When you are setting up an environment on AWS cloud, you need to go through many steps, like creation of IAM roles, Security groups, Databases, EC2 instances, load balancers etc. Often one resource is dependent on other and hence you have to create components one by one which can be time consuming. With Cloudformation scripts one can easily get the deployment steps automated. And most importantly, the script is reusable any number of times. So if I want to replicate a stage setup on production or another setup in another region, it is easily possible.
One can create template in JSON or YML formats. The template is submitted to cloud formation which executes the template and create the stack which is actual environment with all the mentioned components.
Another important thing is that you can not only create infrastructure, but also do required settings. For example, I needed to get setup for application done on EC2, which I was easily able to do with UserData section.
Here is an example
Resources: AppNode1: Type: AWS::EC2::Instance Properties: InstanceType: XXXXX # type here ImageId: ami-XXXX # any ami here KeyName: XXXX # name of the key if already exising or create a new one IamInstanceProfile: !Ref InstanceProfile NetworkInterfaces: - AssociatePublicIpAddress: true DeleteOnTermination: true Description: ENI for bastion host DeviceIndex: '0' SubnetId: subnet-XXXXX GroupSet: - !Ref AppNodeSG UserData: "Fn::Base64": "Fn::Sub": | #!/bin/bash cd /root/ apt-get update apt-get -y install awscli aws s3 cp s3://XXXX/XXXX.XXX ~/some location #One can install servers, download wars and deploy at runtime AppNode2: Type: AWS::EC2::Instance Properties: # create another instance AppNodeSG: # Security group to give access to ssh and port 80 Type: AWS::EC2::SecurityGroup Properties: GroupDescription: SecurityGroup for new AppNode VpcId: vpc-XXXXX SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 0.0.0.0/0 InstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: / Roles: [S3FullAccess] # S3FullAccess Role created Manually, so that my EC2 instance can access S3.