I've created a bucket without a DeletionPolicy and want to add it. Updated our configuration (in our serverless.yml), and we now see the DeletionPolicy: retain in the cloud-formation template.
However, based on this blurb:
One quirk in the update template workflow is that DeletionPolicy
cannot be updated by itself but must accompany some other change that
"add, modify or delete properties" of an existing resource. A fun fact
about the AWS::S3::Bucket resource: it cannot be updated after
creation. Good news: this does not apply to the DeletionPolicy
attribute. Bad news: CFN won't pick up the changes unless another
property of the "immutable" S3 bucket is updated.
I've searched for quite a while, and I cannot determine how to query the S3 bucket and determine if the DeletionPolicy is actually set or not. I don't see where this is exposed in the AWS console, nor do I see in the AWS cli where this can be queried. It doesn't appear to be in the Bucket Policy as far as I can tell.
How do I validate the DeletionPolicy is actually set?
I think the linked article (from 1/12/2014) is outdated. I just did the following:
Deployed a stack containing
MyBucket:
Type: AWS::S3::Bucket
.
.
.
Verified it deployed successfully, then deployed
MyBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Retain
.
.
.
Verified it deployed successfully, then deleted my stack, and verified MyBucket is still present in S3.
Related
I created and deployed a S3 resource (bucket) using cloudformation.
After that i deployed a version without that resource.
Then i deployed a version with the resource.
Since the bucket exists, it gives me an error that it cannot deploy.
This has happened to me before, in past times I deleted the resource and deployed again.
I'm looking for a way to use the resource for future deployments. It is the exact same resource, this is the yaml :
Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub "myBucketName"
Is there anything I can add to the resource, a policy, a unique ID, anything so that i could use the existing resource?
Thanks!
To "use the existing resource" in a CFN, you have to import it. Also its a bad practice to keep modify resources created by CFN outside of CFN. This leads to drift and number of issues, one of which you are experiencing.
Am totally new to this serverless and AWS. am trying to create a S3 bucket using serverless
my serverless.yml file looks like this
service: s3-file-uploader
provider:
name: aws
runtime: nodejs12.x
stage: dev
region: us-east-2
custom:
fileUploadBucketName: ${self:service}-bucket-${self:provider.stage}
resources:
Resources:
FileBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:custom.fileUploadBucketName}
AccessControl: PublicRead
for the first time when I run serverless deploy it worked, but thereafter I have deleted the bucket manually from aws and try to redeploy it. It shows me this error
Serverless Error ----------------------------------------
An error occurred: FileBucket - s3-file-uploader-bucket-dev already exists.
Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Issues: forum.serverless.com
Your Environment Information ---------------------------
Operating System: win32
Node Version: 14.18.0
Framework Version: 2.72.1
Plugin Version: 5.5.4
SDK Version: 4.3.0
Components Version: 3.18.2
it says bucket with s3-file-uploader-bucket-dev this name already exists but there is no bucket with this name inside aws s3.
even though it gives this error, also creates a bucket with the name of s3-file-uploader-dev-serverlessdeploymentbucket-1aucnojnjl618 but this is not the name I have given in the serverlesss.yml file it should be like s3-file-uploader-bucket-dev and in the cloudFormation there is a stack created with the name s3-file-uploader-dev and its status is UPDATE_ROLLBACK_COMPLETE.
Why it's showing the above-mentioned error and at the same time creating a bucket with a different name? it's confusing that give an error and create a bucket.
It can take several hours for a bucket name to become available again.
So, either choose a different bucket name or wait a little longer until it becomes available again.
Bucket names are globally unique. You can read about it here and about deleting a bucket here. If the name has not been taken already by someone else, you need to wait for a "while" to reuse the same name. The time taken is unknown(afaik).
