stack-designer

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Stack Designer

栈设计器

Quick Start

快速开始

Design well-organized CloudFormation stacks with proper resource grouping, parameters, outputs, and cross-stack references.

设计结构清晰的CloudFormation栈，包含合理的资源分组、参数、输出及跨栈引用。

Instructions

操作指南

Step 1: Identify stack boundaries

步骤1：确定栈边界

Determine how to organize resources into stacks:

By lifecycle:

Resources that change together should be in the same stack
Separate frequently updated resources from stable infrastructure
Group by deployment frequency

By ownership:

Network stack (VPC, subnets, route tables)
Security stack (security groups, IAM roles)
Application stack (EC2, ECS, Lambda)
Data stack (RDS, DynamoDB, S3)

By environment:

Separate dev, staging, production stacks
Use parameters for environment-specific values
Share common resources via cross-stack references

确定如何将资源组织到栈中：

按生命周期划分：

需同步变更的资源应放在同一个栈中
将频繁更新的资源与稳定的基础设施分离
按部署频率分组

按所属权划分：

网络栈（VPC、子网、路由表）
安全栈（安全组、IAM角色）
应用栈（EC2、ECS、Lambda）
数据栈（RDS、DynamoDB、S3）

按环境划分：

分离开发、预发布、生产环境的栈
使用参数配置环境专属值
通过跨栈引用共享通用资源

Step 2: Design stack structure

步骤2：设计栈结构

Simple stack (single template):

yaml

AWSTemplateFormatVersion: '2010-09-09'
Description: Simple web application stack

Parameters:
  EnvironmentName:
    Type: String
    Default: dev
    AllowedValues: [dev, staging, prod]
  
  InstanceType:
    Type: String
    Default: t3.micro
    AllowedValues: [t3.micro, t3.small, t3.medium]

Resources:
  WebServer:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: !Ref InstanceType
      ImageId: !Sub '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}'
      Tags:
        - Key: Environment
          Value: !Ref EnvironmentName

Outputs:
  InstanceId:
    Description: EC2 instance ID
    Value: !Ref WebServer
    Export:
      Name: !Sub '${AWS::StackName}-InstanceId'

Multi-stack architecture:

Root Stack
├── Network Stack (VPC, subnets)
├── Security Stack (security groups, IAM)
├── Database Stack (RDS)
└── Application Stack (EC2, ALB)

简单栈（单模板）：

yaml

AWSTemplateFormatVersion: '2010-09-09'
Description: Simple web application stack

Parameters:
  EnvironmentName:
    Type: String
    Default: dev
    AllowedValues: [dev, staging, prod]
  
  InstanceType:
    Type: String
    Default: t3.micro
    AllowedValues: [t3.micro, t3.small, t3.medium]

Resources:
  WebServer:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: !Ref InstanceType
      ImageId: !Sub '{{resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2}}'
      Tags:
        - Key: Environment
          Value: !Ref EnvironmentName

Outputs:
  InstanceId:
    Description: EC2 instance ID
    Value: !Ref WebServer
    Export:
      Name: !Sub '${AWS::StackName}-InstanceId'

多栈架构：

根栈
├── 网络栈（VPC、子网）
├── 安全栈（安全组、IAM）
├── 数据库栈（RDS）
└── 应用栈（EC2、ALB）

Step 3: Define parameters

步骤3：定义参数

Parameter best practices:

yaml

Parameters:
  # Use descriptive names
  DatabaseInstanceClass:
    Type: String
    Default: db.t3.micro
    AllowedValues:
      - db.t3.micro
      - db.t3.small
      - db.t3.medium
    Description: RDS instance class
  
  # Validate input
  DatabaseName:
    Type: String
    MinLength: 1
    MaxLength: 64
    AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
    ConstraintDescription: Must begin with letter, contain only alphanumeric
  
  # Use AWS-specific types
  VpcId:
    Type: AWS::EC2::VPC::Id
    Description: VPC for resources
  
  SubnetIds:
    Type: List<AWS::EC2::Subnet::Id>
    Description: Subnets for resources
  
  # Sensitive values from SSM
  DatabasePassword:
    Type: AWS::SSM::Parameter::Value<String>
    Default: /myapp/database/password
    NoEcho: true

参数最佳实践：

yaml

Parameters:
  # 使用描述性名称
  DatabaseInstanceClass:
    Type: String
    Default: db.t3.micro
    AllowedValues:
      - db.t3.micro
      - db.t3.small
      - db.t3.medium
    Description: RDS instance class
  
  # 验证输入
  DatabaseName:
    Type: String
    MinLength: 1
    MaxLength: 64
    AllowedPattern: '[a-zA-Z][a-zA-Z0-9]*'
    ConstraintDescription: Must begin with letter, contain only alphanumeric
  
  # 使用AWS专属类型
  VpcId:
    Type: AWS::EC2::VPC::Id
    Description: VPC for resources
  
  SubnetIds:
    Type: List<AWS::EC2::Subnet::Id>
    Description: Subnets for resources
  
