AWS CloudFormer for Non Default VPC

AWS CloudFormer helps you to create a CloudFormation template fcfnrom the AWS resources currently running in your account using a few simple steps. The current CloudFormer makes use of the Default VPC to get started; this is usually fine except for the scenarios where we have deleted the Default VPC. This is CloudFormer template forked from AWS provided to extend the capability to provide the ability to specify the VPC.

View in GitHub


If I were to write AWS CloudFormation template

This is a post where I would like to share about the things which I picked up over the course of time which has come really enjoyable writing an AWS CloudFormation template.

1. Editor : Sublime Text Editor with Neon Theme

I use Sublime Text Editor with Neon Theme to save time and not going mad over the missing { or } during the development phase. Sublime editor highlights the closing or opening of the braces which aids not having to run the counting of [Push & Pop] Compliers’ Stack program for the braces. It is not that other IDEs like Visual Studio or Eclipse or PyCharm are not useful; well actually they all have in fact inbuilt plugins with CloudFormation to deploy directly; but Sublime is light weight and simple. The intellisense like code suggestion in Sublime would really help not having to ignore the long naming styling for easy readability; example : ADInstanceEIP, ADInstanceEIPAttachment wouldn’t be a problem as the Sublime editor would automatically prompt that for you.

Untitled picture

To summarize, Sublime editor helps highlighting Opening and Closing { } and has a very good code suggestion and nice color.

2. Use the File format as JSON

The .json file extension for the CloudFormation template just works fine and we don’t have a hard and fast rule to use the .template all the time. Actually using the .json activates the IDEs to treat the code base with intelligence, syntax coloring and code suggestion prompts.

3. Prefer Mappings over Parameters

When I started writing the CloudFormation template, I used Parameters where ever possible and when ever possible; there by having the possibility of dynamism in the CloudFormation template. Essentially, that may not be true all the cases. It was more like a thumb-rule to use AMI mappings in MAPPINGS block and rest of them in Parameters.


When I realized there was a very very handful number of times, I actually had used the parameters. When I moved the entities from Parameters to Mappings; I actually started building the Class like structure for the entire stack. It is not hard coding at the same time easy to have all the things that would change in exactly one place and aid rapid copy pasting functionality.


3. Region Mapping with AZ Dropdown

All the sample templates from CloudFomation library has the region mapping; so template becomes region independent with no additional effort except that you need to ensure the AMI are created (or copied) to the designated regions and those AMIs are placed in Mappings block.


I use the AWS::EC2::AvailabilityZone::Name which is extremely handy during my AWS DR Scenario or DR-like Scenario or DR Drills [ Yes I just coined the term DR-like Scenario 🙂 ] where it prompts the available AZ.

4. Splitting CloudFormation Templates – Networks Separately, Instance Separately [Nested Stack]

Nested Stacks would be in the must use case where the environment involves several Route Table Routes and/or ACL rules as every single rule is resource in the terminology of the CloudFormation where it is currently maxed at 200 resources. The solution is to separate the Route Table rules in a separated nested template and ACL rules in a different one.

5 . A Resource can wait for dependency of completion after multiple other Resources

There are few cases where you might need to wait for multiple resources to be completed before initiating the new resources creation; this is not required most of the time but during the demo :).

Also the DependsOn doesn’t require usage of Ref i.e. DependsOn : {Ref : “Resource”} but DependsOn : “Resource” or  DependsOn : [“Resource”]


6. Don’t use IDE’s Default format code

I prefer to not use any of the IDE’s default formatting options as IMHO make the code look long if there is anything it make the JSON / JS code look lengthier.

[Solved] Amazon Workspaces Registration Service Failure

If you encounter an error indicating cannot connect to Amazon Workspaces’ Registration Services; well actually it has nothing to do with the network or connectivity issues. The error info is actually misleading.

Workspaces Unable to Connect Registration Service

Getting to the end of the topic to know about the fix; is to key in the new WORKSPACE REGISTRATION CODE. That can be found from the Amazon Management Console where the new Workspace was provisioned.


Once you grab the registration code; you can change it from the Workspace Application Options.

