aws-cloudformation-elasticache

仓库: giuseppe-trisciuoglio/developer-kit
安装量: 69
排名: #11121

安装

npx skills add https://github.com/giuseppe-trisciuoglio/developer-kit --skill aws-cloudformation-elasticache

AWS CloudFormation ElastiCache Overview Create production-ready Amazon ElastiCache infrastructure using AWS CloudFormation templates. This skill covers Redis clusters, Memcached clusters, replication groups, parameter groups, subnet groups, security groups, template structure best practices, parameter patterns, and cross-stack references for modular, reusable infrastructure as code. When to Use Use this skill when: Creating new ElastiCache Redis clusters (standalone or clustered) Setting up Redis Replication Groups for high availability Creating Memcached clusters for distributed caching Configuring ElastiCache Parameter Groups Setting up ElastiCache Subnet Groups for VPC deployment Implementing template Parameters with AWS-specific types Creating Outputs for cross-stack references Organizing templates with Mappings and Conditions Designing reusable, modular CloudFormation templates for caching infrastructure Quick Start Basic Redis Cluster AWSTemplateFormatVersion : 2010-09-09 Description : Simple Redis ElastiCache cluster with basic configuration Parameters : CacheNodeType : Type : String Default : cache.t3.micro Description : Cache node instance type NumCacheNodes : Type : Number Default : 1 Description : Number of cache nodes Resources : CacheSubnetGroup : Type : AWS : : ElastiCache : : SubnetGroup Properties : Description : Subnet group for ElastiCache SubnetIds : - !Ref PrivateSubnet1 - !Ref PrivateSubnet2 CacheCluster : Type : AWS : : ElastiCache : : Cluster Properties : CacheNodeType : !Ref CacheNodeType NumCacheNodes : !Ref NumCacheNodes Engine : redis CacheSubnetGroupName : !Ref CacheSubnetGroup VpcSecurityGroupIds : - !Ref CacheSecurityGroup Outputs : RedisEndpoint : Description : Redis cluster endpoint address Value : !GetAtt CacheCluster.RedisEndpoint.Address RedisPort : Description : Redis cluster port Value : !GetAtt CacheCluster.RedisEndpoint.Port Redis Replication Group AWSTemplateFormatVersion : 2010-09-09 Description : Redis Replication Group with primary and read replicas Parameters : CacheNodeType : Type : String Default : cache.t3.micro Description : Cache node instance type Resources : CacheSubnetGroup : Type : AWS : : ElastiCache : : SubnetGroup Properties : Description : Subnet group for Redis replication SubnetIds : - !Ref PrivateSubnet1 - !Ref PrivateSubnet2 ReplicationGroup : Type : AWS : : ElastiCache : : ReplicationGroup Properties : ReplicationGroupDescription : Primary and replicas for HA Engine : redis CacheNodeType : !Ref CacheNodeType NumNodeGroups : 1 ReplicasPerNodeGroup : 1 AutomaticFailoverEnabled : true MultiAZEnabled : true CacheSubnetGroupName : !Ref CacheSubnetGroup VpcSecurityGroupIds : - !Ref CacheSecurityGroup Outputs : PrimaryEndpoint : Description : Primary endpoint for write operations Value : !GetAtt ReplicationGroup.PrimaryEndPoint.Address ReaderEndpoint : Description : Reader endpoint for read operations Value : !GetAtt ReplicationGroup.ReaderEndPoint.Address Template Structure Template Sections Overview AWS CloudFormation templates are JSON or YAML files with specific sections. Each section serves a purpose in defining your infrastructure. AWSTemplateFormatVersion : 2010-09-09

Required - template version

Description : Optional description string

Optional description

Section order matters for readability but CloudFormation accepts any order

Mappings : { }

Static configuration tables

Metadata : { }

Additional information about resources

Parameters : { }

Input values for customization

Rules : { }

Parameter validation rules

Conditions : { }

Conditional resource creation

Transform : { }

Macro processing (e.g., AWS::Serverless)

Resources : { }

AWS resources to create (REQUIRED)

Outputs : { }

Return values after stack creation

Format Version The AWSTemplateFormatVersion identifies the template version. Current version is 2010-09-09 . AWSTemplateFormatVersion : 2010-09-09 Description : ElastiCache Redis Cluster Template Description Add a description to document the template's purpose. Must appear after the format version. AWSTemplateFormatVersion : 2010-09-09 Description :

This template creates an ElastiCache Redis cluster with: - Multi-AZ deployment for high availability - Automatic failover enabled - Encrypted at-rest and in-transit - Parameter group for custom configuration Metadata Use Metadata for additional information about resources or parameters, including AWS::CloudFormation::Interface for parameter grouping. Metadata : AWS::CloudFormation::Interface : ParameterGroups : - Label : default : Cache Configuration Parameters : - CacheNodeType - NumCacheNodes - Engine - Label : default : Network Parameters : - CacheSubnetGroupName - VpcSecurityGroupIds ParameterLabels : CacheNodeType : default : Cache Node Instance Type NumCacheNodes : default : Number of Cache Nodes Resources Section The Resources section is the only required section. It defines AWS resources to provision. Resources :

Cache Subnet Group (required for VPC deployment)

CacheSubnetGroup : Type : AWS : : ElastiCache : : SubnetGroup Properties : Description : Subnet group for ElastiCache deployment SubnetIds : - !Ref PrivateSubnet1 - !Ref PrivateSubnet2

Cache Parameter Group

CacheParameterGroup : Type : AWS : : ElastiCache : : ParameterGroup Properties : Description : Custom parameter group for Redis Family : redis7.x Parameters : maxmemory-policy : allkeys - lru timeout : 300

Cache Cluster

CacheCluster : Type : AWS : : ElastiCache : : Cluster Properties : CacheNodeType : cache.t3.micro NumCacheNodes : 1 Engine : redis CacheSubnetGroupName : !Ref CacheSubnetGroup CacheParameterGroupName : !Ref CacheParameterGroup Parameters Parameter Types Use AWS-specific parameter types for validation and easier selection in the console. Parameters : CacheNodeType : Type : String Description : ElastiCache node instance type Default : cache.t3.micro CacheSubnetGroup : Type : AWS : : ElastiCache : : SubnetGroup : : Name Description : Existing cache subnet group VpcSecurityGroupId : Type : AWS : : EC2 : : SecurityGroup : : Id Description : Security group for cache cluster AWS::ElastiCache::CacheCluster::CacheNodeType Values Common ElastiCache node types: Parameters : CacheNodeType : Type : String Default : cache.t3.micro AllowedValues : - cache.t3.micro - cache.t3.small - cache.t3.medium - cache.t3.large - cache.m5.large - cache.m5.xlarge - cache.m5.2xlarge - cache.m5.4xlarge - cache.r5.large - cache.r5.xlarge - cache.r5.2xlarge - cache.r5.4xlarge - cache.r6g.large - cache.r6g.xlarge - cache.r6g.2xlarge Parameter Constraints Add constraints to validate parameter values. Parameters : CacheClusterId : Type : String Description : Cache cluster identifier Default : myrediscluster AllowedPattern : "[a-zA-Z][a-zA-Z0-9]*" ConstraintDescription : Must begin with a letter; contain only alphanumeric characters MinLength : 1 MaxLength : 50 NumCacheNodes : Type : Number Description : Number of cache nodes Default : 1 MinValue : 1 MaxValue : 10 CachePort : Type : Number Description : Cache port number Default : 6379 MinValue : 1024 MaxValue : 65535 Engine and Version Parameters Parameters : Engine : Type : String Description : Cache engine Default : redis AllowedValues : - redis - memcached EngineVersion : Type : String Description : Cache engine version Default : 7.0 EngineVersionMajor : Type : String Description : Cache engine major version Default : "7.0" AllowedValues : - "6.x" - "7.0" SSM Parameter Types Reference Systems Manager parameters for dynamic values. Parameters : LatestRedisVersion : Type : AWS : : SSM : : Parameter : : Value<String

Description : Latest Redis version from SSM Default : /elasticache/redis/latest/version LatestMemcachedVersion : Type : AWS : : SSM : : Parameter : : Value<String