  # 从SSM获取敏感值
  DatabasePassword:
    Type: AWS::SSM::Parameter::Value<String>
    Default: /myapp/database/password
    NoEcho: true

Step 4: Configure outputs

步骤4：配置输出

Output best practices:

yaml

Outputs:
  # Export for cross-stack references
  VpcId:
    Description: VPC ID
    Value: !Ref VPC
    Export:
      Name: !Sub '${AWS::StackName}-VpcId'
  
  # Multiple values
  PrivateSubnetIds:
    Description: Private subnet IDs
    Value: !Join [',', [!Ref PrivateSubnet1, !Ref PrivateSubnet2]]
    Export:
      Name: !Sub '${AWS::StackName}-PrivateSubnets'
  
  # Resource attributes
  LoadBalancerDNS:
    Description: ALB DNS name
    Value: !GetAtt ApplicationLoadBalancer.DNSName
  
  # Conditional outputs
  DatabaseEndpoint:
    Condition: CreateDatabase
    Description: RDS endpoint
    Value: !GetAtt Database.Endpoint.Address

输出最佳实践：

yaml

Outputs:
  # 导出用于跨栈引用
  VpcId:
    Description: VPC ID
    Value: !Ref VPC
    Export:
      Name: !Sub '${AWS::StackName}-VpcId'
  
  # 多值输出
  PrivateSubnetIds:
    Description: Private subnet IDs
    Value: !Join [',', [!Ref PrivateSubnet1, !Ref PrivateSubnet2]]
    Export:
      Name: !Sub '${AWS::StackName}-PrivateSubnets'
  
  # 资源属性输出
  LoadBalancerDNS:
    Description: ALB DNS name
    Value: !GetAtt ApplicationLoadBalancer.DNSName
  
  # 条件输出
  DatabaseEndpoint:
    Condition: CreateDatabase
    Description: RDS endpoint
    Value: !GetAtt Database.Endpoint.Address

Step 5: Implement cross-stack references

步骤5：实现跨栈引用

Exporting from one stack:

yaml

Outputs:
  SecurityGroupId:
    Value: !Ref WebSecurityGroup
    Export:
      Name: !Sub '${AWS::StackName}-SecurityGroupId'

Importing in another stack:

yaml

Resources:
  WebServer:
    Type: AWS::EC2::Instance
    Properties:
      SecurityGroupIds:
        - !ImportValue NetworkStack-SecurityGroupId

从一个栈导出：

yaml

Outputs:
  SecurityGroupId:
    Value: !Ref WebSecurityGroup
    Export:
      Name: !Sub '${AWS::StackName}-SecurityGroupId'

在另一个栈导入：

yaml

Resources:
  WebServer:
    Type: AWS::EC2::Instance
    Properties:
      SecurityGroupIds:
        - !ImportValue NetworkStack-SecurityGroupId

Nested Stacks

嵌套栈

Parent stack:

yaml

Resources:
  NetworkStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: https://s3.amazonaws.com/mybucket/network.yaml
      Parameters:
        EnvironmentName: !Ref EnvironmentName
      Tags:
        - Key: Name
          Value: Network
  
  ApplicationStack:
    Type: AWS::CloudFormation::Stack
    DependsOn: NetworkStack
    Properties:
      TemplateURL: https://s3.amazonaws.com/mybucket/application.yaml
      Parameters:
        VpcId: !GetAtt NetworkStack.Outputs.VpcId
        SubnetIds: !GetAtt NetworkStack.Outputs.SubnetIds

Benefits:

Reusable templates
Logical organization
Independent updates
Overcome template size limits

父栈：

yaml

Resources:
  NetworkStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: https://s3.amazonaws.com/mybucket/network.yaml
      Parameters:
        EnvironmentName: !Ref EnvironmentName
      Tags:
        - Key: Name
          Value: Network
  
  ApplicationStack:
    Type: AWS::CloudFormation::Stack
    DependsOn: NetworkStack
    Properties:
      TemplateURL: https://s3.amazonaws.com/mybucket/application.yaml
      Parameters:
        VpcId: !GetAtt NetworkStack.Outputs.VpcId
        SubnetIds: !GetAtt NetworkStack.Outputs.SubnetIds

优势：

模板可复用
逻辑结构清晰
可独立更新
突破模板大小限制

Common Patterns

常见模式

Pattern 1: Environment-specific stacks

模式1：环境专属栈

yaml

undefined

yaml

undefined

Use parameters for environment differences

使用参数配置环境差异

Parameters: Environment: Type: String AllowedValues: [dev, staging, prod]

Mappings: EnvironmentConfig: dev: InstanceType: t3.micro MinSize: 1 MaxSize: 2 staging: InstanceType: t3.small MinSize: 2 MaxSize: 4 prod: InstanceType: t3.medium MinSize: 3 MaxSize: 10

Resources: AutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup Properties: MinSize: !FindInMap [EnvironmentConfig, !Ref Environment, MinSize] MaxSize: !FindInMap [EnvironmentConfig, !Ref Environment, MaxSize] LaunchTemplate: LaunchTemplateId: !Ref LaunchTemplate Version: !GetAtt LaunchTemplate.LatestVersionNumber

undefined

Parameters: Environment: Type: String AllowedValues: [dev, staging, prod]

Mappings: EnvironmentConfig: dev: InstanceType: t3.micro MinSize: 1 MaxSize: 2 staging: InstanceType: t3.small MinSize: 2 MaxSize: 4 prod: InstanceType: t3.medium MinSize: 3 MaxSize: 10

undefined

Pattern 2: Conditional resources

模式2：条件资源

yaml

Parameters:
  CreateDatabase:
    Type: String
    Default: 'true'
    AllowedValues: ['true', 'false']

Conditions:
  ShouldCreateDatabase: !Equals [!Ref CreateDatabase, 'true']
  IsProduction: !Equals [!Ref Environment, 'prod']

Resources:
  Database:
    Type: AWS::RDS::DBInstance
    Condition: ShouldCreateDatabase
    Properties:
      DBInstanceClass: !If [IsProduction, db.t3.medium, db.t3.micro]
      MultiAZ: !If [IsProduction, true, false]

yaml

Parameters:
  CreateDatabase:
    Type: String
    Default: 'true'
    AllowedValues: ['true', 'false']

Conditions:
  ShouldCreateDatabase: !Equals [!Ref CreateDatabase, 'true']
  IsProduction: !Equals [!Ref Environment, 'prod']

Resources:
  Database:
    Type: AWS::RDS::DBInstance
    Condition: ShouldCreateDatabase
    Properties:
      DBInstanceClass: !If [IsProduction, db.t3.medium, db.t3.micro]
      MultiAZ: !If [IsProduction, true, false]

Pattern 3: Resource dependencies

模式3：资源依赖

yaml

Resources:
  # Explicit dependency
  WebServer:
    Type: AWS::EC2::Instance
    DependsOn: DatabaseInstance
    Properties:
      # ...
  
  # Implicit dependency via Ref
  SecurityGroupIngress:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref SecurityGroup
      SourceSecurityGroupId: !Ref LoadBalancerSecurityGroup

yaml

Resources:
  # 显式依赖
  WebServer:
    Type: AWS::EC2::Instance
    DependsOn: DatabaseInstance
    Properties:
      # ...
  
  # 通过Ref隐式依赖
  SecurityGroupIngress:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      GroupId: !Ref SecurityGroup
      SourceSecurityGroupId: !Ref LoadBalancerSecurityGroup

Stack Organization Strategies

栈组织策略

Strategy 1: Layered architecture

策略1：分层架构

Foundation Layer (rarely changes)
├── Network Stack (VPC, subnets, NAT)
└── Security Stack (IAM roles, KMS keys)

Platform Layer (occasional changes)
├── Database Stack (RDS, ElastiCache)
└── Storage Stack (S3, EFS)

Application Layer (frequent changes)
├── Compute Stack (EC2, ECS, Lambda)
└── API Stack (API Gateway, ALB)

基础层（极少变更）
├── 网络栈（VPC、子网、NAT）
└── 安全栈（IAM角色、KMS密钥）

平台层（偶尔变更）
├── 数据库栈（RDS、ElastiCache）
└── 存储栈（S3、EFS）

应用层（频繁变更）
├── 计算栈（EC2、ECS、Lambda）
└── API栈（API Gateway、ALB）

Strategy 2: Service-oriented

策略2：面向服务

Per-service stacks:
├── User Service Stack
├── Order Service Stack
├── Payment Service Stack
└── Shared Infrastructure Stack

按服务划分栈：
├── 用户服务栈
├── 订单服务栈
├── 支付服务栈
└── 共享基础设施栈

Strategy 3: Environment isolation

策略3：环境隔离

Per-environment stacks:
├── Dev Environment
│   ├── Network
│   ├── Application
│   └── Data
├── Staging Environment
│   ├── Network
│   ├── Application
│   └── Data
└── Production Environment
    ├── Network
    ├── Application
    └── Data

按环境划分栈：
├── 开发环境
│   ├── 网络
│   ├── 应用
│   └── 数据
├── 预发布环境
│   ├── 网络
│   ├── 应用
│   └── 数据
└── 生产环境
    ├── 网络
    ├── 应用
    └── 数据

Advanced

进阶内容

For detailed information, see:

Nested Stacks - Nested stack patterns and best practices
Parameters - Parameter design and validation strategies
Outputs - Output design and cross-stack references

如需详细信息，请参阅：

嵌套栈 - 嵌套栈模式及最佳实践
参数 - 参数设计与验证策略
输出 - 输出设计与跨栈引用