CFN Stack Concept - Nestor G Pestelos Jr (ngpestelos)

A **stack** is the unit of grouping in CloudFormation. It's the deployed instance of a template — the actual AWS resources, plus the CFN-managed metadata that tracks them as a single unit. ## The three layers | Layer | Lives in | Mutable? | |-------|----------|----------| | **Template** | A YAML/JSON file | You edit it freely | | **Stack** | CloudFormation service (AWS-managed) | CFN-managed; operate via create / update / delete | | **Resources** | The actual AWS services (EC2, RDS, S3, etc.) | CFN provisions them based on the stack | The template is the recipe. The stack is the meal once cooked, plus the chef's notes about what's on the plate. The resources are the food. ## What a stack actually is, concretely When you call `aws cloudformation create-stack --template-body file://app.yaml`, three things happen: 1. CFN parses your template → builds a dependency graph of resources 2. CFN provisions every resource in the right order, in the right account/region 3. CFN creates a **stack record** in its own database that maps: - **Logical IDs** (the names you gave resources in the template — `MyVPC`, `WebServer`, `DBInstance`) - to **Physical IDs** (what AWS actually assigned — `vpc-0a1b2c3d`, `i-12345678`, `mydb-instance-abc123`) That logical↔physical mapping is the heart of what a stack is. It's why `!Ref MyVPC` in a template resolves to `vpc-0a1b2c3d` at deploy time. ## Why the abstraction exists The stack lets CFN treat N resources as one thing for: - **Atomic deploy** — all resources succeed or the whole stack rolls back - **Atomic delete** — `delete-stack` removes every resource it provisioned, in reverse dependency order - **Update orchestration** — change the template, CFN computes the diff, knows what to add / modify / replace / delete (see [[CFN Update Behaviors and the Replacement Trap]]) - **Drift tracking** — CFN remembers the expected state per resource, can compare against live (see [[CFN Drift Detection Mechanics and Limits]]) - **State sharing across stacks** — Outputs/Exports are stack-scoped (see [[CFN Cross-Stack References Outputs and ImportValue]]) Without the stack abstraction, you'd be running `aws ec2 create-vpc`, `aws ec2 create-subnet`, etc., one at a time, with no rollback and no record of what belongs together. ## What every stack has - A **name** (you choose; must be unique within the account/region) - A **stack ID** — an ARN: `arn:aws:cloudformation:us-east-1:123456789012:stack/MyStack/abc-123` - A **status** (`CREATE_IN_PROGRESS`, `CREATE_COMPLETE`, `UPDATE_FAILED`, `ROLLBACK_COMPLETE`, etc.) - A **set of resources** with logical-to-physical mappings - The **template** that produced it (CFN stores a copy) - The **parameter values** passed at create/update time - An **events history** — every state transition, timestamped - Optionally: outputs, tags, IAM service role, rollback configuration, drift status All retrievable via `aws cloudformation describe-stacks --stack-name MyStack`. ## What a stack is NOT - **Not a resource.** A stack is a CFN-level construct. It doesn't show up in EC2 / RDS / S3 / etc. consoles. - **Not multi-region or multi-account.** A single stack lives in exactly one account + one region. For cross-account/cross-region deployment of the same template, use **StackSets** (a higher-level grouping of stacks). - **Not a deployment artifact.** The stack persists between deployments. An "update" mutates the existing stack; it doesn't create a new one. ## A concrete example Template `webapp.yaml` declares: a VPC, 2 subnets, a security group, an EC2 instance. Five resources. ```bash aws cloudformation create-stack --stack-name webapp-prod --template-body file://webapp.yaml ``` You now have: - 1 stack named `webapp-prod` - 5 actual AWS resources, each tagged internally as belonging to `webapp-prod` - CFN's database knows: logical ID `MyVPC` → physical ID `vpc-0a1b2c3d`, etc. Run `aws cloudformation delete-stack --stack-name webapp-prod` and all 5 resources are deleted in the correct reverse order. That's the whole point. ## Related - [[CFN Template Structure Nine Sections]] - [[CFN Update Behaviors and the Replacement Trap]] - [[CFN Failure Rollback Behavior]] - [[CFN Drift Detection Mechanics and Limits]] - [[CFN Cross-Stack References Outputs and ImportValue]]