Couldn't delete lambda stack via aws cdk:
Lambda was unable to delete lambda because it is a replicated function.
When deleting a CloudFormation Stack with CloudFront resource and associated Lambda#edge - CloudFormation first initiate a delete request for the CloudFront resource and the links to lambda#edge, since the lambda#edge is replicated to edges locations it takes up to a few hours to complete the links deletion.
My workaround is to run the complete clean-up in two phases -
Delete the stack and ignore the DELETE_FAILED status if just the lambda was failed to be deleted (and the other resources were deleted successfully)
Re-delete the DELETE_FAILED stack after a few hours (Or do it automatically using a cleanup lambda triggered by cron event to clean-up the CloudFormation stacks with DELETE_FAILED status)
If you are able to get in such a situation then yo most likely have freshly deleted a stack that did have lambda edge functions. In that case replicated functions get revealed (you dont see them while the edge function is inplace/being used). You dont need to do anything, just maybe to be patient - the replicated function will disappear after some time.
Related
I am trying to more effectively manage the resources we create in our AWS accounts and I would like to start by attaching a lambda or many lambdas whenever a resource is created. At a minimum, I need to tag the resources because we simply can't count on people to do it at all, much less correctly.
For example: I can get an event anytime an object is deleted in S3 but that isn't what I want; I want to know when a bucket it created; either through the console of a CFT or the CLI
The closest thing I can see is CloudFormation events man be monitored. We do a lot of stack creation of resources but not always so this isn't good enough. And, in any event, I would need to know all the resources that were created with that stack which the documentation doesn't make clear if I could even get
Can this be done? If so, how?
CloudTrail tracks user activity and API usage and generates CloudTrail Trails. Trails have Data Events.
CloudTrail Data Events can be passed directly to a Lambda function for processing (and/or S3 and/or CloudWatch).
In my own case we store CloudTrail Events in a S3 bucket but also pass them to a Lambda function that applies a billing tag to all new resources created in the account.
GorillaStack Autotag might be a good starting point as a reference for the function.
I am trying to setup an environment on AWS by launching a stack via AWS Cloud Formation template. The stack would be created and then be scheduled for deletion automatically based on the TTL parameter in the template. There seems to be a problem only when the instance is getting launched, it errors out that "Failed to receive 1 resource signal(s) within the specified duration"
If anyone could point out what I am doing wrong in the template, it would be great.
Here is the link for the template in YAML: https://s3.ca-central-1.amazonaws.com/rkbucket028/aws-openshit-cf-template_new.yml
I have already followed this article but there seems to be something wrong with it as well:-
https://aws.amazon.com/blogs/devops/scheduling-automatic-deletion-of-application-environments/#
CloudFormation rolls back if any of the resources have failed to be created (ie didnt responed in the predetermined duration). If you believe that it is only the process that is taking longer and not a genuine failure, you can either incorporate the wait condition, or better use resource creation policy time and count.
Source:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-creationpolicy.html
PS: Your template url is not accessible. Check your bucket and file permissions on S3 bucket and share the public url
Lets say I have a CloudFormation stack running, which creates and deploys an Lambda function. In the AWS Console, if I connect my Lambda function to an API in API Gateway, will my CloudFormation Template be updated immediately if the Lambda function successfully integrates with the API?
It's a one way traffic from Cloudformation to resources.
Meaning if you modify your Cloudformation template and update the stack then the resources that were created by Cloudformation get modified/updated. However the other way is not true. Meaning if you modify your resources the Cloudformation template does not get updated.
Moreover, as a good practice you should avoid modifying the resources directly because you may end up breaking the Cloudformation's update stack functionality for that that stack
I create CloudFormation template for our resources, it includes Lambda functions, API Gateways, Roles, etc. For verifying our template I create CloudFormation stack using it, check some resources which I updated and after that I delete stack. But last time I got such message when I tried to delete stack:
CloudFormation is waiting for NetworkInterfaces associated with the
Lambda Function to be cleaned up.
I tried to stop deletion process and restart it, but I faced the same issue again. What is the problem and how can I fix that?
This is a well known issue. There are couple of things you can do.
1) Wait for the deletion to fail. Then try to delete. It should show you a checkbox to skip NetworkInterface. Select that.
2) Go to EC2-->NetworkInterfaces and detach/delete the NIC that was used by your resources. Then delete your CFT stack.
I have a stack with:
API Gateway
Lambda
Kinesis
When deleting this CloudFormation stack from the AWS console, the process is very slow.
Everything works fine until you execute the exclusion of 'AWS :: Lambda :: Function' -> 'CloudFormation is waiting for NetworkInterfaces associated with the Lambda Function to be cleaned up.'
The time in this process takes about 30 minutes.
Has anyone had the same problem?
To prevent this from blocking the stack deletion, you could set a DeletionPolicy property to Retain for that specific Lambda and have another scheduled process that would clean up each day the orphaned Lambdas.
Check that the lambda function assigned Role has delete permissions for the network interface, ie all of these:
- ec2:CreateNetworkInterface
- ec2:DescribeNetworkInterfaces
- ec2:DeleteNetworkInterface
If it is unable to delete the interface the Cloudformation template might hang, as you have experienced.
If that doesn't work you might have to script something to delete the ENIs on the lambda while the lambda is trying to teardown.