CloudFormation Registry Cheatsheet
A few weeks ago the AWS CloudFormation Public Registry was announced. It makes it easier to distribute and consume CloudFormation resource types (sometimes called resource providers) and modules, which are referred to as extensions collectively. It doesn't support CloudFormation custom resources, which seem to be legacy functionality these days. Resources that are missing CloudFormation coverages are tracked in the roadmap repo on GitHub.
The registry documentation is as extensive and detailed as you'd expect from the official documentation. This can be hard to get started with, so here's a quick summary...
Extensions
CloudFormation Modules
Modules are pre-configured snippets of CloudFormation. They let you define how resources should be created in CloudFormation, but they don’t let you do anything that CloudFormation doesn’t already support.
CloudFormation Resource Types
Resource Types allow you to define resources that then can be created via native CloudFormation. They allow you to do things that CloudFormation cannot do e.g. create resources outside of AWS, managed via CloudFormation, or create AWS resource in a very specific/prescriptive way.
CloudFormation Registries
Private Registry extensions are a per-account registration of resource types and modules. This means you have to take care of provisioning, using, and updating the resource providers yourself. For me personally, this per-account limitation dramatically reduced the usefulness of resource providers, given the multi-account environments I usually work in, and that are encouraged by AWS's own best practices.
Public Registry extensions are published publicly for everyone on AWS to see and use. They can take advantage of drift detection (private types can't). They can also be integrated with AWS Config, so that you can see a history of changes to your deployed resources.
Public registry publishers must be one of:
- AWS Marketplace seller, which is probably not you unless you’re already in the marketplace
- A GitHub user
- A BitBucket user
Publishing
- Register in a particular region
- Publish the resource provider in to private registry in that same region
- Test the extension meets requirements, specifically the resource type tests
Consuming
Public registry extensions come in two flavours:
- Amazon extensions are public and active by default, so you don't need to do anything to start using them.
- Third-party extensions must be activated by account and region. When activating (only!) you can set an alias for the extension, and if you want automatic minor/patch version updates (extensions follow semantic versioning).
Activated extensions are replicated to your account. Types can be activated across an Organization using service-managed StackSets. Requires a service role that allows sts:AssumeRole
by the service resources.cloudformation.amazonaws.com
.
Cost
There is no cost associated with the public or private registries, only the costs incurred by the resources created, and the resources used when running the extensions in your account.