I want to add a lifecycle policy to my existing s3 bucket (using serverless) which deletes all the folders inside my s3 bucket.I have written the code in the serverless.yml.When I am trying to deploy my code i am getting -
Additional stack resources updated failed (UPDATE_ROLLBACK_COMPLETE).
so i checked into cloudformation stacks , i am getting message that my bucket already exists -
my_bucket_name already exists
Resource update cancelled
The following resource(s) failed to create: [my_bucket_name]
I am not sure why am i getting this , my s3_bucket code looks like this -
custom:
additionalStacks:
ressources:
Resources:
MyS3TBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my_bucket
LifecycleConfiguration:
Rules:
- Status: Enabled
ExpirationInDays: 30
This is not my entire s3 code but a small part of it which is required in this post. Before adding lifecycle configuration everything was working fine. Any help would be appreciated , Thank you
As the error suggests:
my_bucket_name already exists
The bucket that you want to create already exists. If its yours, you have to delete it before you can re-create it. If not, bucket names must be globally unique. This means that maybe some other AWS user has already created a backed with the same name as yours. In this case you must ensure that the back name is absolutely unique, which is often done by adding some random postfix, e.g.:
MyS3TBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my_bucket-489d939239dd3
LifecycleConfiguration:
Rules:
- Status: Enabled
ExpirationInDays: 30
I'm attempting to achieve the following through CloudFormation.
From a stack created in EU region I want to create (and verify) a public certificate against Route53 in US-EAST-1 due to using Cloudfront. Aiming to have zero actions performed in the console or AWS CLI.
The new CloudFormation support for ACM was a little sketchy last week but seems to be working now.
Certifcate
Resources:
Certificate:
Type: AWS::CertificateManager::Certificate
Properties:
DomainName: !Sub "${Env}.domain.cloud"
ValidationMethod: DNS
DomainValidationOptions:
-
DomainName: !Sub "${Env}.domain.cloud"
HostedZoneId: !Ref HostedZoneId
All I need to do is use Cloudformation to deploy this into the US-EAST-1 region from stack in a different region. Everything else is ready for this.
I thought that using Codepipeline's cross region support would be great so I started to look into [this documentation][1] after getting setting things up in my template I met the following error message...
An error occurred while validating the artifact bucket {...} The bucket named is not located in the `us-east-1` AWS region.
To me this makes no sense as it seems that you already need at least a couple of resources to exist in target region for it to work. Cart before the horse kind of behavior. To test this I create an artifact bucket in the target region by hand and things worked fine, but requires using CLI or the console when I'm aiming for a CloudFormation based solution.
Note: I'm running out of time to write this so I'll update it when I can in a few hours time. any help before I can do that would be great though
Sadly, that's required for cross-region CodePipeline. From docs:
When you create or edit a pipeline, you must have an artifact bucket in the pipeline Region and then you must have one artifact bucket per Region where you plan to execute an action.
If you want to fully automate this through CloudFormation, you either have to use custom resource to create buckets in all the regions in advance or look at stack sets to deploy one template bucket in multiple regions.
p.s.
Your link does not work, thus I'm not sure if you refer to the same documentation page.
We have already created some infrastructure manually and with terraform, including some s3 buckets. In the future I would like to use pure CloudFormation to define the infrastructure as code.
So I created a CloudFormation yaml definition which references an existing bucket:
AWSTemplateFormatVersion: '2010-09-09'
Resources:
TheBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-existing-bucket-name
When I try to apply it, execution fails, with CloudFormation stack event:
The following resource(s) failed to update: [TheBucket].
12:33:47 UTC+0200 UPDATE_FAILED AWS::S3::Bucket TheBucket
my-existing-bucket-name already exists
How can I start managing existing resources with CloudFormation without recreating them? Or is it impossible by design?
You will need to create a new bucket and sync the data from the old bucket to the new bucket. I have not seen a way to use an modify an existing S3 bucket.
The resources section of a cloud formation template defines which resources should be created by cloud formation. Try refering to the existing resources by defining them as parameters instead.
You should be able to import it by using the "Import resources into stack" option:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-existing-stack.html
As the documentation explains, you should add a "DeletionPolicy": "Retain" attribute to the already existing resources in your stack.