Scenario : If i already have a cloudformation stack(A) that has 5 instances that it deployed, Can I create a new Cloudformation stack (B) that will reference the first stack (A) to retrieve instance ID's to create a back up (Create Image [AMI])?
I only know how to launch the first stack.
You can create a cross-stack reference in Stack B to retrieve instance IDs from the outputs of Stack A. Here is a little tutorial on how to do this.
Related
I've created and deployed a production stack:
const app = new cdk.App();
const stack = new cdk.Stack(app, 'myorg-production-api');
Now It's important to change the naming schema, and I need this stack to be myorg-api-production-root.
Of course, I can do it by manually destroying the old one, and deploying the new one (both can't exist at the same time, because of the "singleton" resources like DNS records), but this means a huge downtime, which I need to avoid at all cost.
Can I somehow intervene into CDK's stack identity determination process and change stack names without the downtime?
No, it's not possible to change an existing stack's name, either with or without the CDK.
Under the hood, cdk deploy sets the stack name with the CloudFormation CreateChangeSet API (then ExecuteChangeSet) on create. The stack name is a unique, immutable id in CloudFormation.
I have 2 EC2 instances spawned using service catalog product provisioning. For some reasons, I have terminated them both and want to spawn new EC2 instances back (Not the terminated ones).
So I tried to update the product again from service catalog and was hoping the service catalog would create them back because the earlier instances are not present.
Product provisioning is successful and yet the EC2 instances are not created.
My product is actually a full stack comprising of some sub-stacks and one of the sub-stack actually creates the EC2 instance.
We could envision this as below -
Full Stack
Sub-Stack-1
Sub-Stack-2
Sub-Stack-3
Question is how to get the new EC2 instances created without having to terminate the full stack.
More info on permission for these -
I have 2 roles that I have used to achieve this. 1 role is used only to provision products from service catalog. Other is admin like role that I can use to terminate the EC2 instance. I just don't want to spawn the EC2's from the admin role and use the products to provision them.
AWS CloudFormation is not "aware" of resources changes made outside of its control. So, it currently thinks that the EC2 instances still exist, even though they have been terminated.
If you have sufficient permissions to use CloudFormation, you could:
Download the CloudFormation template that was deployed by Service Catalog
Remove the section that defines the EC2 instances
Update the stack by providing the edited template -- this will cause CloudFormation to terminate the instances (that are already terminated)
Edit the template and add back the instance definitions, then Update the stack again with this template (effectively the same template that was originally used to launch the stack) -- this should cause new instances to be deployed that match the original specification
I'm trying to do the following: the parent Stacks launches the first child Stack which creates a fully configured EC2 instance. Once that is completed, the parent Stack kicks off a second Stack that uses a Lambda function to create an AMI, which is then used for an AutoScaling setup even further downstream. This is working perfectly.
Now the challenge: when I update the metadata for the EC2 instance from the first child Stack I would really like the second Stack to be triggered. In other words: I want to be able to change the seed instance and have the CloudFormation Stack update, creating a new AMI.
I'm able to get the seed instance to update, but the second child Stack isn't triggered :-(
I've Google everything I could think of, but Update Policy doesn't apply, manually kicking off the second child is defying the point of having nested Stacks and I'm pretty sure I'm missing some obvious feature or clever trick, so I'm asking you guys to help me out. Please.
Have you tried using Lambda-backed custom resource? You can have the service token of resource as the Lambda and use DependsOn with the first nested stack. It will kick off whenever the CF script runs or updates.
You can also lookup the stack itself from the Lambda function to determine any changes if you want.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html
I need to automatically delete a cloudformation stack after the EC2 instance created using that stack has finished running its UserData. I have tried to run deletion from the ec2 instance but it gives me permission error as the ec2 instance itself is deleted before deleting the whole stack.
I quite don't understand what you want in your question. But in general, if you delete the CloudFormation stack, all the resources created by that stack will also be deleted. All your resources, including EC2, will be deleted first before you can see successful deletion of your CloudFormation stack.
Lets say an AWS stack was created using CloudFormation.
Now one of those resources was modified outside CloudFormation.
1) Is it possible to have CloudFormation specifically create those resources? Based on my understanding, we can't do that because CloudFormation does not identify a difference, and so does not create the modified resources. Is my observation correct?
2) Also, what options do I have to revert a stack to its original state, if modified outside CloudFormation?
This is one possible hack you could use without deleting the entire stack.
From the template remove the specific resource which got deleted accidentally.
Now update the stack which makes your stack and resources in your account in sync.
Revert the template to its state before step1 and update again which will create the resource which got deleted accidentally.
Unfortunately the answer for both your questions is NO.
If you modify the resources in the stack after stack creation status is COMPLETE, there is nothing CF can do since it doesn't keep track of modification to resources
You have no option other than deleting the current stack and create a new one
First, beware that modifying CloudFormation-created resources outside of CloudFormation is explicitly discouraged, according to AWS CloudFormation Best Practices:
Manage All Stack Resources Through AWS CloudFormation
After you launch a stack, use the AWS CloudFormation console, API, or AWS CLI to update resources in your stack. Do not make changes to stack resources outside of AWS CloudFormation. Doing so can create a mismatch between your stack's template and the current state of your stack resources, which can cause errors if you update or delete the stack.
However, if you've modified a CloudFormation-managed resource accidentally and need to recover, you may have some limited options beyond simply deleting and re-creating the stack altogether (which may not be an acceptable option):
It is not possible for CloudFormation to automatically update its internal state based on the current state of an externally-modified resource.
However, depending on the exact resource type, in some cases you can manually update CloudFormation afterwards by applying a stack update that matches the current state of the resource.
Similarly, it is not possible for CloudFormation to automatically revert an externally-modified resource back to its original unmodified CloudFormation state.
However, depending on the exact resource type, in some cases you can either:
Revert a resource by manually updating the resource back to its original state;
Update the resource by applying a stack update, bringing both the CloudFormation stack and the managed resource to an altogether new state that will once again be in sync.
To force the EC2 re-creating, I do use a simple trick, when I'm deploying, I jump between AMI's IDs (I took two similar AMI's ID), that had helped me when I'm testing user data or things that I want to test during the EC2 bootstrap. Again, it just works for EC2.
Unfortunately, the answer is NO
if you made changes in the stack after the creation, Cloudformation can't track those changes.
if you need to revert those changes, you must delete the stack and rebuild.