Description : Latest Memcached version from SSM Default : /elasticache/memcached/latest/version Mappings Use Mappings for static configuration data based on regions or instance types. Mappings : CacheNodeConfig : cache.t3.micro : CPU : 2 MemoryMiB : 555 NetworkGbits : 5 cache.t3.medium : CPU : 2 MemoryMiB : 3218 NetworkGbits : 10 cache.m5.large : CPU : 2 MemoryMiB : 6910 NetworkGbits : 10 cache.r5.large : CPU : 2 MemoryMiB : 13866 NetworkGbits : 10 RegionMap : us-east-1 : RedisPort : 6379 MemcachedPort : 11211 us-west-2 : RedisPort : 6379 MemcachedPort : 11211 eu-west-1 : RedisPort : 6379 MemcachedPort : 11211 Resources : CacheCluster : Type : AWS : : ElastiCache : : Cluster Properties : CacheNodeType : !Ref CacheNodeType NumCacheNodes : 1 Engine : redis CachePort : !FindInMap [ RegionMap , !Ref AWS : : Region , RedisPort ] Conditions Use Conditions to conditionally create resources based on parameters. Parameters : EnableMultiAZ : Type : String Default : false AllowedValues : - true - false EnableEncryption : Type : String Default : true AllowedValues : - true - false Environment : Type : String Default : development AllowedValues : - development - staging - production Conditions : IsMultiAZ : !Equals [ !Ref EnableMultiAZ , true ] IsEncrypted : !Equals [ !Ref EnableEncryption , true ] IsProduction : !Equals [ !Ref Environment , production ] Resources : CacheCluster : Type : AWS : : ElastiCache : : Cluster Properties : CacheNodeType : !Ref CacheNodeType NumCacheNodes : !If [ IsMultiAZ , 2 , 1 ] Engine : redis AutomaticFailoverEnabled : !If [ IsMultiAZ , true , false ] CacheSubnetGroupName : !Ref CacheSubnetGroup VpcSecurityGroupIds : - !Ref CacheSecurityGroup Condition Functions Conditions : IsDev : !Equals [ !Ref Environment , development ] IsStaging : !Equals [ !Ref Environment , staging ] IsProduction : !Equals [ !Ref Environment , production ] Resources : CacheCluster : Type : AWS : : ElastiCache : : Cluster Properties :

Production gets larger instances

CacheNodeType : !If [ IsProduction , cache.r5.large , cache.t3.micro ]

Production gets multi-AZ

NumCacheNodes : !If [ IsProduction , 3 , 1 ] AutomaticFailoverEnabled : !If [ IsProduction , true , false ] Transform Use Transform for macros like AWS::Serverless for SAM templates. AWSTemplateFormatVersion : 2010-09-09 Transform : AWS : : Serverless - 2016-10-31 Description : Serverless ElastiCache application template Globals : Function : Timeout : 30 Runtime : python3.11 Resources : CacheFunction : Type : AWS : : Serverless : : Function Properties : Handler : app.handler CodeUri : function/ Policies : - ElastiCacheFullAccessPolicy : CacheClusterId : !Ref CacheCluster Environment : Variables : CACHE_ENDPOINT : !GetAtt CacheCluster.RedisEndpoint.Address CACHE_PORT : !GetAtt CacheCluster.RedisEndpoint.Port Outputs and Cross-Stack References Basic Outputs Outputs : CacheClusterId : Description : Cache Cluster ID Value : !Ref CacheCluster CacheClusterEndpoint : Description : Cache cluster endpoint address Value : !GetAtt CacheCluster.RedisEndpoint.Address CacheClusterPort : Description : Cache cluster port Value : !GetAtt CacheCluster.RedisEndpoint.Port CacheClusterArn : Description : Cache Cluster ARN Value : !GetAtt CacheCluster.Arn CacheNodeType : Description : Cache Node Type Value : !Ref CacheNodeType Exporting Values for Cross-Stack References Export values so other stacks can import them. Outputs : CacheClusterId : Description : Cache Cluster ID for other stacks Value : !Ref CacheCluster Export : Name : !Sub $ { AWS : : StackName } - CacheClusterId CacheClusterEndpoint : Description : Cache cluster endpoint for application stacks Value : !GetAtt CacheCluster.RedisEndpoint.Address Export : Name : !Sub $ { AWS : : StackName } - CacheEndpoint CacheClusterPort : Description : Cache cluster port for application stacks Value : !GetAtt CacheCluster.RedisEndpoint.Port Export : Name : !Sub $ { AWS : : StackName } - CachePort ConnectionString : Description : Full connection string for applications Value : !Sub redis : //$ { CacheClusterEndpoint } : $ { CacheClusterPort } /0 Export : Name : !Sub $ { AWS : : StackName } - CacheConnectionString Importing Values in Another Stack Parameters : CacheClusterId : Type : AWS : : ElastiCache : : Cluster : : Id Description : Cache cluster ID from cache stack CacheEndpoint : Type : String Description : Cache cluster endpoint address Resources : ApplicationConfig : Type : AWS : : SSM : : Parameter Properties : Name : /app/cache/endpoint Value : !Ref CacheEndpoint Type : String Cross-Stack Reference Pattern Create a dedicated cache stack that exports values:

