AWS CloudFormation: Cross-stack & Nested stacks

I want to share with you a current topic: managing and provisioning IT infrastructures with IaC (Infrastructure as Code). The main goal of IaC is to automate much of the architecture and management of the IT infrastructure. In addition, it allows you to quickly replicate your infrastructure, record resource changes in detail, and establish a flexible workflow that facilitates the collaboration of all those involved in the development process.

This concept did not arise with the cloud and DevOps, as some believe, but has its roots in managing on-premises systems. Many tools, such as Terraform, Ansible, Chef Infra, and Puppet, fulfil the provisioning and automation capabilities. Still, since the blog will mainly focus on Amazon Web Services, I will talk about the native service of AWS for IaC: AWS CloudFormation.

For many people, the simplest way to use AWS CloudFormation is to create a single template in which you define all the resources you want to make. But as your infrastructure or project grows, your templates grow in resources, which means more lines of code. Having such a large template, it becomes difficult to manage.

I won't discuss the structure of an AWS CloudFormation template; there's quite a lot of documentation about it. Today, I'll discuss two methods for managing your templates: Cross-stack and Nested stacks.

The concept is straightforward: you manage your stacks separately, export output from one stack, and import it into another.

For example, you want to export the ID in the VPC stack and import it in the Load Balancer stack.

Template - Export VPC ID:

Template - Import VPC ID:

I highly recommend dividing your templates into smaller ones to manage them more efficiently; that is where the Nested stack comes in.

Nested stacks comprise a root template, the main stack for the first-level stacks. This root template contains the references to the rest of the templates. For those familiar with Terraform, it works like a parent template that calls your public or local modules.

You can upload the individual templates to AWS CloudFormation, but Nested stacks require templates to be uploaded in an S3 bucket. This is a prerequisite for the Nested stack to work.

You can also pass Outputs from one Nested Stack to another in a root template using the Fn::GetAtt intrinsic function. Output values can only be used between Nested stacks, while Export (Cross-stack) values can be imported into other templates outside the nesting.

Template - The Stack, named VPCStack, contains the output of the VPC ID:

Template - The Stack called NACLStack gets the VPC ID with the GetAtt function:

Yes, it is usual to mix them in large infrastructures, where several types of services are represented by a root template and its set of Nested stacks.

I hope that this article will be of great help to you. A big hug, and see you another time. Thank you!