AWS Resource Creation and Naming Conventions

How Nucleator uses CloudFormation and adheres to design rules and conventions to consistently name AWS Resources across multiple AWS services.

AWS Resource Association with CloudFormation Stacks

Nucleator uses AWS CloudFormation extensively to create, manage and update AWS Resources within Nucleator Core Stacksets.  Each Stackset invokes a top-level CloudFormation stack that hierarchically invokes child CloudFormation stacks.  The top-level CloudFormation stack is named based on the Stackset name, Customer name and Account friendly name so that it can be easily identified.  Related child stacks are all prefixed with the name of their parent stack.

This approach associates all AWS resources that are provisioned within a Nucleator Stackset to the created CloudFormation template(s), and provides a strong mechanism that signals the purpose, intent and lifecyle requirements for each of the Resources that comprise the CloudFormation stack.

CloudFormation templates can be tricky to maintain and edit by hand.  The CloudFormation template that underlies each of these stacks is generated dynamically from templates and config/variables files that are maintained within Nucleator.  Common settings that change within the template are in many cases exernalized into YAML config files that make it easy for administrators to reflect their intent for common use cases (e.g. changing network ACL ingress/egress rules).  The approach also makes it possible to use CloudFormation's extensive capabilities to update stacks in place in running environments.

The association of resources with CloudFormation stacks also makes it straightforward to delete and re-create environments.  The Nucleator CLI exposes the ability to delete the top-level CloudFormation stack for each Stackset, which in turn propagates to deletion of child stacks.  The CloudFormation service manages the orchestration of resource deletion and considers ordering and dependencies among resources within each stack.

AWS Resource Naming

Associating Nucleator-provisioned resources with CloudFormation stacks provides one way to reliably identify sets of related resources over the lifecycle of your AWS Account.

Nucleator also names resources consistently, across multiple AWS Services.  Nucleator also propagates names that are persisted in tags to related downstream resources (e.g. name propagation from ec2 resources to EBS volumes and snapshots).

Nucleator names resources in such a way that they will not conflict with resources created for other Stacksets, Cutomers, Cages or Accounts.  This means that the names of resources include lots of business-meets-operations information that can also be used in the filtering and search functions of the AWS management console to help Ops and Business contributors to find resources.

Sometimes names assigned in one context create conflicts with underlying limitations associated with various AWS services.  In some cases Nucleator will transform provided underlying name fragments to ensure that names are appropriately unique, remove precluded characters, transform characters (e.g. "." to "-" in S3 names) and/or shorten names through the use of reproducible hashes.

Key Benefits

Key Benefits

Icon

Nucleator's approach to consistent resource naming and association with CloudFormation stacks provides the following benefits:

  • Simplified resource governance; related resources are named consistently and associated through the structure of CloudFormation stacks
  • Related resources can be easily discovered through the "Resources" tab in CloudFormation and by navigating parent/child stack relationships
  • Orchestration code for provisioning and resource dependency management is delegated to CloudFormation (important, this means you don't have to write and maintain it)
  • Deleting and re-provisioning related sets of resources is straightforward
  • Many common changes can be made via tweaks to yaml configs that flow into generated CloudFormation templates that flow into in-place Updates to running environments
  • Consistent design rules for resource naming means the user spends less energy working out and resolving naming conflicts and name restrictions on cloud resources for various services.
  • Consistently named resources across multiple accounts makes it easier to use the filtering and search capabilities of the AWS Management Console, improves clarity-of-purpose for provisioned infrastructure, and makes ops less error-prone

 


Next: Nucleator Resource Tagging

Installation Documentation Releases License Community