll down everything is working fine create the change set here is the change set name and the change in description let's create and change it for now this is just a test as you can see the status create binding let's wait until it is complete yeah as you can see the status create complete here the execution status is available now if I scroll down you can see that the changes these all of the changes I have I added my EIB elastic IB address as you can see the source type is elastic IB address I modified that my instance with this physical ID to something else the replacement which means true I added another or I added this security group and I added this security group now this is something we already saw actually on the update lecture actually but the difference again it is we cannot apply these these haven't been applied actually these updates or these changes haven't been applied yet it will be applied until I press the execute button so if I am satisfied yeah everything it's okay everything is as I wish so I can execute now now as you can see it has been executed now let's wait until it is updated for the symbol that one we created with the symbol easy to instance now as you can see the create update in progress create in progress and as such security has been created the server security has group has been created my instance has been created updated completed as you can see my EIB create in progress now the my EIB create complete and you can see that the symbol stack update complete cleanup in progress as you can see my instance delete in progress which is the older one because we already replaced it as we saw on the changes tab now you can see that my instance delete complete and the symbol stack updated complete so if I go to the resources here yeah you can see that we have my EIB the instance ID and with the physical ID as you can see the status everything is complete 100% and then we have everything as expected now for these two yaml files I already uploaded them actually on the lecture that we created the symbol easy to and the lecture that we updated the easy to with security group and these resources so I think I will not upload them over and over on this lecture all right so you can just download them from those lectures because actually they are the same all right okay I will see you in the next lecture now for the depends on attribute so you can use the depends on attribute to specify that creation of a specific resource follows another so you when you add a depends attribute to a resource that resource is created only after the creation of the resource specified in the depends on attributes all right so you cannot create anything the until that's that we depends on is created okay now let's have a look actually there are a lot of examples here but I already uploaded one here yeah which is the depends on yaml file as you can see so here are some of the mappings depends on the region and the AMI for that region and the resources we have easy to instance but you can see that yeah and the image ID as you can see we are taking this depends on the region we are in now you can see that we have the attributes depends on and as you can see it is depends on the my db the logical ID inside the resource as you can see which is my db so my db here will create db rds instance it is 5 giga t2 micro my sequel the engine 5.7 this is the username this is the password and the deletion policy is delete so it will be deleted when we delete it so we will not have it as a snapshot or anything okay so we will not create easy to instance this instance we will not create it until we make sure that the my sequel or the my db is created successfully so until it is created successfully then finally we can create the easy to instance as simple as that all right so it depends on the my db so don't create easy to instance until the my db these things are created successfully then i can start creating these results which is the easy to instance all right well actually i will not handle that as a hands-on because you can just upload the stack and try it out actually you can see that it is working i tested it out actually as i took that actually from the official documentation from aws with some modification so you can see that we can use the depends on with a lot of use cases all right thanks for watching all right now for the drift detection so actually on our stack we can detect any drift that happened to the stacks so performing a drift detection operation on a stack determines whether the stack has drifted from its expected template configuration and returns detailed information about the drift status of each resource in the stack so these are the steps actually if you follow them from the official documentation but we will have our own so let's create a stack and let's upload the stack we will use the drift to tiamel file as you can see and this file we will create two security group 22 and 80 actually i got this from the official documentation the vbc id choose any vbc you have and the stack name test anything click next and next let's create the stack let's wait until it is created everything is created successfully now i will go to the resources and i will go to the asset security group to make sure that we have everything so you can see that yeah we have two security group the test as such security group and we have the test htp security group all right so far so good so here from the resources or from the test stack console interface so you can see that we have a stack actions so if i click here you can see that we have the view drift resort or detect drift okay so first thing i will click on detect to drift so by that i will detect if there are any drift happens to the stack from its expected template okay now detect a drift you can see that drift detection initiated for this stack id and if i click on view drift result you can see that the drift status is in sync and the last drift check is this time so the resources drift status as you can see for the htp and the asset security the resources on this stack they are in sync which means they have not been drifted at all okay but if i go for example to the htp security group and i edited the inbound for example and i added a new root so let's add 8080 or let's add 9000 for example and anywhere for example and i click on save so now it should give us there is something wrong right because i edit that manually and this is a bad practice actually so if i detect click on the detect the stack drift again it will initiate another drift detection for the stack id and if you can see now and i refresh you will see that the drift status is drifted now and we can see that which are the resources that have been drifted and we yes the one that drifted or modified as you can see is this one the htp that one that we saw actually if i click on it you can see that we can detect drift for resource or view drift details so you can you can just choose the resources you want to detect the drift for okay so for example you have 100 server for example you don't need to check them all or whatever you just need to check three of them okay you can just select them and detect the drift for this for these resources all right but in our case we have this security group and you can see the view drift details and you can see all the details we have so the differences as you can see the change is added we added two security group ingress or inbound as you can see from anywhere to the 9 000 tcb port and from this tcb port actually actually 9 000 as well okay so you can see the expected is like this but the actual one is like this so this is the difference and actually this is something very handy and can be used a lot to automate things to detect failures to detect manual modifications and so on okay شكرا for watching