Condensation: The missing link between CloudFormation and Lambda

October 2, 2015

Condensation brings together two great services from AWS, CloudFormation and Lambda, by turning their parts into a composable project. In the case of Lambda, code (in a Condensation asset particle) can be packaged alongside a template (another Condensation particle) that defines properties and resources needed for execution.  Particles, reusable modules and assets are the core of a Condensation project.  They can be as small as a single parameter, as large as an entire template, or any set of resources in-between.  Packaged and deployed to S3 as a unit, templates automatically link to assets (and other templates) within a project.  The project can be deployed in as many regions and buckets as necessary, with every deployment acting as an independent implementation.  Create deployments for us-east-1, us-west-2, development, UAT, or production. In any region and any environment, code and infrastructure are tracked and linked together.

Real Project, Real Results

To demonstrate the concept of particles with Lambda we have taken CloudSploit Scans, an open source configuration and security scanning tool highlighted by Jeff Barr, and created a condensation project, particles-cloudsploit-scans. The project references CloudSploit Scans as a submodule.  When built with condensation the submodule is updated, dependencies are installed and the code is rolled up into a zip file ready to be put on S3.  At the same time, a template is created that accepts an optional ExecutionRole parameter.  The template re-uses code from particles-common-core to create the parameter and an is_empty condition.  If an ExecutionRole is not provided one will be created with the recommended policy from CloudSploit. Both the zip file and the template are packaged together and deployed to a bucket in every region that supports Lambda.  This goes a step further than simply replicating a bucket from one region to another.  The template will always reference the URL of the asset that it was deployed with.  In us-east-1, the template is linked to the asset in us-east-1, in us-west-2, the template is linked to the asset in us-west-2 and so on. If CloudSploit is part of a bigger project, this project can be referenced from any other condensation project as a particle.  Install it as a npm dependency and use the templateS3Url helper provided by condensation.  There is no need to copy and paste template code. To make this even easier to use, we have compiled and deployed particles-cloudsploit-scans to publically accessible S3 buckets.  Use the launch button below to install CloudSploit in your own account.

  • us-east-1        Launch Stack
  • us-west-2        Launch Stack
  • eu-west-1        Launch Stack
  • ap-northeast-1 Launch Stack

Other Posts You Might Be Interested In

Lambda Formation: Rocket fuel for AWS CloudFormation

Since the launch announcement in late 2014, Lambda has become one of the most popular and fastest growing services on AWS.  With no infrastructure to worry about, there’s... Read More

CloudFormation Scoping for Beginners

When most people begin working with CloudFormation, they usually start with examples or tutorials they find online. After that, they quickly start combining and adding their... Read More

Condensation: Bringing DevOps and Code Reuse to AWS CloudFormation

Kevin McGrath, Senior CTO Architect, giving his AWS Lightning Talk at the Partner Theater Last Wednesday, Senior CTO Architect, Kevin McGrath, from Sungard Availability... Read More