cache-stack.yaml

AWSTemplateFormatVersion : 2010-09-09 Description : Cache infrastructure stack Parameters : EnvironmentName : Type : String Default : production Resources : CacheSubnetGroup : Type : AWS : : ElastiCache : : SubnetGroup Properties : Description : !Sub Subnet group for $ { EnvironmentName } SubnetIds : - !Ref PrivateSubnet1 - !Ref PrivateSubnet2 CacheParameterGroup : Type : AWS : : ElastiCache : : ParameterGroup Properties : Description : Redis parameter group Family : redis7.x Parameters : maxmemory-policy : allkeys - lru CacheSecurityGroup : Type : AWS : : EC2 : : SecurityGroup Properties : GroupDescription : Cache security group VpcId : !Ref VPCId SecurityGroupIngress : - IpProtocol : tcp FromPort : 6379 ToPort : 6379 SourceSecurityGroupId : !Ref AppSecurityGroup ReplicationGroup : Type : AWS : : ElastiCache : : ReplicationGroup Properties : ReplicationGroupDescription : Redis replication for $ { EnvironmentName } Engine : redis CacheNodeType : cache.r5.large NumNodeGroups : 1 ReplicasPerNodeGroup : 1 AutomaticFailoverEnabled : true MultiAZEnabled : true CacheSubnetGroupName : !Ref CacheSubnetGroup CacheParameterGroupName : !Ref CacheParameterGroup VpcSecurityGroupIds : - !Ref CacheSecurityGroup Outputs : CacheClusterId : Value : !Ref ReplicationGroup Export : Name : !Sub $ { EnvironmentName } - CacheClusterId CacheEndpoint : Value : !GetAtt ReplicationGroup.PrimaryEndPoint.Address Export : Name : !Sub $ { EnvironmentName } - CacheEndpoint CachePort : Value : !GetAtt ReplicationGroup.PrimaryEndPoint.Port Export : Name : !Sub $ { EnvironmentName } - CachePort CacheReaderEndpoint : Value : !GetAtt ReplicationGroup.ReaderEndPoint.Address Export : Name : !Sub $ { EnvironmentName } - CacheReaderEndpoint Application stack imports these values:

application-stack.yaml

AWSTemplateFormatVersion : 2010-09-09 Description : Application stack that imports from cache stack Parameters : CacheStackName : Type : String Description : Name of the cache stack Default : cache - stack Resources : ApplicationConfig : Type : AWS : : SSM : : Parameter Properties : Name : /app/cache/endpoint Value : !ImportValue Fn::Sub : $ { CacheStackName } - CacheEndpoint Type : String LambdaFunction : Type : AWS : : Lambda : : Function Properties : Runtime : python3.11 Handler : app.handler Environment : Variables : CACHE_ENDPOINT : !ImportValue Fn::Sub : $ { CacheStackName } - CacheEndpoint ElastiCache Components Cache Subnet Group Required for VPC deployment. Must include at least 2 subnets in different AZs. Resources : CacheSubnetGroup : Type : AWS : : ElastiCache : : SubnetGroup Properties : Description : Subnet group for ElastiCache SubnetIds : - !Ref PrivateSubnet1 - !Ref PrivateSubnet2 - !Ref PrivateSubnet3 Tags : - Key : Name Value : !Sub $ { AWS : : StackName } - cache - subnet Cache Parameter Group Custom parameter groups for cache configuration. Resources : CacheParameterGroup : Type : AWS : : ElastiCache : : ParameterGroup Properties : Description : Custom parameter group for Redis 7.x Family : redis7.x Parameters :

Memory management

maxmemory-policy : allkeys - lru maxmemory-samples : 5

Connection settings

timeout : 300 tcp-keepalive : 300

Slow log

slowlog-log-slower-than : 10000 slowlog-max-len : 128 Tags : - Key : Name Value : !Sub $ { AWS : : StackName } - cache - param Redis Parameter Groups (Common Configurations)

