AWS CloudFormation, a service for provisioning and managing AWS resources through code, is pivotal in managing AWS infrastructure. You can use CloudFormation change sets to make changes and use stack policies to control who can update the stacks.
In this Cloud Lab, you’ll start by provisioning infrastructure using CloudFormation. The provisioned infrastructure will include an EC2 instance deployed as a web server. Next, you’ll create a change set for a modification that doesn’t affect the web server’s operation. Next, you’ll execute the change set to learn how they are applied to your AWS infrastructure. You’ll then create another change set, but this time, the change set will include modifications that can potentially disrupt your infrastructure. Next, you’ll implement a stack policy to secure your stack from such changes. You’ll then use another IAM user to see how that stack policy secures any unwanted modifications to your infrastructure.
By completing this Cloud Lab, you’ll gain valuable insights into utilizing AWS CloudFormation change sets and stack policies effectively.
The following is the high-level architecture diagram of the infrastructure that you’ll create in this Cloud Lab:
