DevOps on Mysterious Code - Senior AWS, DevOps & security engineering

How to validate a CloudFormation template (CLI and cfn-lint)

Sun, 28 Jun 2026 09:00:00 +0000

Validating an IaC template before you hand it to CloudFormation is one of the cheapest ways to avoid the dreaded UPDATE_ROLLBACK_IN_PROGRESS. You can catch a lot without ever creating a stack - but only if you understand what the tool you use actually checks. Here are the two we usually use, and where one stops and the other takes over.

Multiplatform docker images for cfn-lint (and a v1.52 schema fix)

Sat, 27 Jun 2026 09:00:00 +0000

A while back we wrote about our automatically updated docker image for cfn-lint - a public, daily-rebuilt image for cfn-lint that fills the gap left by the lack of an official one. Two changes have just landed in that build, and both are worth a few words: the images are now multiplatform, and we have fixed a problem that, from cfn-lint v1.52.0 onwards, left the image unable to recognise any resources.

Automatically updated docker image for cfn-lint

Thu, 18 Apr 2024 15:00:00 +0000

If you’re using CloudFormation, you probably know about cfn-lint - a linting tool created by the CloudFormation team to validate templates against the schema and best practices. Validating each template before deployment is in itself actually considered a best practice by AWS. However, simply using validate-template in the Console or CLI only validates the basic syntax of the template, not the actual contents and resource specification. That’s where using a linter like cfn-lint can be helpful to make sure you’re not making any obvious mistakes or going against best practices in your resources.

You can use cfn-lint in a number of ways during development, including simply within command-line, using git pre-commit hooks or as a plugin to your IDE. All those options, while helpful in day-to-day work, do not establish code quality standards for your overall codebase. To do that, it’s ideal to include linting as part of CI/CD pipeline and/or pull/merge-requests approval process.

That is where you can come across a hurdle: cfn-lint does not have an official, up-to-date docker image

Complete code: automated EC2 snapshots and retention management

Sun, 11 Mar 2018 23:22:07 +0000

Creating snapshots from EBS drives attached to your EC2 instances is the most basic way of backing up your data. While you have to be cautious when snapshotting running EC2 instances without restart, doing it regularly is a base of many disaster recovery plans. In the latest update to aws-maintenance repo on GitHub you’ll find a complete code and CloudFormation template that will make this as painless a process as possible.

Complete code: cross-region RDS recovery

Thu, 28 Dec 2017 00:12:46 +0000

After posting the previous post on this topic (Copying RDS snapshot to another region for cross-region recovery) , I noticed a lot of people being interested in using the code I provided as an example. Many were not sure how to make use of it, and after a couple of pull requests it became obvious that a complete, fully-working code and CloudFormation template would be a good idea. So, yesterday, I pushed an update to aws-maintenance repository with a fully working code, which you can easily customize via CloudFormation parameters to match your needs.

Packer, Ansible, CentOS and requiretty

Fri, 11 Nov 2016 10:00:42 +0000

If you’ve tried running Packer with CentOS on AWS, you probably noticed this:

 sudo: sorry, you must have a tty to run sudo

How to deploy Wordpress in AWS

Fri, 04 Nov 2016 10:00:02 +0000

I’m not talking about launching an EC2 instance, uploading the zip with WordPress and going through the installer. I’m talking about immutable infrastructure, scalable, self-healing setup of WordPress within AWS.

How I passed Red Hat Certificate of Expertise in Ansible Automation exam (EX407)

Fri, 14 Oct 2016 10:00:38 +0000

I have recently passed Red Hat’s EX407 (Red Hat Certificate of Expertise in Ansible Automation exam) and I wanted to share my experience for anyone else who might be looking into getting that certificate. At the time of my exam, I was only a second (publicly visible) person in the UK who had that certificate. Probably because it was only made available in summer this year.

Deployment pipeline, part 3: deployment onto an environment

Fri, 07 Oct 2016 10:00:01 +0000

The purpose of every deployment pipeline is… a deployment. So this final part of the series, will focus on just that. If you missed the intro, check out the video where I describe a typical pipeline here. The other parts of this series are part 1: test phase and part 2: build phase.

Once we create an AMI that we’d like to deploy, performing a rolling update on existing instances is fairly easy. Usage of Auto scaling groups and CloudFormation makes it even easier - since AWS Auto scaling groups support the rolling updates out of the box.

Or, if your applications requires blue-green deployments, using CloudFormation is almost essential.

Deployment pipeline, part 2: build phase

Mon, 03 Oct 2016 09:00:58 +0000

Welcome to the second part of my series on deployment pipelines. If you missed the intro, check out the video where I describe a typical pipeline here. The other parts of this series are part 1: test phase and part 3: deployment onto an environment.

After the test phase of the pipeline, once the quality of the code has been checked, we must build a deployable artefact for this version (commit) of the code. In case of AWS, this would be an AMI (Amazon Machine Image), which can then be deployed as a new instance in our environment.

Deployment pipeline, part 1: test phase

Fri, 30 Sep 2016 10:00:10 +0000

Welcome to the first part of my series on deployment pipelines. If you missed the intro, check out the video where I describe a typical pipeline here.

First step of a deployment pipeline, is usually a series of tests. After a commit is made, the code is checked out from the source code repository and tested. Those are usually code style tests and unit tests.

Typical CI deployment pipeline - overview

Fri, 23 Sep 2016 00:02:37 +0000

More details on each deployment phase with examples, will be posted at our blog over the coming weeks, so check back soon.