diff --git a/runningnotes.md b/runningnotes.md
index 997984a..15d3906 100644
--- a/runningnotes.md
+++ b/runningnotes.md
@@ -183,6 +183,8 @@ You can then run Strapi with `npm run develop` or `NODE_ENV=production npm run s
(example of deploying an S3 bucket with static site `index.html`.)
+### Creating templates
+
To create a cloudformation template you should create a `template.yaml`. This yaml file should have at the top:
```yaml
@@ -192,16 +194,125 @@ Description: A simple CloudFormation template
Then you should add a `Resources` key and populate this with all the infrastructure you need to provision.
-### Creating templates
+### Adding resources
Documentation for all AWS resources is: .
A good approach is to use the GUI to create an object, and then lookup the cloudformation template as you go along.
+### Using parameters
+
+
+
+You can use parameters in your templates. This allows you to use names/resources from other templates, or specify them at creation on the CLI.
+
+To use a parameter you should create a `Parameters` section in the yaml on the same level as a `Resources`.
+
+```yaml
+Parameters:
+ InstanceTypeParameter:
+ Type: String
+ Default: t2.micro
+ AllowedValues:
+ - t2.micro
+ - m1.small
+ - m1.large
+ Description: Enter t2.micro, m1.small, or m1.large. Default is t2.micro.
+```
+
+### Using outputs
+
+
+
+### Using functions
+
+A list of all Cloudformation functions is: .
+
+`Fn::Select` will select a single object from a list of objects by index.
+
+`Fn::GetAZs` returns an array that lists all availability zones for a specified region.
+
+`!Ref` returns the value of the specified parameter or resource.
+
+Example of these:
+
+```yaml
+PublicSubnet1:
+ Type: AWS::EC2::Subnet
+ Properties:
+ AvailabilityZone:
+ Fn::Select:
+ - 0
+ - Fn::GetAZs: !Ref "AWS::Region"
+```
+
+### Outputs
+
+You can use the `Outputs:` header in your Cloudformation templates to specify outputs to be used in other Cloudformation templates.
+
+
+
+```yaml
+Outputs:
+ PublicVPCID:
+ Description: The VPC ID.
+ Value: !Ref PublicVPC
+ Export:
+ Name: ELBStrapiPublicVPC
+```
+
+`Value` returns the value of the property by an `aws cloudformation describe-stacks` command. The value can contain literals, parameter references, pseudo-parameters, mapping values or functions.
+
+`Name` goes under `Export:` and is used for cross-stack reference. This name should be unique within a region. You can use this name in other Cloudformation templates to reference the `Value` you have specified above. You can set content in other cloudformation templates this way.
+
+You can refer to these in ELB `./config` files for example - allowing you to dynamically link to other AWS resources in your ELB environment.
+
+### Referencing other resources
+
+You can reference other resources in the template. This is useful say if you want to define a VPC and a subnet and reference the VPC from the subnet.
+
+To do this you should use the `!Ref` function:
+
+```yaml
+VpcId: !Ref PublicVPC
+```
+
+#### Pesudeo references
+
+You can also reference certain AWS references: .
+
+Examples include `AWS::AccountId` and `AWS::StackName` among others.
+
### Deploy a stack/template
To deploy, you should run the command: `aws cloudformation deploy --template-file template.yaml --stack-name static-website`
+### Tags
+
+When setting tags you can set them on individual resources in the Cloudformation template:
+
+```yaml
+Tags:
+ - Key: git
+ Value: web-dev
+ - Key: owner
+ Value: home
+ - Key: project
+ Value: strapi-elb
+ - Key: test
+ Value: true
+ - Key: deployment
+ Value: cloudformation
+```
+
+Alternatively if you have many tags to be shared across all resources you can set them when you use the CLI to deploy: `--tags git=web-dev owner=home project=strapi-elb test=true deployment=cloudformation`
+
+### Updating stack
+
+To update a stack you can use `deploy`. Note that the default behaviour is to create the new resources side by side, then once successful remove the old ones. You may run into errors when updating certain resources (updating a VPC subnet will fail as it has to create the new subnet alongside the existing one). You should remove the old stack by doing `delete-stack` first.
+
+`aws cloudformation delete-stack --stack-name temp-vpc --profile admin`
+
### Failure
If something goes wrong, you can use `describe-stack-events` and pass the `stack-name` to find the events leading up to the failure: `aws cloudformation describe-stack-events --stack-name strapi-s3`.
diff --git a/tempnotes.md b/tempnotes.md
index 013d89e..31714ed 100644
--- a/tempnotes.md
+++ b/tempnotes.md
@@ -13,3 +13,91 @@ Is the security group created without a databse? (probably yes...)
