Using CloudFormation Nested Change Sets

Every year, just in time for re:invent, AWS announces a plethora of upgrades to the services in the AWS ecosphere. This year is no different, even though re:invent will be completely virtual.

What’s a nested stack you ask?

A nested stack is when one CloudFormation stack has another stack as a resource. Consider this fragment:

Parameters:
VpcId:
# select the VPC the stack is being deployed in.
Type: AWS::EC2::VPC::Id
Description: Select the VPC
BucketName:
Type: String

Resources:
ClusterA:
Type: AWS::ECS::Cluster
Properties:
ClusterName: clusterA
ClusterSettings:
- Name: containerInsights
Value: enabled
CloudwatchExportsBucket:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: https://bucket.s3.amazonaws.com/template.yaml
Parameters:
BucketName: !Ref BucketName
aws cloudformationcreate-stack --stack-name my-sample-changeset --template-url https://labr-cfn.s3.amazonaws.com/parent.yaml --parameters "ParameterKey=BucketName,ParameterValue=my-sample-changset"
{
"StackId": "arn:aws:cloudformation:us-east-1:548985610555:stack/my-sample-changeset/dea1ea90-319a-11eb-a380-0e2470ba0d5b"
}
Verifying the stack creation
Verifying the stack creation

Change Sets

To illustrate using the changeset, let’s change the name of our S3 bucket.

Changing the S3 bucket name
Changing the S3 bucket name
Viewing the root changeset.
Viewing the root changeset.
Viewing the nested changeset.
Viewing the nested changeset.
Applying a nested changed set only at the root.
Applying a nested changed set only at the root.
Monitoring the stack update.
Monitoring the stack update.

In Conclusion

This is a very nice addition to CloudFormation as the changes being applied to the nested stacks may not be what we expect, especially in complex stacks. By reviewing the changes being applied to our nested stacks, we can choose to not deploy the change should there be an impact we are not expecting.

References

AWS CloudFormation change sets now support nested stacks

About the Author

Chris is a highly-skilled Information Technology, AWS Cloud, Training and Security Professional bringing cloud, security, training, and process engineering leadership to simplify and deliver high-quality products. He is the co-author of seven books and author of more than 70 articles and book chapters in technical, management, and information security publications. His extensive technology, information security, and training experience make him a key resource who can help companies through technical challenges. Chris is a member of the AWS Community Builder Program.

Copyright

This article is Copyright © 2020, Chris Hare.

Chris is the co-author of seven books and author of more than 70 articles and book chapters in technical, management, and information security publications.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store