Even with tools like CDK, understanding the underlying CloudFormation mechanics is crucial. Improperly structured stacks can lead to circular dependencies, update rollbacks, and stuck resources. This guide covers nested stacks, cross-stack references, and drift detection.
Cross-Stack References vs Nested Stacks
| Feature | Cross-Stack Refs (Export/Import) | Nested Stacks |
|---|---|---|
| Coupling | Loose (Independent lifecycles) | Tight (Parent controls Child) |
| Updates | Can block updates if exported value is in use | Updated as a single unit |
| Use Case | Sharing VPC, Security Groups across apps | Breaking up large app templates (Limit 200 resources) |
Exporting Values
# Networking Stack
Outputs:
PrivateSubnetId:
Value: !Ref PrivateSubnet
Export:
Name: !Sub "${AWS::StackName}-PrivateSubnet"Importing Values
# App Stack
Resources:
MyInstance:
Type: AWS::EC2::Instance
Properties:
SubnetId: !ImportValue Networking-PrivateSubnetPreventing Zombie Resources
Use `CreationPolicy` and `cfn-signal` for EC2 instances to ensure the bootstrap script (UserData) completed successfully before marking the stack as CREATE_COMPLETE.
Properties:
UserData:
Fn::Base64: !Sub |
#!/bin/bash
yum install -y httpd
/opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WebServer --region ${AWS::Region}
CreationPolicy:
ResourceSignal:
Timeout: PT5MKey Takeaways
- Use **Nested Stacks** to overcome the 200 resource limit.
- Avoid modifying Exported Outputs; it requires deleting all importing stacks first.
- Use **Change Sets** to preview operations before execution.
Discover more from C4: Container, Code, Cloud & Context
Subscribe to get the latest posts sent to your email.