cloudformation

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

AWS CloudFormation

AWS CloudFormation provisions and manages AWS resources using templates. Define infrastructure as code, version control it, and deploy consistently across environments.

AWS CloudFormation 通过模板来预置和管理AWS资源。将基础设施定义为代码，进行版本控制，并在不同环境中一致部署。

Core Concepts

核心概念

Templates

模板

JSON or YAML files defining AWS resources. Key sections:

Parameters: Input values
Mappings: Static lookup tables
Conditions: Conditional resource creation
Resources: AWS resources (required)
Outputs: Return values

定义AWS资源的JSON或YAML文件。关键部分：

Parameters（参数）：输入值
Mappings（映射）：静态查找表
Conditions（条件）：条件化资源创建
Resources（资源）：AWS资源（必填）
Outputs（输出）：返回值

Stacks

堆栈

Collection of resources managed as a single unit. Created from templates.

作为单个单元管理的资源集合，由模板创建。

Change Sets

变更集

Preview changes before executing updates.

在执行更新前预览变更内容。

Stack Sets

堆栈集

Deploy stacks across multiple accounts and regions.

在多个账户和区域中部署堆栈。

Common Patterns

常见模式

Basic Template Structure

基础模板结构

yaml

AWSTemplateFormatVersion: '2010-09-09'
Description: My infrastructure template

Parameters:
  Environment:
    Type: String
    AllowedValues: [dev, staging, prod]
    Default: dev

Mappings:
  EnvironmentConfig:
    dev:
      InstanceType: t3.micro
    prod:
      InstanceType: t3.large

Conditions:
  IsProd: !Equals [!Ref Environment, prod]

Resources:
  MyBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Sub 'my-app-${Environment}-${AWS::AccountId}'
      VersioningConfiguration:
        Status: !If [IsProd, Enabled, Suspended]

Outputs:
  BucketName:
    Description: S3 bucket name
    Value: !Ref MyBucket
    Export:
      Name: !Sub '${AWS::StackName}-BucketName'

yaml

AWSTemplateFormatVersion: '2010-09-09'
Description: My infrastructure template

Parameters:
  Environment:
    Type: String
    AllowedValues: [dev, staging, prod]
    Default: dev

Mappings:
  EnvironmentConfig:
    dev:
      InstanceType: t3.micro
    prod:
      InstanceType: t3.large

Conditions:
  IsProd: !Equals [!Ref Environment, prod]

Resources:
  MyBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Sub 'my-app-${Environment}-${AWS::AccountId}'
      VersioningConfiguration:
        Status: !If [IsProd, Enabled, Suspended]

Outputs:
  BucketName:
    Description: S3 bucket name
    Value: !Ref MyBucket
    Export:
      Name: !Sub '${AWS::StackName}-BucketName'

Deploy a Stack

部署堆栈

AWS CLI:

bash

undefined

AWS CLI：

bash

undefined

Create stack

创建堆栈

aws cloudformation create-stack
--stack-name my-stack
--template-body file://template.yaml
--parameters ParameterKey=Environment,ParameterValue=prod
--capabilities CAPABILITY_IAM

Wait for completion

等待创建完成

aws cloudformation wait stack-create-complete --stack-name my-stack

Update stack

更新堆栈

aws cloudformation update-stack
--stack-name my-stack
--template-body file://template.yaml
--parameters ParameterKey=Environment,ParameterValue=prod

Delete stack

删除堆栈

aws cloudformation delete-stack --stack-name my-stack

undefined

aws cloudformation delete-stack --stack-name my-stack

undefined

Use Change Sets

使用变更集

bash

undefined

bash

undefined

Create change set

创建变更集

aws cloudformation create-change-set
--stack-name my-stack
--change-set-name my-changes
--template-body file://template.yaml
--parameters ParameterKey=Environment,ParameterValue=prod

Describe changes

查看变更内容

aws cloudformation describe-change-set
--stack-name my-stack
--change-set-name my-changes

Execute change set

执行变更集

aws cloudformation execute-change-set
--stack-name my-stack
--change-set-name my-changes

undefined

aws cloudformation execute-change-set
--stack-name my-stack
--change-set-name my-changes

undefined

Lambda Function

Lambda函数

yaml

Resources:
  LambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: !Sub '${AWS::StackName}-function'
      Runtime: python3.12
      Handler: index.handler
      Role: !GetAtt LambdaRole.Arn
      Code:
        ZipFile: |
          def handler(event, context):
              return {'statusCode': 200, 'body': 'Hello'}
      Environment:
        Variables:
          ENVIRONMENT: !Ref Environment

  LambdaRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole

yaml

Resources:
  LambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: !Sub '${AWS::StackName}-function'
      Runtime: python3.12
      Handler: index.handler
      Role: !GetAtt LambdaRole.Arn
      Code:
        ZipFile: |
          def handler(event, context):
              return {'statusCode': 200, 'body': 'Hello'}
      Environment:
        Variables:
          ENVIRONMENT: !Ref Environment

  LambdaRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole

VPC with Subnets

带子网的VPC

yaml

Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsHostnames: true
      Tags:
        - Key: Name
          Value: !Sub '${AWS::StackName}-vpc'

  PublicSubnet1:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Select [0, !GetAZs '']
      CidrBlock: 10.0.1.0/24
      MapPublicIpOnLaunch: true

  PrivateSubnet1:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Select [0, !GetAZs '']
      CidrBlock: 10.0.10.0/24

  InternetGateway:
    Type: AWS::EC2::InternetGateway

  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway

  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC

  PublicRoute:
    Type: AWS::EC2::Route
    DependsOn: AttachGateway
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway

  PublicSubnet1RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet1
      RouteTableId: !Ref PublicRouteTable

yaml

Resources:
  VPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsHostnames: true
      Tags:
        - Key: Name
          Value: !Sub '${AWS::StackName}-vpc'

  PublicSubnet1:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Select [0, !GetAZs '']
      CidrBlock: 10.0.1.0/24
      MapPublicIpOnLaunch: true

  PrivateSubnet1:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: !Select [0, !GetAZs '']
      CidrBlock: 10.0.10.0/24

  InternetGateway:
    Type: AWS::EC2::InternetGateway

  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref VPC
      InternetGatewayId: !Ref InternetGateway

  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref VPC

  PublicRoute:
    Type: AWS::EC2::Route
    DependsOn: AttachGateway
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway

  PublicSubnet1RouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet1
      RouteTableId: !Ref PublicRouteTable

DynamoDB Table

DynamoDB表

yaml

Resources:
  OrdersTable:
    Type: AWS::DynamoDB::Table
    Properties:
      TableName: !Sub '${AWS::StackName}-orders'
      AttributeDefinitions:
        - AttributeName: PK
          AttributeType: S
        - AttributeName: SK
          AttributeType: S
        - AttributeName: GSI1PK
          AttributeType: S
        - AttributeName: GSI1SK
          AttributeType: S
      KeySchema:
        - AttributeName: PK
          KeyType: HASH
        - AttributeName: SK
          KeyType: RANGE
      GlobalSecondaryIndexes:
        - IndexName: GSI1
          KeySchema:
            - AttributeName: GSI1PK
              KeyType: HASH
            - AttributeName: GSI1SK
              KeyType: RANGE
          Projection:
            ProjectionType: ALL
      BillingMode: PAY_PER_REQUEST
      PointInTimeRecoverySpecification:
        PointInTimeRecoveryEnabled: true

yaml

Resources:
  OrdersTable:
    Type: AWS::DynamoDB::Table
    Properties:
      TableName: !Sub '${AWS::StackName}-orders'
      AttributeDefinitions:
        - AttributeName: PK
          AttributeType: S
        - AttributeName: SK
          AttributeType: S
        - AttributeName: GSI1PK
          AttributeType: S
        - AttributeName: GSI1SK
          AttributeType: S
      KeySchema:
        - AttributeName: PK
          KeyType: HASH
        - AttributeName: SK
          KeyType: RANGE
      GlobalSecondaryIndexes:
        - IndexName: GSI1
          KeySchema:
            - AttributeName: GSI1PK
              KeyType: HASH
            - AttributeName: GSI1SK
              KeyType: RANGE
          Projection:
            ProjectionType: ALL
      BillingMode: PAY_PER_REQUEST
      PointInTimeRecoverySpecification:
        PointInTimeRecoveryEnabled: true

CLI Reference

CLI参考

Stack Operations

堆栈操作

Command	Description
`aws cloudformation create-stack`	Create stack
`aws cloudformation update-stack`	Update stack
`aws cloudformation delete-stack`	Delete stack
`aws cloudformation describe-stacks`	Get stack info
`aws cloudformation list-stacks`	List stacks
`aws cloudformation describe-stack-events`	Get events
`aws cloudformation describe-stack-resources`	Get resources

命令	描述
`aws cloudformation create-stack`	创建堆栈
`aws cloudformation update-stack`	更新堆栈
`aws cloudformation delete-stack`	删除堆栈
`aws cloudformation describe-stacks`	获取堆栈信息
`aws cloudformation list-stacks`	列出堆栈
`aws cloudformation describe-stack-events`	获取堆栈事件
`aws cloudformation describe-stack-resources`	获取堆栈资源

Change Sets

变更集

Command	Description
`aws cloudformation create-change-set`	Create change set
`aws cloudformation describe-change-set`	View changes
`aws cloudformation execute-change-set`	Apply changes
`aws cloudformation delete-change-set`	Delete change set

命令	描述
`aws cloudformation create-change-set`	创建变更集
`aws cloudformation describe-change-set`	查看变更内容
`aws cloudformation execute-change-set`	应用变更
`aws cloudformation delete-change-set`	删除变更集

Template

模板

Command	Description
`aws cloudformation validate-template`	Validate template
`aws cloudformation get-template`	Get stack template
`aws cloudformation get-template-summary`	Get template info

命令	描述
`aws cloudformation validate-template`	验证模板
`aws cloudformation get-template`	获取堆栈模板
`aws cloudformation get-template-summary`	获取模板信息