## Creating Database + VPC + Subnets in Cloudformation
Template from AWS showing cross-stack referencing and creating and referencing a VPC: .
+
+Export these in the CF template with stackname ()
+
+A security group is a resource that defines what IPs/Ports are allowed on inbound/outbound for an AWS resource. You can have one for EC2 instance, or RDS among others.
+
+ELB will create a VPC for your EC2 instances.
+
+You should use this VPC for you RDS instance.
+
+Creating a VPC for ELB (with RDS)
+
+## Single instance (no load balancer)
+
+Example cloudformation template that ELB uses: .
+
+Create a VPC - this is an object that spans all availability zones in a region. You assign a VPC a CIDR block. This is a set of IP addresses that this VPC has access to.
+
+You should create public subnets inside this VPC - these subnets should cover all availablility zones in your region. The CIDR block you specified in the VPC defines all the ips, you should create N subnets that equally contain these IP addresses for your region.
+
+For example a VPC in `eu-west-1` has a CIDR block of `172.31.0.0/16`.
+
+There are 3 availablity zones in `eu-west-1`: `eu-west-1a`, `eu-west-1b` and `eu-west-1c`.
+
+To find other availablity zones you should go to the EC2 Dashboard for the region you want to work in, and scroll down to the Service health header. Here, a list of all availability zones will be shown.
+
+You should create subnets with the following:
+
+| Availability Zone | Subnet CIDR | Real IP Range |
+| ----------------- | -------------- | --------------------------- |
+| `eu-west-1a` | 172.31.0.0/20 | 172.31.0.0 - 172.31.15.255 |
+| `eu-west-1b` | 172.31.16.0/20 | 172.31.16.0 - 172.31.31.255 |
+| `eu-west-1c` | 172.31.32.0/20 | 172.31.32.0 - 172.31.47.255 |
+
+This covers all IP addresses across all availability zones in the VPC.
+
+To make these subnets actually public, you should associate them with an internet gateway.
+
+An internet gateway is an object that allows communication to the internet. In Cloudformation you should create an internet gateway and a VPC Gateway attachment. This attachment should reference the VPC you have created and reference the internet gateway object you create as well. Then, in your subnets (which are public) you can use `MapPublicIpOnLaunch: true` in the `Properties` block for each subnet.
+
+You should then create a public route table and associate it with the VPC you have created.
+
+You should then create a public route. You can then attach the internet gateway attachment to this route and specify a list of IPs that will go out to the internet. To allow all trafic to the internet set a `DestinationCidrBlock` of `0.0.0.0/0`.
+
+### EC2::VPC
+
+#### Enable DNS
+
+Enable `EnableDnsHostnames` + `EnableDnsSupport` - this allows resources in the VPC to use DNS in AWS.
+
+### EC2::Subnet
+
+Go to the EC2 dashboard to find all availability zones. Create a subnet for each zone.
+
+- `AvailabilityZone`
+- `VpcId`
+- `CidrBlock`
+- `MapPublicIpOnLaunch`
+
+### EC2::InternetGateway
+
+### EC2::VPCGatewayAttachment
+
+- `VpcId`
+- `InternetGatewayId`
+
+### AWS::EC2::RouteTable
+
+- `VpcId`
+
+### AWS::EC2::Route
+
+- `RouteTableId`
+- `DestinationCidrBlock`
+- `GatewayId`
+
+### AWS::EC2::SubnetRouteTableAssociation
+
+- `SubnetId`
+- `RouteTableId`
+
+## Running notes
+
+If we specify the VPC + Subnets from Cloudformation in a config file, will it create the security groups automatically for the EC2 instances?
+
+Database can use existing subnets.
+Database needs a security group creating
+EC2 security groups automatically created and associated with the VPC.
+Use aws:ec2:vpc (https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html#command-options-general-ec2vpc)
diff --git a/todo.md b/todo.md
index 2df2659..5e3733a 100644
--- a/todo.md
+++ b/todo.md
@@ -39,3 +39,9 @@ Cloudformation template to deploy an S3 bucket
## Links
Decouple an exisitng RDS instance from ELB to RDS:
+
+Deploy the ELB environment referencing the VPC + Subnets created with Cloudformation. Use https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/vpc-rds.html as a reference.
+
+Check the security group defined in 06 is created successfully.
+
+Recreate env with database, check the DB subnets - are they the same as the EC2 subnets? If so we can reference them in https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html#command-options-general-ec2vpc with ELBSubnets