For caching with LRU eviction

CacheParameterGroup : Type : AWS : : ElastiCache : : ParameterGroup Properties : Description : Redis LRU cache config Family : redis7.x Parameters : maxmemory-policy : allkeys - lru maxmemory-samples : 5

For session storage

CacheParameterGroup : Type : AWS : : ElastiCache : : ParameterGroup Properties : Description : Redis session store config Family : redis7.x Parameters : maxmemory-policy : volatile - lru timeout : 3600 tcp-keepalive : 60

For Redis Cluster

CacheParameterGroup : Type : AWS : : ElastiCache : : ParameterGroup Properties : Description : Redis Cluster config Family : redis7.x Parameters : cluster-enabled : yes timeout : 5000 Memcached Parameter Groups (Common Configurations) Resources : MemcachedParameterGroup : Type : AWS : : ElastiCache : : ParameterGroup Properties : Description : Memcached parameter group Family : memcached1.6 Parameters : max_item_size : 10485760 request_max_size : 2097152 connection_idle_timeout : 600 Cache Cluster - Redis Standalone Resources : RedisCacheCluster : Type : AWS : : ElastiCache : : Cluster Properties : CacheClusterIdentifier : redis - standalone CacheNodeType : cache.t3.medium NumCacheNodes : 1 Engine : redis EngineVersion : "7.0" CacheSubnetGroupName : !Ref CacheSubnetGroup CacheParameterGroupName : !Ref CacheParameterGroup VpcSecurityGroupIds : - !Ref CacheSecurityGroup AutoMinorVersionUpgrade : true SnapshotRetentionLimit : 0 SnapshotWindow : 05 : 00 - 06:00 Cache Cluster - Memcached Resources : MemcachedCacheCluster : Type : AWS : : ElastiCache : : Cluster Properties : CacheClusterIdentifier : memcached - cluster CacheNodeType : cache.m5.large NumCacheNodes : 3 Engine : memcached EngineVersion : "1.6" CacheSubnetGroupName : !Ref CacheSubnetGroup CacheParameterGroupName : !Ref MemcachedParameterGroup VpcSecurityGroupIds : - !Ref CacheSecurityGroup Replication Group - Redis with Automatic Failover Resources : RedisReplicationGroup : Type : AWS : : ElastiCache : : ReplicationGroup Properties : ReplicationGroupIdentifier : redis - replication ReplicationGroupDescription : Redis with automatic failover Engine : redis EngineVersion : "7.0" CacheNodeType : cache.r5.large NumNodeGroups : 1 ReplicasPerNodeGroup : 2 AutomaticFailoverEnabled : true MultiAZEnabled : true CacheSubnetGroupName : !Ref CacheSubnetGroup CacheParameterGroupName : !Ref CacheParameterGroup VpcSecurityGroupIds : - !Ref CacheSecurityGroup Replication Group - Redis Cluster Mode Resources : RedisClusterReplicationGroup : Type : AWS : : ElastiCache : : ReplicationGroup Properties : ReplicationGroupIdentifier : redis - cluster ReplicationGroupDescription : Redis Cluster with data partitioning Engine : redis EngineVersion : "7.0" CacheNodeType : cache.r5.xlarge NumNodeGroups : 3 ReplicasPerNodeGroup : 1 AutomaticFailoverEnabled : true MultiAZEnabled : true CacheSubnetGroupName : !Ref CacheSubnetGroup CacheParameterGroupName : !Ref CacheParameterGroup VpcSecurityGroupIds : - !Ref CacheSecurityGroup Cache Security Group Resources : CacheSecurityGroup : Type : AWS : : EC2 : : SecurityGroup Properties : GroupDescription : Security group for ElastiCache VpcId : !Ref VPCId GroupName : !Sub $ { AWS : : StackName } - cache - sg SecurityGroupIngress : - IpProtocol : tcp FromPort : 6379 ToPort : 6379 SourceSecurityGroupId : !Ref AppSecurityGroup Tags : - Key : Name Value : !Sub $ { AWS : : StackName } - cache - sg Global Replication Group (Cross-Region) Resources : GlobalReplicationGroup : Type : AWS : : ElastiCache : : GlobalReplicationGroup Properties : GlobalReplicationGroupIdSuffix : global GlobalReplicationGroupDescription : Global Redis replication Members : - ReplicationGroupId : !Ref PrimaryReplicationGroup ReplicationGroupRegion : !Ref AWS : : Region - ReplicationGroupId : !Ref SecondaryReplicationGroup ReplicationGroupRegion : us - west - 2 Security and Encryption Encryption at Rest and In Transit Resources : CacheParameterGroup : Type : AWS : : ElastiCache : : ParameterGroup Properties : Description : Redis with encryption Family : redis7.x Parameters :

