AWS CloudFormation · DevOps & CI/CD Deep Dive

Anatomy

The Building Blocks

Template — YAML or JSON describing Resources, Parameters, Outputs, Mappings, Conditions.
Stack — a deployed instance of a template. AWS tracks state and dependencies.
Change Set — preview of the diff before execute.
StackSets — deploy the same template across many accounts/regions.
Drift detection — compare live state to template; flag manual changes.
Custom Resources — Lambda-backed resources for what CFN doesn't natively support.

CDK & SAM

AWS CDK — write infra in TypeScript / Python / Go / Java / .NET; cdk synth emits CloudFormation. Loops, classes, npm packages — real code.
AWS SAM — opinionated CloudFormation transform for serverless apps (Lambda + API Gateway + DynamoDB).
Construct Hub — community L3 constructs (high-level patterns) for CDK.

When to Use It

State managed for you. No S3+lock backend, no lost-state-file horror story.
Native AWS guarantees. Rollbacks happen automatically on failure; transactional resource creation.
Service Catalog — package CFN templates as governed self-service for devs.
Day-1 support for new AWS resources is usually fast (now via CloudFormation Registry).

Tradeoffs

AWS only. No Cloudflare, no GitHub, no SaaS integrations.
Slow. Stack updates can take many minutes; nested stacks slower still.
Awful failure UX. Stuck rollbacks ("UPDATE_ROLLBACK_FAILED") are a rite of passage.
YAML is verbose. CDK is the answer most teams reach for.
Cross-stack references get gnarly; many teams use SSM Parameter Store as a softer coupling.

Continue