Browsed by
Month: November 2020

What are cloudformations custom resources and how to use them

What are cloudformations custom resources and how to use them

What is AWS Cloudformation ?

Cloudformation is a very important tool in the life of people working on AWS cloud platform. It helps you to quickly implement any AWS resources, in a fast and reliable way. It is the best example of what we call IaC :Infrastructure as Code.

Cloudformation makes deployment easier, maintenance and updates for entire environments, but also templatises your infrastrucuture, making it easy to reuse it.

AWS services are continuously updated with a lot of nice new features, and each service has its own lifecycle. We can compare AWS cloud platform to a huge microservices’ infrastructure.

Nonetheless, we might wonder if cloudformation is always up-to-date with all the other services.

This is not the case. Sometimes, a feature or a specific configuration could be missing in the cloudformation code, and you won’t be able to continue this way.

Let’s see how to use cloudformation and create every AWS ressources with any configuration we want !

Custom resources to the rescue

Luckily, AWS cloudformation custom resources are here to help.

Custom resources allow you to programmatically provision AWS resources anytime a cloudformation stack has been created, updated or deleted.

So, how does it work?

In a very simple way, on a change, cloudformation will call a lambda function with a specific event for trigger, and will wait a callback from this function, to define if the resource has been successfully modified or not.

Here we can notice that we can use our favorite SDK to provision AWS resources thanks to the use of lambdas (Python, Java, Node.js, …)

As explained above, the cloudformation custom resource will call a lambda, and will use the event input topass essential information and parameters to your function. You can find below a sample of what the input will look like:

NB : The ResourceProperties input is where you can customize the parameters of your function

You can notice that a response url is also given by cloudformation. This URL corresponds to the endpoint to call back when your function is done, and it is waiting to know the status of your actions. Please find below a sample of what the response url is waiting for:

Custom resources: use case & implementation

As I often do when I work for clients, I first build all the solutions “by hand”, using the console, allowing me to be fast for the validation of the Proof Of Concept with them. After this first step, we can start to build the IaC using cloudformation, allowing us to have a template that will be used for all the working environments, up to the production.

By working on an AWS AppStream project, I have been surprised to see that it was impossible to join IAM roles neither to the Image Builder nor to the Fleet using cloudformation native resources.

Checking the documentation, I saw quickly that it was possible to do it using the AWS SDK, so I chose to use Cloudformation Custom resources to build both the Image Builder and the Fleet.

Building the custom resource lambda function

First, I wrote the lambda code that will create and delete the needed resources.

We retrieve the parameters from the event:

Then, we check in the event what is the request type, and we do actions accordingly:

  • Create :

  • Delete : In this example, the fleet has to be stopped before deleting

As explained above in this article, the cloudformation custom resource is waiting for a status from your lambda, which will be sent by an http call on a custom url. There is a code sample that allows you to do so, knowing that the custom URL is given in the lambda event (you can see the calls to this functions in previous examples) :

Building the cloudformation template

Then I created the lambda and the custom resource in cloudformation.

You will see that the Image Builder and the Fleet resource is a Custom::IBAndFleetBuilder type, and the ServiceToken field corresponds to the lambda ARN.


Thanks to the custom resource, I managed to deliver to the customer a fully efficient cloudformation template, that he can use to automatically create all of his AppStream resources in one click, but also delete when they don’t need it anymore.

This article provides you a small overview of what can be done with the cloudformation resources.

Furthermore, it is important to note that the cloudformation stack also calls the custom resource when there is an update, and that we could implement an update function that will update the AWS resources.