CloudFormation Template支持两种格式:JSON和YAML,可以将模板文件保存为任何扩展名,比如:.json, .yaml, .template, .txt。YAML语法更简捷易读,并且支持注释,但CloudFormation Designer目前只支持JSON。
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "A sample template",
"Resources" : {
"MyEC2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"ImageId" : "ami-2f726546",
"InstanceType" : "t1.micro",
"KeyName" : "testkey",
"BlockDeviceMappings" : [
"DeviceName" : "/dev/sdm",
"Ebs" : {
"VolumeType" : "io1",
"Iops" : "200",
"DeleteOnTermination" : "false",
"VolumeSize" : "20"
AWSTemplateFormatVersion: "2010-09-09"
Description: A sample template
Type: "AWS::EC2::Instance"
ImageId: "ami-2f726546"
InstanceType: t1.micro
KeyName: testkey
DeviceName: /dev/sdm
VolumeType: io1
Iops: 200
DeleteOnTermination: false
VolumeSize: 20
Template Anatomy
Learn Template Basics
参数类型除String、Number、List<Number>、CommaDelimitedList外,还支持特定的类型,比如AWS::EC2::KeyPair::KeyName、AWS::EC2::AvailabilityZone::Name、AWS::EC2::SecurityGroup::GroupName等,用户必须指定其账户中现有的 AWS 值。
在通过CloudFormation Console创建Stack时,参数默认是按字母排序的,如果参数多看起来会很乱,不易查找,这就需要借助Metadata了,AWS::CloudFormation::Interface用于定义参数在CloudFormation控制台中的分组和排序方式:
"Metadata" : {
"AWS::CloudFormation::Interface" : {
"ParameterGroups" : [
"Label" : { "default" : "Network Configuration" },
"Parameters" : [ "VPCID", "SubnetId", "SecurityGroupID" ]
"Label" : { "default":"Amazon EC2 Configuration" },
"Parameters" : [ "InstanceType", "KeyName" ]
下面的代码演示了CloudFormation中cfn-init和shell的使用。AMI使用了RHEL 7,其中包括安装cfn-init、awscli、awslogs,配置DNS、awscli、awslog等。
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"InstanceTest": {
"Type": "AWS::EC2::Instance",
"Metadata": {
"AWS::CloudFormation::Init": {
"configSets": {
"Install": [
"Install": {
"packages": {
"yum": {
"ntp": [],
"nfs-utils": [],
"rpcbind": []
"files": {
"/etc/sysconfig/network-scripts/ifcfg-eth0": {
"content": { "Fn::Join": ["", [
"owner": "root",
"group": "root"
"/root/.aws/config": {
"content": { "Fn::Join": ["", [
"output = json\n",
"region = cn-north-1"
"mode": "000600",
"owner": "root",
"group": "root"
"/root/.aws/credentials": {
"content": { "Fn::Join": ["", [
"aws_access_key_id = AKIAPM6UDU6DGZPYXXXX\n",
"aws_secret_access_key = CrYrR/LeiDXJWbAX3KQwFnaScDU0zGE+XXXXXXXX"
"mode": "000600",
"owner": "root",
"group": "root"
"/root/.aws/awslogs.conf": {
"content": { "Fn::Join": ["", [
"state_file = /var/awslogs/state/agent-state\n",
"datetime_format = %Y-%m-%d %H:%M:%S\n",
"file = /var/log/messages\n",
"buffer_duration = 5000\n",
"log_stream_name = server-log\n",
"initial_position = start_of_file\n",
"log_group_name = /var/log/messages"
"mode": "000600",
"owner": "root",
"group": "root"
"commands": {
"1-timezone": {
"command": "timedatectl set-timezone UTC",
"ignoreErrors": "true"
"2-groups": {
"command": "groupadd -g 1001 monet",
"ignoreErrors": "true"
"3-users": {
"command": "useradd -d /monet -g monet -u 1001 monetmanager\nchmod 755 /monet ",
"ignoreErrors": "true"
"services": {
"sysvinit": {
"ntpd": { "enabled" : "true", "ensureRunning" : "true" },
"rpcbind": { "enabled" : "true", "ensureRunning" : "true" },
"nfslock": { "enabled" : "true", "ensureRunning" : "true" }
"Properties": {
"AvailabilityZone": "cn-north-1a",
"DisableApiTermination": "false",
"EbsOptimized": "false",
"ImageId": "ami-3ce23651",
"InstanceInitiatedShutdownBehavior": "stop",
"InstanceType": "t2.small",
"KeyName": "Prod Key Pair",
"Monitoring": "false",
"PrivateIpAddress": "",
"SecurityGroupIds": [
"Fn::ImportValue": "prod-network-sg-private-id"
"SubnetId": {
"Fn::ImportValue": "prod-network-subnet-private-id"
"BlockDeviceMappings": [
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": "30"
"Tags": [
"Key": "Name",
"Value": "test-ec2"
"UserData": {
"Fn::Base64": {
"Fn::Join" : ["", [
"# Install cfn-init\n",
"curl -O https://bootstrap.pypa.io/ez_setup.py\n",
"python ez_setup.py\n",
"easy_install --script-dir /opt/aws/bin https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz\n",
"# Install the files and packages from the metadata\n",
"/opt/aws/bin/cfn-init -v ",
" --stack ", { "Ref" : "AWS::StackName" },
" --resource InstanceTest ",
" --configsets Install ",
" --region ", { "Ref" : "AWS::Region" }, "\n",
"# Install awscli\n",