TLS configuration

tls-enabled : yes CacheSecurityGroup : Type : AWS : : EC2 : : SecurityGroup Properties : GroupDescription : Encrypted cache security group VpcId : !Ref VPCId SecurityGroupIngress : - IpProtocol : tcp FromPort : 6379 ToPort : 6379 SourceSecurityGroupId : !Ref AppSecurityGroup CacheCluster : Type : AWS : : ElastiCache : : Cluster Properties : CacheNodeType : cache.r5.large NumCacheNodes : 1 Engine : redis CacheSubnetGroupName : !Ref CacheSubnetGroup CacheParameterGroupName : !Ref CacheParameterGroup VpcSecurityGroupIds : - !Ref CacheSecurityGroup

Encryption settings

AtRestEncryptionEnabled : true TransitEncryptionEnabled : true AuthToken : !Ref CacheAuthToken Using Secrets Manager for Auth Token Resources : CacheAuthTokenSecret : Type : AWS : : SecretsManager : : Secret Properties : Name : !Sub $ { AWS : : StackName } /elasticache/auth - token Description : ElastiCache Redis authentication token SecretString : !Sub '{"auth-token":"${CacheAuthToken}"}' CacheCluster : Type : AWS : : ElastiCache : : Cluster Properties : CacheNodeType : cache.r5.large NumCacheNodes : 1 Engine : redis CacheSubnetGroupName : !Ref CacheSubnetGroup VpcSecurityGroupIds : - !Ref CacheSecurityGroup TransitEncryptionEnabled : true AuthToken : !Ref CacheAuthToken High Availability and Scaling Multi-AZ with Automatic Failover Resources : RedisReplicationGroup : Type : AWS : : ElastiCache : : ReplicationGroup Properties : ReplicationGroupDescription : Multi - AZ Redis with failover Engine : redis CacheNodeType : cache.r5.large NumNodeGroups : 1 ReplicasPerNodeGroup : 2 AutomaticFailoverEnabled : true MultiAZEnabled : true CacheSubnetGroupName : !Ref CacheSubnetGroup VpcSecurityGroupIds : - !Ref CacheSecurityGroup Memcached Horizontal Scaling Parameters : NumCacheNodes : Type : Number Default : 3 MinValue : 1 MaxValue : 20 Resources : MemcachedCluster : Type : AWS : : ElastiCache : : Cluster Properties : CacheClusterIdentifier : memcached - cluster CacheNodeType : cache.m5.xlarge NumCacheNodes : !Ref NumCacheNodes Engine : memcached CacheSubnetGroupName : !Ref CacheSubnetGroup VpcSecurityGroupIds : - !Ref CacheSecurityGroup Redis Scaling - Read Replicas Resources : RedisReplicationGroup : Type : AWS : : ElastiCache : : ReplicationGroup Properties : ReplicationGroupDescription : Redis with read replicas Engine : redis CacheNodeType : cache.r5.large NumNodeGroups : 1 ReplicasPerNodeGroup : 3 AutomaticFailoverEnabled : true MultiAZEnabled : true CacheSubnetGroupName : !Ref CacheSubnetGroup VpcSecurityGroupIds : - !Ref CacheSecurityGroup Best Practices Use AWS-Specific Parameter Types Always use AWS-specific parameter types for validation and easier selection. Parameters : CacheNodeType : Type : AWS : : ElastiCache : : CacheCluster : : CacheNodeType Description : ElastiCache node type CacheSubnetGroup : Type : AWS : : ElastiCache : : SubnetGroup : : Name Description : Cache subnet group VpcSecurityGroup : Type : AWS : : EC2 : : SecurityGroup : : Id Description : Security group for cache Enable Encryption for Production Resources : CacheCluster : Type : AWS : : ElastiCache : : Cluster Properties :

