- Author an AWS CloudFormation template that declares an AWS::EC2::Instance resource and any supporting resources (Security Groups, EBS Volumes, IAM Roles/InstanceProfiles, etc.).
- Deploy the template to AWS CloudFormation by creating a stack.
- CloudFormation provisions the declared resources and launches the EC2 instance as part of the stack.
- Update or delete the stack to change or remove the instance and its related resources; CloudFormation manages dependencies and lifecycle transitions.
| Property | Purpose | Example / Notes |
|---|---|---|
| InstanceType | VM size (CPU/Memory) | t3.micro |
| ImageId | AMI ID (region-specific) | ami-0abcdef1234567890 |
| KeyName | EC2 key pair for SSH access | my-keypair |
| SecurityGroupIds / SecurityGroups | Network access controls. Use SecurityGroupIds with VPCs. | !Ref InstanceSecurityGroup |
| BlockDeviceMappings | Root or additional EBS volumes | Configure size, volume type, delete-on-termination |
| UserData | Bootstrapping scripts (base64-encoded) | Use !Base64 or Fn::Base64 |
| Tags | Metadata for identification | Key/Value tags for cost center, env, etc. |
| IamInstanceProfile | IAM role attached to the instance | Attach for instance permissions |
!Base64 (Fn::Base64) for UserData so CloudFormation encodes it correctly:
- CloudFormation validates the template format and parameters.
- It creates the stack and provisions resources in dependency order.
- CloudFormation reports status updates (for example, CREATE_IN_PROGRESS, CREATE_COMPLETE, CREATE_FAILED).
- If creation fails, CloudFormation typically rolls back the stack to the previous stable state (or deletes it if it was the initial create), unless rollbacks were disabled.
| Status | Meaning |
|---|---|
| CREATE_IN_PROGRESS | Stack creation is underway |
| CREATE_COMPLETE | Stack created successfully |
| CREATE_FAILED | Creation failed (may trigger rollback) |
| UPDATE_IN_PROGRESS | An update is being applied |
| UPDATE_COMPLETE | Update finished successfully |
| ROLLBACK_IN_PROGRESS | CloudFormation is undoing changes after a failure |
- You can update a stack by submitting a modified template and/or changing parameters.
- CloudFormation attempts to update resources in place when possible, but some property changes force replacement (delete + create).
- For EC2 instances, many changes—such as altering ImageId, certain network properties, or instance type in some contexts—may trigger instance replacement.
- Plan for replacement: persist important data externally (EBS snapshots, separate EBS volumes mounted with DeleteOnTermination=false, or S3) and prepare for downtime or use Auto Scaling Groups for more controlled rolling replacement.
Choose the AMI (ImageId) that matches your region and instance architecture. AMI IDs are region-specific; avoid hard-coding an AMI from another region unless you implement mapping logic (for example, Parameterized mappings or SSM ParameterStore lookups).
Some EC2 property changes in CloudFormation will replace the instance. Plan for downtime and persist critical data outside the instance (EBS snapshots, separate EBS volumes, or Amazon S3) to avoid data loss.
- Use
Fn::Base64/!Base64for UserData to ensure proper encoding. - Use CloudFormation metadata plus cfn-init and cfn-signal for structured bootstrapping and to support CreationPolicy/WaitCondition semantics.
- Provide CloudFormation with sufficient IAM permissions. Use a CloudFormation service role for cross-account or fine-grained provisioning control, or run operations with a user/role that has the necessary permissions.
- Separate mutable artifacts (application code, configuration) from the AMI/instance lifecycle. Consider baking AMIs with Packer or use Auto Scaling Groups and configuration management tools for immutability.
- Use CloudFormation mappings or SSM Parameter Store to resolve region-specific AMIs rather than hard-coding AMI IDs.
- For production, tag resources consistently for cost tracking and operational clarity.
- AWS CloudFormation documentation
- Amazon EC2 documentation
- Amazon S3 documentation
- Kubernetes Basics (conceptual reference)
- Relevant course resources: