Custom CloudFormation Resources: Real Ultimate Power
Hi, this post is all about CloudFormation custom resources, REAL CUSTOM RESOURCES. This post is awesome. My name is Chase and I can’t stop thinking about custom resources. These things are cool; and by cool, I mean totally sweet.
Trust me, it would have been hilarious, but rather than spend a whole post on a meme that’s past its prime let’s take a look at the real reasons why custom resources are so powerful!
What Are Custom Resources?
Custom resources are virtual CloudFormation resources that can invoke AWS Lambda functions. Inside the Lambda function you have access to the properties of the custom resource (which can include information about other resources in the same CloudFormation stack by way of Ref and Fn::GetAtt functions). The function can then do anything in the world as long as it (or another resource it invokes) reports success or failure back to CloudFormation within one hour. In the response to CloudFormation, the custom resource can provide data that can be referenced from other resources within the same stack.
What Can I Do With Custom Resources?
Custom resources are such a fundamental resource that it isn’t obvious at first glance all the use cases it enables. Because it can be invoked once or on every deployment, it’s a powerful mechanism for lifecycle management of many resources. Here are a few examples:
- Provisioning a resource that CloudFormation doesn’t support
- Calling out to a Lambda function to retrieve a value to be used elsewhere in a stack, like an AMI image ID
- Seeding and migrating a database on every deployment
- Uploading new website content to an S3 Bucket on every deployment
- Reporting details about resources in a deployment to an external service, like recording names of provisioned S3 Buckets where CloudFormation appends random characters (the Stackery Agent uses this technique to help link AWS accounts with Stackery accounts)
You could even use custom resources to enable post-provisioning smoke/verification testing:
- A custom resource is “updated” as the last resource of a deployment (this is achieved by adding every other resource in the stack to its DependsOn property)
- The Lambda function backing the custom resource triggers smoke tests to run, then returns success or failure to CloudFormation
- If a failure occurs, CloudFormation automatically rolls back the deployment
Honestly, while I have begun using custom resources for many use cases, I discover new use cases all the time. I feel like I have hardly scratched the surface of what’s possible through custom resources.
And that’s what I call REAL Ultimate Power!!!!!!!!!!!!!!!!!!
Nate Taggart | July 04, 2018