Skip to main content
AWS Fundamentals Tutorial
CHAPTER 23 Beginner

AWS CloudFormation Infrastructure as Code

Updated: May 15, 2026
35 min read

# CHAPTER 23

AWS CloudFormation Infrastructure as Code

1. Introduction

Throughout this curriculum, you have been clicking buttons in the AWS Console to create VPCs, EC2 instances, and RDS databases. This "ClickOps" methodology is excellent for learning, but it is banned in professional production environments. Humans make mistakes. A developer might click the wrong checkbox and accidentally leave a database exposed to the internet. To achieve perfect security, repeatability, and version control, enterprise cloud architecture relies on Infrastructure as Code (IaC). In this chapter, we master AWS CloudFormation.

2. Learning Objectives

By the end of this chapter, you will be able to:
  • Define Infrastructure as Code (IaC) and explain its necessity.
  • Understand the purpose of an AWS CloudFormation Template.
  • Understand how CloudFormation builds a Stack.
  • Detect drift between deployed resources and code.
  • Contrast CloudFormation with third-party tools like Terraform.

3. Beginner-Friendly Explanation

Imagine building a house.
  • The Console Way (ClickOps): You walk onto the dirt lot, point to a spot, and say, "Put a wall here." Then you say, "Put a window there." It is chaotic, undocumented, and if you want to build an identical house next door, you have to remember exactly what you said.
  • The IaC Way (CloudFormation): You draw a highly detailed architectural Blueprint (A text file). You hand the Blueprint to a robot foreman. The robot instantly builds the house exactly to spec. If you want 10 identical houses in 10 different countries, you just hand the same Blueprint to 10 robots.

Infrastructure as Code allows you to write your AWS infrastructure as text, save it in GitHub, and deploy it perfectly every time.

4. CloudFormation Templates

A CloudFormation Template is a text file written in JSON or YAML. It acts as the blueprint. Here is a complete, fully functional YAML template that creates a perfectly configured S3 Bucket:
yaml
123456789 
AWSTemplateFormatVersion: '2010-09-09'
Description: A simple template to deploy an S3 Bucket.

Resources:
  MyCompanyBackupBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: my-unique-company-backup-12345
      AccessControl: Private

5. Stacks and The Deployment Engine

When you upload that YAML file to AWS, CloudFormation creates a Stack. A Stack is a logical grouping of all the resources defined in the template.
  • Creation: CloudFormation reads the file, figures out the correct order to build things (e.g., it knows it must build the VPC *before* it builds the EC2 instance inside the VPC), and provisions everything.
  • Updates: If you change AccessControl: Private to PublicRead in your text file and re-upload it, CloudFormation compares the new file to the running Stack, and *only* updates the specific setting that changed.
  • Deletion: The greatest feature of a Stack. If you want to destroy your architecture, you simply click "Delete Stack." CloudFormation automatically finds and deletes every single EC2 instance, database, and load balancer associated with that template in 30 seconds. No more orphaned resources costing you money!

6. Drift Detection

What if a rogue administrator logs into the AWS Console and manually clicks a button to open Port 22 on a Security Group that CloudFormation created? The physical infrastructure no longer matches the YAML blueprint! This is called Configuration Drift. CloudFormation has a "Detect Drift" feature. It scans your live resources, compares them to your YAML file, and flashes a massive red warning if someone manually tampered with the infrastructure, allowing security teams to instantly revert the unauthorized change.

7. Mini Project: Create an Infrastructure Template

Let's deploy infrastructure using code.

Step-by-Step Tutorial:

  1. 1. Open a text editor (like VS Code) on your computer.
  1. 2. Paste the YAML code from section 4 above. Save the file as my-bucket.yaml.
  1. 3. Open the AWS Console and search for CloudFormation.
  1. 4. Click Create stack -> With new resources (standard).
  1. 5. Select Template is ready, and then Upload a template file.
  1. 6. Choose the my-bucket.yaml file you just saved. Click Next.
  1. 7. Stack name: MyFirstIaCStack. Click Next.
  1. 8. Leave all tags/permissions as default and click Next.
  1. 9. Review and click Submit.
  1. 10. Watch the "Events" tab. You will see CloudFormation say CREATEINPROGRESS and then CREATE_COMPLETE.
  1. 11. Go to the S3 Dashboard. Your bucket was magically created without you ever clicking the "Create Bucket" button!

8. Best Practices

  • Treat Infrastructure like Software: Store your CloudFormation YAML files in Git repositories (like GitHub). When a team member wants to add a new server, they submit a Pull Request. The Lead Architect reviews the YAML code, approves it, and an automated pipeline deploys the new server.

9. Common Mistakes

  • Hardcoding Passwords: Never hardcode a database password into a CloudFormation template! If you commit the template to GitHub, the password is leaked. CloudFormation has a "Parameters" section allowing you to securely inject passwords at deployment time, or fetch them dynamically from AWS Secrets Manager.

10. Exercises

  1. 1. Define "Configuration Drift" in the context of Infrastructure as Code.
  1. 2. What is the primary operational advantage of grouping AWS resources into a CloudFormation "Stack" when it comes time to decommission a project?

11. MCQs with Answers

Question 1

Which of the following best describes the core philosophy of Infrastructure as Code (IaC)?

Question 2

You have a complex CloudFormation template deploying 50 different resources. You realize you misspelled the name of an S3 bucket in the template. If you fix the typo in the YAML file and update the stack, what will CloudFormation do?

12. Interview Questions

  • Q: Explain the concept of Infrastructure as Code (IaC). How does adopting AWS CloudFormation eliminate human error and improve disaster recovery times?
  • Q: Compare AWS CloudFormation with HashiCorp Terraform. Why might an enterprise architect prefer Terraform over CloudFormation despite CloudFormation being native to AWS? *(Hint: Look up multi-cloud deployments).*

13. FAQs

Q: Is Terraform better than CloudFormation? A: "Better" is subjective, but Terraform is the broader industry standard. CloudFormation ONLY works on AWS. If you write a CloudFormation template, you cannot use it to build a server on Google Cloud. Terraform is cloud-agnostic; learning Terraform allows you to deploy infrastructure to AWS, Azure, and Google Cloud using the exact same toolset.

14. Summary

In Chapter 23, we matured from manual Console "ClickOps" to the professional realm of Infrastructure as Code (IaC). We utilized AWS CloudFormation to translate our architectural diagrams into declarative YAML blueprints. We learned how CloudFormation's deployment engine orchestrates complex provisioning, drastically reducing human error and enabling perfect repeatability. Finally, we explored Stacks and Drift Detection, securing our ability to instantly audit, update, and cleanly destroy massive cloud environments.

15. Next Chapter Recommendation

CloudFormation builds the backend infrastructure. But what if you are a Frontend React developer who just wants to host a web app and add a login screen without writing YAML or touching servers? Proceed to Chapter 24: AWS Amplify for Frontend Apps.

Finish this Chapter

Save your progress on your learning path and prepare for coding interview challenges.

Previous Chapter AWS EKS and Kubernetes Introduction
Next Chapter AWS Amplify for Frontend Apps

Discussion

Join the discussion

Log in or create a free account to participate.

Sort: ·

Explore More

📖 Related Tutorials 5

Related Quizzes 6

🎥 Related Videos 1