Encryption at rest

AtRestEncryptionEnabled : true

Encryption in transit

TransitEncryptionEnabled : true

Authentication

AuthToken : !Ref CacheAuthToken Use Multi-AZ for Production Conditions : IsProduction : !Equals [ !Ref Environment , production ] Resources : RedisReplicationGroup : Type : AWS : : ElastiCache : : ReplicationGroup Properties : AutomaticFailoverEnabled : !If [ IsProduction , true , false ] MultiAZEnabled : !If [ IsProduction , true , false ] ReplicasPerNodeGroup : !If [ IsProduction , 2 , 1 ] Use Proper Naming Conventions Resources : CacheCluster : Type : AWS : : ElastiCache : : Cluster Properties : Tags : - Key : Name Value : !Sub $ { Environment } - $ { Application } - redis - Key : Environment Value : !Ref Environment - Key : Application Value : !Ref ApplicationName - Key : ManagedBy Value : CloudFormation Separate Cache and Application Stacks

cache-stack.yaml - Rarely changes

AWSTemplateFormatVersion : 2010-09-09 Description : Cache infrastructure (VPC , subnets , ElastiCache) Resources : CacheSubnetGroup : AWS : : ElastiCache : : SubnetGroup CacheParameterGroup : AWS : : ElastiCache : : ParameterGroup CacheSecurityGroup : AWS : : EC2 : : SecurityGroup CacheCluster : AWS : : ElastiCache : : Cluster

application-stack.yaml - Changes frequently

AWSTemplateFormatVersion : 2010-09-09 Description : Application resources Parameters : CacheStackName : Type : String Resources : ApplicationConfig : AWS : : SSM : : Parameter Use Pseudo Parameters Use pseudo parameters for region-agnostic templates. Resources : CacheCluster : Type : AWS : : ElastiCache : : Cluster Properties : CacheClusterIdentifier : !Sub $ { AWS : : StackName } - $ { AWS : : Region } Tags : - Key : Region Value : !Ref AWS : : Region - Key : AccountId Value : !Ref AWS : : AccountId Validate Before Deployment

Validate template

aws cloudformation validate-template --template-body file://template.yaml

Use cfn-lint for advanced validation

pip install cfn-lint cfn-lint template.yaml

Check for AWS-specific issues

cfn-lint template.yaml --region us-east-1 Stack Policies Stack policies protect critical resources from unintended updates during stack operations. { "Statement" : [ { "Effect" : "Allow" , "Action" : "Update:" , "Principal" : "" , "Resource" : "" } , { "Effect" : "Deny" , "Action" : [ "Update:Replace" , "Update:Delete" ] , "Principal" : "" , "Resource" : "LogicalResourceId/CacheCluster" } , { "Effect" : "Deny" , "Action" : [ "Update:Replace" , "Update:Delete" ] , "Principal" : "*" , "Resource" : "LogicalResourceId/ReplicationGroup" } ] } Drift Detection Drift detection identifies when the actual infrastructure configuration differs from the CloudFormation template. Detecting Drift

Detect drift on entire stack

aws cloudformation detect-stack-drift \ --stack-name production-elasticache

Detect drift on specific resources

aws cloudformation detect-stack-drift \ --stack-name production-elasticache \ --logical-resource-ids CacheCluster,CacheParameterGroup

Get drift detection status

aws cloudformation describe-stack-drift-detection-status \ --stack-drift-detection-id < detection-id

Drift Detection Response { "StackResourceDrifts" : [ { "LogicalResourceId" : "CacheCluster" , "PhysicalResourceId" : "production-cache-cluster" , "ResourceType" : "AWS::ElastiCache::Cluster" , "StackId" : "arn:aws:cloudformation:us-east-1:123456789:stack/production-elasticache/..." , "DriftStatus" : "MODIFIED" , "PropertyDifferences" : [ { "PropertyPath" : "NumCacheNodes" , "ExpectedValue" : "3" , "ActualValue" : "2" } ] } ] } Related Resources For advanced patterns: See EXAMPLES.md For reference: See REFERENCE.md AWS CloudFormation User Guide: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/ ElastiCache Documentation: https://docs.aws.amazon.com/AmazonElastiCache/latest/redsug/ Redis Documentation: https://redis.io/documentation Memcached Documentation: https://memcached.org/documentation

返回排行榜