Whenever you are working on cloud, as a developer you are always expected that you should stick to rules for maintaining compliance, security and cost while creating any resources in AWS for developing applications.
Imagine you have to ensure that all resources provisioned in your AWS environment adhere to strict tagging policies. Sounds straightforward, right? But as any experienced AWS user knows, managing compliance across multiple resources can quickly become an unsettling task. That’s when CloudFormation Hooks come to the rescue!
This post will focus on the introduction, and in my next post, we will learn how to implement hooks for compliance.
What is CloudFormation Hooks?
AWS CloudFormation Hooks is an AWS CloudFormation feature that allows customers to run code before they create, update, or delete a resource. Depending on the code’s result, you can either get a warning or stop the deployment from happening. It helps enforce business rules automatically, making sure resources meet requirements before they’re set up. This lowers risks, maintains compliance and saves money by avoiding problems later on.
Now, before moving on to the implementation, you should first know and understand the basic terminologies around this-
What exactly is a Hook?
A Hook is a piece of code that runs right before CloudFormation creates, updates, or deletes specific resources. It checks if the resources follow the rules you set in your Hook logic. If they don’t, you can choose to either warn users or stop CloudFormation from making the changes.
What is a Hook Target?
Hook targets are the CloudFormation resources you want to apply a Hook to. These targets can be standard CloudFormation resources or third-party resources from the registry. When creating a Hook, you specify which resources it applies to. For example, you could create a Hook for AWS::S3::Bucket. Hooks can apply to multiple targets, and there’s no limit to how many.
What is a Target Invocation Point?
Target invocation points are the exact point in the resource provision logic where Hooks run. Target invocation points specify when Hooks run during the provisioning process. CloudFormation currently supports a PRE (before) target invocation point. This means that you can create a Hook that runs before CloudFormation starts setting up the target resource. For instance, a Hook with a PRE invocation point for an Amazon S3 target would run before CloudFormation starts creating an S3 bucket in your account.
Target Action
Target actions will tell you when Hooks will be executed. These actions are linked to Hook targets and include CREATE, UPDATE, and DELETE. For example, if you create a Hook for a DELETE action on a Lambda target, it will only run when CloudFormation is deleting a Lambda function.
What are Hook Handlers?
An invocation point and action will tell you when the hook runs. Hook creators create handlers that contain logic for these specific points. For example, a PRE invocation point with a CREATE action corresponds to a preCreate handler. Hook creators write code that runs whenever there’s a matching target and CloudFormation is performing a matching action.
Conclusion
So, this post was all about the concept and terminologies. We will discuss more in next post and create a Cloudformation hook working example.
Happy Learning 🙂
the glitch blog 