1. Don't specify a resource name, unless absolutely must doing so. This way you can avoid names clashes, since CloudFormation will automatically assign unique names to your resources.
2. If you need to specify a name, include the stack name in it. This way you will reduce the potential name clashes. You can also include a partition and region for resources that are available globally (e.g. S3 bucket names). Note that this will NOT prevent the potential naming clash completely, since somebody else can also use the same name.
3. When creating any IAM resources in your stack, make sure to add DependOn in the resources that use these IAM resources. Apparently CloudFormation is not smart enough to resolve this dependency tree and handle it without additional configuration.
4. Sometimes the names the CloudFormation will give to your resources is completely unrelated to the stack name. Include the ARN of such resources in the Outputs, so you can easily find them later, when needed.
5. Very common scenario in AWS is a S3 bucket that fires events to SNS or SQS, when a file is uploaded. Apparently it's impossible to create it in single change. See this post.
See also:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # When using parameters, use AWS predefined types when applicable | |
| # See http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html | |
| Parameters: | |
| # The user will be able to choose from the list of available subnets | |
| Subnets: | |
| Description: List of subnets | |
| Type: List<AWS::EC2::Subnet::Id> | |
| # The user will be able to choose from the list of available security groups | |
| SecurityGroup: | |
| Description: List of Security guides | |
| Type: AWS::EC2::SecurityGroup::Id | |
| # Pseudo parameters are parameters that are predefined by AWS CloudFormation | |
| # Looks at AWS::StackName in the example below | |
| # See http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/pseudo-parameter-reference.html | |
| AWSBatchFullAccessPolicy: | |
| Type: "AWS::IAM::Policy" | |
| Properties: | |
| PolicyName: !Join ["_", [!Ref "AWS::StackName", "AWSBatchFullAccess"]] |
1 comment:
Post a Comment