"curl -O https://bootstrap.pypa.io/get-pip.py\n",
"python get-pip.py\n",
"pip install awscli\n",
"# Install awslogs\n",
"curl -O https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py\n",
"python ./awslogs-agent-setup.py --region cn-north-1 --non-interactive --configfile=/root/.aws/awslogs.conf\n",
"# Delete installation files\n",
"rm -f get-pip.py ez_setup.py setuptools*.zip awslogs-agent-setup.py\n"
下面演示了在Windows 2016上通过powershell安装DNS:
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"InstanceDNS": {
"Type": "AWS::EC2::Instance",
"Properties": {
"AvailabilityZone": "cn-north-1a",
"DisableApiTermination": "false",
"EbsOptimized": "false",
"ImageId": "ami-2797404a",
"InstanceInitiatedShutdownBehavior": "stop",
"InstanceType": "t2.small",
"KeyName": "Prod Key Pair",
"Monitoring": "false",
"PrivateIpAddress": "",
"SecurityGroupIds": [
"SubnetId": "subnet-a65208c3",
"BlockDeviceMappings": [
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": "30"
"UserData": { "Fn::Base64" : { "Fn::Join" : ["", [
"Install-WindowsFeature -Name DNS -IncludeManagementTools\n",
"Add-DnsServerPrimaryZone -Name \"iata.org\" -ZoneFile \"iata.org.dns\"\n",
"Add-DnsServerResourceRecordA -Name \"test\" -ZoneName \"iata.org\" -AllowUpdateAny -IPv4Address \"\"\n",
"Tags": [
"Key": "Name",
"Value": "test-dns"
AWS CloudFormation Console提供图形化的Template设计器,支持拖拽操作,集成JSON编辑器,支持自动完成功能。
使用CloudFormation Designer的拖拽功能,或用其打开已有的Template会增加组件位置信息,这些信息在实际应用中是没有必要的,也增加了Template的复杂度,故本人只利用它的自动完成功能,要编辑已有的Template时,使用Copy/Paste的方式。
【Ctrl+Shift+Space】 显示提示列表
【Ctrl+F】 搜索
【Ctrl+\】 格式化Template(会删除所有空行)
【Ctrl+Shift+\】 删除所有空格
CloudFormation提供了大量的示例模板Sample Templates可供学习,其中China Region的示例较少,推荐US West (Northern California) Region。比如Services中下面的示例,全面演示了从创建VPC到EC2。
Creates a VPC and adds an Amazon EC2 instance with an Elastic IP address and a security group
CloudFormer是模板创建工具,可从现有AWS资源创建CloudFormation Template,用来作为初始Template,是学习Template语法结构的好工具。
CloudFormer使用很简单,它是一个CloudFormation Stack,可从CloudFormation Console创建,创建后在一个EC2实例上运行,不需其他资源。
登录CloudFormation Console > Create New Stack > Select a sample template > CloudFormer > Next > 输入Stack name、Username、Password > 根据提示信息完成后续步骤
点击CloudFormer Stack选项卡Outputs中的链接,输入用户名,密码即可启动CloudFormer。然后Select the AWS Region > Create Template > 一步步的选择要创建模板的资源。
注:如出现错误NoMethodError in TemplatesController,可能是资源配置有问题,试着减少一些资源。
You must provide the stack name, the location of a valid template, and any input parameters. If you specify a local template file, AWS CloudFormation uploads it to an Amazon S3 bucket in your AWS account.
$ aws cloudformation create-stack --stack-name myteststack --template-body file:///home/testuser/mytemplate.json --parameters ParameterKey=Parm1,ParameterValue=test1 ParameterKey=Parm2,ParameterValue=test2
Note The aws cloudformation list-stacks command returns information on deleted stacks for 90 days after they have been deleted.
$ aws cloudformation list-stacks --stack-status-filter CREATE_COMPLETE
$ aws cloudformation describe-stacks --stack-name myteststack
By default, aws cloudformation describe-stacks returns parameter values. To prevent sensitive parameter values such as passwords from being returned, include a NoEcho property set to TRUE in your AWS CloudFormation template.
You can track the status of the resources AWS CloudFormation is creating and deleting with the aws cloudformation describe-stack-events command. The amount of time to create or delete a stack depends on the complexity of your stack.
$ aws cloudformation describe-stack-events --stack-name myteststack
$ aws cloudformation list-stack-resources --stack-name myteststack
AWS CloudFormation stores the template you use to create your stack as part of the stack.
$ aws cloudformation get-template --stack-name myteststack
You can validate templates locally by using the --template-body parameter, or remotely with the --template-url parameter.
$ aws cloudformation validate-template --template-url https://s3.amazonaws.com/cloudformation-templates-us-east-1/S3_Bucket.template
$ aws cloudformation validate-template --template-body file:///home/local/test/sampletemplate.json
$ aws cloudformation delete-stack --stack-name myteststack
