Join AWS and Kion to accelerate your compliance initiatives. Learning, networking, & food included. Register here

Blog Automation & Orchestration AWS Cloud Enablement

Automate Infrastructure with CloudFormation and Webhooks

7 min read

Do more photo by carl heyerdahl

Last updated on March 16th, 2023 at 4:48pm

Cost savings, improved reliability and testability, faster updates: these are just a few of the benefits when you automate infrastructure creation.

CloudFormation templates and Webhooks are two paths to automation. CloudFormation templates are ideal if you are getting started in a new effort and need to take a greenfield approach. (See our earlier post for details on using CloudFormation to perform a rolling deployment on AWS.) Webhooks are useful if you must incorporate existing solutions for creating infrastructure.

In this post, we'll show you how Cloud Rules can help you bring even more automation to both of these approaches.

What are CloudFormation Templates?

AWS CloudFormation is a native service provided by Amazon Web Services (AWS) that helps you model and set up your AWS resources. It provides a way to automate the creation and management of infrastructure as code. With CloudFormation, you can define a template that describes the AWS resources and dependencies required to run your application. CloudFormation provisions these resources in a reliable and repeatable way, saving time and minimizing the risk of errors.

Using CloudFormation, you can create and manage a collection of related AWS resources, deploy and update them in an orderly and predictable fashion, and roll back changes if necessary. You can create templates in either JSON or YAML format and use them to define resources such as EC2 instances, RDS databases, VPCs, and many other AWS services.

CloudFormation can be used for a variety of scenarios, from simple to complex, such as creating a single EC2 instance or setting up an entire multi-tier application with autoscaling and load balancing. It supports a wide range of AWS services and resources, as well as third-party resources from the AWS Marketplace.

What are CloudFormation Rules?

A CloudFormation Rule is an optional section in CloudFormation templates that allows you to validate parameter values before creating or updating resources. With Rules, you can ensure that the values provided for the parameters meet the specific criteria or conditions that you define using rule-specific intrinsic functions. By validating parameter values, you can prevent the creation or update of an AWS CloudFormation stack with incorrect or inappropriate configurations.

Each Rule in the Rules section consists of two properties:

  • Rule condition (optional): Determines when a rule takes effect. It is defined using rule-specific intrinsic functions, and its final result must be either true or false.
  • Assertions (required): Describes what values users can specify for a particular parameter. Assertions are defined using rule-specific intrinsic functions and must evaluate to either true or false.

Using Rules, you can define conditional validation and cross-parameter validation for your CloudFormation templates. This allows you to maintain better control over the parameter values used in stack creation and updates, ensuring that your infrastructure is deployed and managed according to the desired specifications.

The Automation Benefits of Cloud Rules

A Cloud Rule is a collection of cloud-specific resources (think AWS IAM Policies, AWS Service Catalog Portfolios, AWS CloudFormation templates, Azure Role Definitions) that can be applied to cloud accounts in a managed way. Cloud Rules are hierarchical and inheritable, giving you even more opportunities for automation. If you apply a Cloud Rule at the top of your cloud organizational structure, all the child Projects (i.e., accounts) below will inherit the Cloud Rule. Cloud Rules can also be applied locally to a specific project and users can request exemptions from a Cloud Rule. Cloud Rules can be applied at any time.

Using Cloud Rules with CloudFormation Templates

Let’s take a look at how you can launch infrastructure in an account by attaching a CloudFormation template to a Cloud Rule in

From the Cloud Management tab, select AWS CloudFormation templates and then Create CloudFormation template.

The template used in this tutorial launches a single EC2 instance, and the CloudFormation template does not accept any Parameters. If you have a template that accepts Parameters, ensure they are formatted correctly. Check out the AWS DevOps blog for more information on formatting your CloudFormation Stack Parameters.

Select the appropriate region where this CloudFormation stack will be created, and select the appropriate owner(s) for management of the CloudFormation template in

add a cloud formation template in cloudtamer

Once you have successfully created your CloudFormation Template, you can associate this with a Cloud Rule.

Under Cloud Management, navigate to Cloud Rules and click on the + icon.

add a new cloud rule in cloudtamer

Give the Cloud Rule a descriptive name, select the appropriate owner(s), and select the AWS CloudFormation template we just created.

fields for cloud rule

After creating this Cloud Rule, we’ll add the Rule at the project level. After applying the Rule, the CloudFormation stack will be launched in the AWS account within this project.

After selecting the project, navigate to the Cloud Management tab and select Add Existing Cloud Rule. A modal will display. Select the Cloud Rule we created previously, and click Confirm selection.

You’ll see the Cloud Rule displayed, along with an indicator of its origin (in this case, local) and the status.

display cloud rule screen

If you federate into the account from the Accounts tab, you’ll see that your CloudFormation template has been created.

cloudformation template created confirmation

That’s all it takes to automate infrastructure via Cloud Rules and CloudFormation templates. For cleanup, you can simply remove the Cloud Rule from the project, and this will delete the CloudFormation stack in the AWS Account.

Using Cloud Rules with Webhooks

So, you’ve seen how to create infrastructure using a greenfield approach. But what if you have existing tools that you’re using in your environment to create your infrastructure? Combining Cloud Rules and Webhooks can address this scenario.

Webhooks allow you to send data to a web endpoint in JSON format so you can act on an AWS account and extend the functionality of This allows you to integrate your existing services and tools with to perform actions that are difficult or not available via IAM policies and CloudFormation templates.

In this next example, we’ll create a webhook that will trigger a Jenkins pipeline to create infrastructure in an AWS account. Navigate to the Cloud Management tab, select Webhooks, and click Create Webhook.

create webhook screen

Enter a name and description for your webhook. Select the Send Access Keys checkbox; this allows to send temporary AWS API keys for the respective AWS Account. For Callout URL enter the URL to invoke your Jenkins job. The URL should follow the format in the screenshot below. Refer to the Jenkins wiki to get webhooks set up in your Jenkins environment.

add webhook screen

Once your Callout URL has been set, click Test webhook. If everything is successful, you’ll get a success message.

test webhook screen

Click Create Webhook when you're finished testing.

Next, we’ll create a new Cloud Rule from the Cloud Management tab and associate this with our webhook.

Name your Cloud Rule, set the appropriate ownership, and set the Pre-Rule Webhook field with the webhook you created. Your Cloud Rule should look something like this:

create cloud rule screen

After creating your Cloud Rule we can follow the steps from the first tutorial to apply your Cloud Rule at the project level. Navigate to an existing Project, and select the Cloud Management tab. Select Cloud Rules and click Add Existing Cloud Rule. From the drop-down menu select the Cloud Rule created in our previous step and click Confirm Selection.

Navigate to your Jenkins and you should see your pipeline running. In this demo we are using an existing pipeline that handles deleting the default VPC and creating a new VPC in the AWS Account.

view pipeline screen

That’s all it takes to automate infrastructure with CloudFormation templates, Webhooks, and For additional information on these components – and sample webhook code – customers can check out the Guides in our Support Center.

Kion Newsletter

Start your cloud enablement journey.

Request a demo today,