Last Updated: February 25, 2016
· kunday

Continuous deployment with cloud formation and cfn-hup

Cloud formation lets you create application stacks from scratch in EC2. In my project I use cloud formation to do continuous deploys using cfn-hup with every git push. If you haven’t used cloud formation before, there are plenty of tutorials on the web to get you started.


The application is bundled into a RPM using FPM with all the application dependencies and post install scripts to be executed when the RPM is installed.

Packaging and CFN-Script:

As a part of the CI build, RPM of the app is created and uploaded to S3 tagged as ‘latest’ and the cfn-script downloads the RPM and installs it. An example looks like:

curl ‘package_url’ > /tmp/earmark-app.rpm
yum erase -y earmark-app
yum install /tmp/earmark-app.rpm

CFN-HUP Configuration:


Waiting on Resource Condition:

You can use ApplicationWaitHandle & ApplicationWaitCondition to signal cloud formation deploy to wait until the installation of the package to complete. You can then use cfn-signal to indicate cloud formation stack that the particular action is complete. If cfn-signal isn’t received within a specified time period, the stack creation will fail. Here is an example WaitCondition:

“ApplicationWaitCondition” : {
“Type” : “AWS::CloudFormation::WaitCondition”,
“Properties” : {
“Count” : “1”,
“Handle” : {“Ref” : “ApplicationWaitHandle”},
“Timeout” : “300”
“ApplicationWaitHandle” : {
“Type” : “AWS::CloudFormation::WaitConditionHandle”
You can then wait on this condition in your stack by using:
“LoadBalancer”: {
“DependsOn”: “ApplicationWaitCondition”,

Signalling Cloud Formation:

You can then signal cloud formation that the install was successful using:

"/opt/aws/bin/cfn-signal -e 0 -r "Application Installation Complete." ‘", { "Ref" : "ApplicationWaitHandle" }, "’\n"


Cfn-hup checks for updates on the stack every 15 minutes by default and there is no way to alter the duration.
Cfn-hup cannot be used to signal stack wait during stack updates.
Cfn-hup failures aren’t propagated back to the stack events which could result in a false positivies even when update fails.

1 Response
Add your response


Arvind, thanks for sharing this information. I can see how this works for the initial CloudFormation stack creation. In fact, I use something very similar. However, what happens when you update your app's code? In that case, do you still create an RPM of the app and upload to S3 tagged as 'latest' [I'm using to an S3-based RPM repo]? If so, how does cfn-hup pick up the fact that there's a new version of your app available even though it's tagged "latest", same as the old version? I'd love to see how this works.

over 1 year ago ·