Manage Registrations


Once a proper registration code is specified; you are good to go if see all the checks passed.


After you complete your credentials configuration provided to you via. the email. You should be able to login to your newly launched Workspace Instance.


AWS Wish List : Set Query Filter VPC globally in AWS Management Console

This is yet another wish list for AWS Management Console‘s Usability Feature which I feel IMHO would improve the usability and controls the error & recreation of the VPC Components.

It is unimaginable to work without the Filtering the SELECTED VPC in production work loads in VPC Menu of AWS Management Console. I remember how my life would be for the project which had 4 VPC and each of it had 30+ Subnets by extension that many Route Tables and ACLs.  Having all the VPC components listed altogether gives the room for wrong configuring the network entities. It is very hard for humans to fully read between app-dmz-subnet-az1 and app-dmz-subnet-az2. The more horrifying reality is there is no UNDO.

I really should thank AWS team for continuously improving their services with new features and improvements. I would like to request and add the below to their list for AWS Management Console – Specifically for VPC Menu.

Current Setup :

There is a Dropdown Box which has the list of the VPCs running in that account in the selected Region. Selecting a VPC filters and shows only the components belonging to that VPC and this is applicable for all the entities [ Subnets, Route Tables, ACLs, Security Groups etc. ].

On a different note – a newly created (hence unattached) Internet Gateway wouldn’t show up if the VPC filter is ON.  This has trolled me hard time [it was a very long 5 mins. of searching and pondering in my life then.]

Problem :

Yes, the filter is applied across the board for the AWS Management console – except for the popup / dialog box to create a new entity. What happens is that, the state of the selected VPC filter isn’t showing up in the dialog box and by default the last created VPC.

VPC Filter


This would just surprise again where did my Subnet Go – I remember creating it just now.

Feature Request :

Continue the state of the currently applied VPC filter for the dialog boxes as well. aims at providing easy access to manage and navigate across multiple Amazon Web Services (AWS) Accounts and bookmarking. AWS strongly recommends usage of IAM Access and the structure of the AWS IAM Login Portal or with AWS Alias; for which the URL isn’t rememberable (easily) thus leaning towards the usage of root account. Today DevOps and Cloud Architects have the need to manage across multiple AWS accounts and adding more to the problem of remembering the AWS IAM Portal.

The feature of include

  • Maintain Bookmarks of AWS accounts
  • No data Stored at Server [effective use of Local Storage]
  • One-Click Navigation to AWS account

Categories AWS

Scope of AWS Entities

AWS has a vast ecosystem of services and entities. There are few intricacies like EC2 Snapshots’ scope is at Region level but where as its cousin EC2 Volume’s scope is at Availability Zone. Below is the list of such tabulation and certainly it is not exhaustive.

AWS Resource Scope Hierarchy Region Hierarchy Sharing
VPC Account Region
Subnet Account > VPC Region > Availability Zone
Route Table Account > VPC Region
ACL Account > VPC Region
Internet Gateway Account > VPC Region
DHCP Option Set Account
Elastic IP Account Region
Endpoints Account > VPC Region
Peering Connection Account > VPC & VPC Region Peer-able to VPC under same account or different Account
Security Groups Account > VPC Region
Customer Gateway Account Region
Virtual Private Gateway Account Region
EC2 – Instance Account > VPC > Subnet Region
EC2 – Images Account Region Sharable to external account(s) or entire public
EC2 – Snapshot Account Region Sharable to external account(s) or entire public
EC2 – Volume Account Region > Availability Zone
EC2 – Reserved Purchases Account Region > Availability Zone > [Specific Instance Size, Type, etc.]
EC2 – Key Pairs Account Region
ELB Account > VPC Region
ENI Account > VPC  > Subnet Region
IAM User Account Global
IAM Role Account Global
IAM Group Account Global
IAM Customer Managed Policy Account Global
IAM Identity Providers Account Global
RDS Instance Account Region
RDS Reserved Purchase Account Region > [Instance Class, AZ]
RDS Snapshot Account Region Sharable to external account(s)
RDS Parameters Account Region
RDS Option Group Account Region
RDS Subnet Group Account > VPC Region
Categories AWS