Best Practices

最佳实践

Template Design

模板设计

Use parameters for environment-specific values
Use mappings for static lookup tables
Use conditions for optional resources
Export outputs for cross-stack references
Add descriptions to parameters and outputs

使用参数处理环境特定值
使用映射处理静态查找表
使用条件创建可选资源
导出输出用于跨堆栈引用
为参数和输出添加描述

Security

安全

Use IAM roles instead of access keys
Enable termination protection for production
Use stack policies to protect resources
Never hardcode secrets — use Secrets Manager

bash

undefined

使用IAM角色而非访问密钥
为生产环境启用终止保护
使用堆栈策略保护资源
切勿硬编码密钥——使用Secrets Manager

bash

undefined

Enable termination protection

启用终止保护

aws cloudformation update-termination-protection
--stack-name my-stack
--enable-termination-protection

undefined

aws cloudformation update-termination-protection
--stack-name my-stack
--enable-termination-protection

undefined

Organization

组织管理

Use nested stacks for complex infrastructure
Create reusable modules
Version control templates
Use consistent naming conventions

使用嵌套堆栈管理复杂基础设施
创建可复用模块
对模板进行版本控制
使用一致的命名规范

Reliability

可靠性

Use DependsOn for explicit dependencies
Configure creation policies for instances
Use update policies for Auto Scaling groups
Implement rollback triggers

使用DependsOn定义显式依赖
为实例配置创建策略
为Auto Scaling组配置更新策略
实现回滚触发器

Troubleshooting

故障排查

Stack Creation Failed

堆栈创建失败

bash

undefined

bash

undefined

Get failure reason

获取失败原因

aws cloudformation describe-stack-events
--stack-name my-stack
--query 'StackEvents[?ResourceStatus==

CREATE_FAILED

aws cloudformation describe-stack-events
--stack-name my-stack
--query 'StackEvents[?ResourceStatus==

CREATE_FAILED

Common causes:

常见原因：

- IAM permissions

- IAM权限问题

- Resource limits

- 资源配额限制

- Invalid property values

- 无效属性值

- Dependency failures

- 依赖项创建失败

undefined

undefined

Stack Stuck in DELETE_FAILED

堆栈卡在DELETE_FAILED状态

bash

undefined

bash

undefined

Identify resources that couldn't be deleted

识别无法删除的资源

aws cloudformation describe-stack-resources
--stack-name my-stack
--query 'StackResources[?ResourceStatus==

DELETE_FAILED

aws cloudformation describe-stack-resources
--stack-name my-stack
--query 'StackResources[?ResourceStatus==

DELETE_FAILED

Retry with resources to skip

跳过指定资源重试删除

aws cloudformation delete-stack
--stack-name my-stack
--retain-resources ResourceLogicalId1 ResourceLogicalId2

undefined

aws cloudformation delete-stack
--stack-name my-stack
--retain-resources ResourceLogicalId1 ResourceLogicalId2

undefined

Drift Detection

漂移检测

bash

undefined

bash

undefined

Detect drift

检测漂移

aws cloudformation detect-stack-drift --stack-name my-stack

Check drift status

检查漂移检测状态

aws cloudformation describe-stack-drift-detection-status
--stack-drift-detection-id abc123

View drifted resources

查看漂移资源

aws cloudformation describe-stack-resource-drifts
--stack-name my-stack

undefined

aws cloudformation describe-stack-resource-drifts
--stack-name my-stack

undefined

Rollback Failed

回滚失败

bash

undefined

bash

undefined

Continue update rollback

继续更新回滚

aws cloudformation continue-update-rollback
--stack-name my-stack
--resources-to-skip ResourceLogicalId1

undefined

aws cloudformation continue-update-rollback
--stack-name my-stack
--resources-to-skip ResourceLogicalId1

undefined

cloudformation

Original

Translation

AWS CloudFormation

AWS CloudFormation

Table of Contents

目录

Core Concepts

核心概念

Templates

模板

Stacks

堆栈

Change Sets

变更集

Stack Sets

堆栈集

Common Patterns

常见模式

Basic Template Structure

基础模板结构

Deploy a Stack

部署堆栈

Create stack

创建堆栈

Wait for completion

等待创建完成

Update stack

更新堆栈

Delete stack

删除堆栈

Use Change Sets

使用变更集

Create change set

创建变更集

Describe changes

查看变更内容

Execute change set

执行变更集

Lambda Function

Lambda函数

VPC with Subnets

带子网的VPC

DynamoDB Table

DynamoDB表

CLI Reference

CLI参考

Stack Operations

堆栈操作

Change Sets

变更集

Template

模板

Best Practices

最佳实践

Template Design

模板设计

Security

安全

Enable termination protection

启用终止保护

Organization

组织管理

Reliability

可靠性

Troubleshooting

故障排查

Stack Creation Failed

堆栈创建失败

Get failure reason

获取失败原因

Common causes:

常见原因：

- IAM permissions

- IAM权限问题

- Resource limits

- 资源配额限制

- Invalid property values

- 无效属性值

- Dependency failures