Introducing StackMaster - The missing CloudFormation tool

StackMaster

CloudFormation is an Amazon (AWS) service for provisioning infrastructure as “stacks”, described in a JSON template. We use it a lot at Envato, and initially I hated it. Typing out JSON is just painful (literally!), and the APIs exposed in the AWS CLI are very asynchronous and low level. I wanted something to hold my hand and provide more visibility into stack updates.

Today I’d like to introduce a project we’ve recently open-sourced: StackMaster is a tool to make working with multiple CloudFormation stacks a lot simpler. It solves some of the problems we’ve experienced while working with the CloudFormation CLI directly. The project is a refinement of some existing tooling that we have been using internally at Envato for most of this year, and it was built during one of Envato’s previous “Hack Fortnights”.

See the changes you are making to a stack before you apply them:

When applying a stack update with StackMaster, it does a few things. First you’ll see a text diff of the proposed template JSON and the template that currently exists on CloudFormation. This helps sanity-check the changes and abort if something doesn’t look right. It also shows a diff of any parameter changes. After confirming the change, StackMaster will display the log of stack events until CloudFormation has finished applying the change.

StackMaster Apply Demo

Easy ways to connect stacks:

StackMaster provides a number of helper functions to deal with parameters. One allows you to easily take the output from one stack and use it as the input to another, without having to hardcode it. We call these helpers parameter resolvers.

Make it easy to keep secrets secret.

Another parameter resolver transparently decrypts encrypted parameters before supplying them to CloudFormation, meaning you don’t need to worry about plain-text secrets.

Make your parameters easier to understand by using names instead of IDs.

Another set of parameter resolvers StackMaster offers allow you to refer to Amazon Simple Notification Service (SNS) topics and security groups by descriptive names, instead of obscure and hard to maintain ID numbers.

Here’s an example parameter file using those features:

1
2
3
4
5
6
7
8
9
InstanceType: t2.micro
VpcId:
  stack_output: my-vpc/VpcId
DbPassword:
  secret: db_password
ssh_sg:
  security_group: SSHSecurityGroup
notification_topic:
  sns_topic: PagerDuty

Make it easy to customise stacks in different environments

StackMaster will load and merge parameters for a given stack from multiple YAML files to allow for region- or environment-specific overrides. You can, for example, set defaults in one YAML file and then use an environment specific YAML file to tailor as required. We use this to do things like use a smaller instance type in our staging environment.

Apply descriptive labels to regions

Think in terms of environments instead of region names. StackMaster allows you to operate on your staging stack, rather than on your ap-southeast-2 stack, reducing the chance of applying changes where they are not desired.

For more details and examples check out our StackMaster repository on GitHub.