I was testing the AWS SAM functionality and encountered an issue.
If by manually delete a resource that was originally created by the SAM template, then subsequent SAM deployment will fail. I do understand that deleting resource manually that was created by SAM is not a good practice. But this was just a test only
Error
Is there any way to fix this?
AWS SAM uses Cloudformation underneath to create various resources.
How do I update an AWS CloudFormation stack that's failing because of a resource that I manually deleted?
If you delete a resource from an AWS CloudFormation stack, then you must remove the resource from your AWS CloudFormation template. Otherwise, your stack fails to update, and you get an error message.
similar post : Function not found after manually deleting a function in a SAM CloudFormation stack
Related
A few months ago I played around with AWS CDK and so I of course did the cdk bootstrap.
At that time I stopped playing around and thought I'd never use it again. Having a kind of neatly attitude in this kind of things (and missing an undo or delete option being delivered with the cdk itself :/ ) I deleted all cdk objects from my account.
Or at least I thought so, because now (starting to play around again), calling cdk bootstrap does "nothing":
✅ Environment aws://xxxxxxxxx/eu-central-1 bootstrapped (no changes).
But trying to cdk deploy gives me:
fail: No bucket named 'cdk-XXXXXXXXXXX-eu-central-1'. Is account XXXXXXXXXXXX bootstrapped?
Well yes right...I don't have any buckets at all at the moment.
Is there a way to cdk bootstrap --force that I'am missing? Is there a list of all objects I should have deleted? I find a lot suggestions for people having problems with their stacks, but I have no idea how to fix this.
Edit: I just "solved" the problem, by creating a bucket with the given cryptic name...but that doesn't feel right. So I leave this Question open, to see if there is a better way to do it.
Bootstrapping creates a Stack called CDKToolkit, which has the CloudFormation resources CDK needs to deploy. You can safely "uninstall-reinstall" it:
aws cloudformation delete-stack --stack-name CDKToolkit
cdk bootstrap
Note: "Drift" is the technical term for your problem. The actual AWS resource state "drifted" from the expected state defined in the CDKToolkit CloudFormation template. CloudFormation has tools to deal with the drift problem. You can report on drift, for instance:
aws cloudformation detect-stack-drift --stack-name CDKToolkit
If I have an existing CloudFormation stack with some resources that are always active, and some that are not always active (i.e., resources that have a Condition that is evaluating to false), and I attempt to update the template of ONLY those inactive resources without activating them (i.e., their Condition is still evaluating to false) via the CLI or API, I get a No updates are to be performed. error:
aws cloudformation update-stack --stack-name <name> --template-body "..."
An error occurred (ValidationError) when calling the UpdateStack operation: No updates are to be performed.
If I then check the Stack Template, it has the previous template, not the new one.
However, if I do what is essentially the same thing but from the AWS Console (i.e., Update Stack -> Replace current template -> Upload a template file -> No other changes), the template will be updated.
Is there some way to accomplish such a template update via CLI or API?
Edit: This doesn't work. When using the console CloudTrail logs the API call as UpdateStack, but using the same parameters in the CLI command doesn't seem to work.
Instead of aws cloudformation update-stack you can use aws cloudformation deploy --no-fail-on-empty-changeset.
References:
Documentation for deploy
Difference between deploy and create (or update)
I have migrated existing AWS Resources from one Cloudformation (CFT) stack to another CFT stack using below link.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-new-stack.html
After migration, my new CFT stack's status was "IMPORT_COMPLETE". Then I have created an AWS CodePipeline wherein my source is AWS CodeCommit and I am trying to deploy it in Cloudformation stack using CodePipeline.
In my CodePipeline I am using my new CFT stack where I have migrated my existing AWS resources and in the same template I have updated my code by added SQS queue policy and uploaded the code in CodeCommit.
So, when my AWS CodePipeline is getting triggered it is getting failed with "InternalFailure" error and it is not giving any specific error about why it is getting failed.
Also, I have checked into CloudTrail logs and there I can see my pipeline is getting failed after "UploadArchive" event which belongs to CodeCommit and it is nor moving further. Also, I tried to give administrator permission to my pipeline service role as well as cloudformation role but still the error is same.
Later, one thing I observed and that is when I update my new Cloudformation stack using AWS Cloudformation console then my stack's status is changing to "Update_Complete" status. Then after that if I try to update the code into CodeCommit then my pipeline is getting completed successfully.
So, not sure why my Pipeline is getting failed with "InternalFailure" when my stacks status is "IMPORT_COMPLETE". Could you please help me to understand if I am missing any specific step die to which my pipeline is getting failed with this error when my CFT stacks status is "IMPORT_COMPLETE" status
It's a bug in codepipeline. I'd recommend submitting at ticket to them in hopes they make a fix. I only found this out via support myself.
I am using sam deploy to deploy lambda function and API gateway. It works fine but it doesn't work after I manually deleted the lambda function via AWS console. I got below error:
"ResourceStatusReason": "Function not found:
arn:aws:lambda:ap-southeast-2:286334053171:function:polaroid (Service:
AWSLambdaInternal; Status Code: 404; Error Code: ResourceNotFoundException;
Request ID: b431cbfc-7772-11e9-8022-1b92fa2cfa9e)
What is the proper way to delete the lambda and do a refresh deployment? If this happens, how can I force SAM to create the missing lambda function?
My lambda in template yaml looks like:
...
Resources:
PolaroidFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: test
CodeUri: ./lambdas
Handler: lib/index.fun
Runtime: nodejs8.10
Events:
polaroid:
Type: Api
Properties:
Path: /test
Method: post
...
I guess you already learnt the hard way that you should never manually delete resources managed by SAM or CloudFormation.
In general, if you just want to change the function, you can just call sam build and sam deploy, and the new version of it will be deployed. There is no need to delete anything. If you need a more advanced workflow, you will need to read blog posts. There is no one right way to do this.
To fix your immediate problem however, here is what you can do.1
Firstly, you need to get the generated AWS CloudFormation template:
▶ aws cloudformation get-template --stack-name HelloWorld \
--template-stage Processed --query TemplateBody | cfn-flip -y > processed.yml
Next, you need to comment out the function in the processed.yml file you just created, and also comment out the Lambda Permissions that refer to it. Save a backup of the original processed.yml file too.
Also, update any other template references to it if possible with the actual values CloudFormation computed when you built the stack, by getting them from your AWS console. For example, if you had references to ${HelloWorldFunction.Arn} you might have to update those references in the template with a string like arn:aws:lambda:ap-southeast-2:123456789012:function:HelloWorld-HelloWorldFunction-1NJGQI7GEAUM1.
Next, validate the template using AWS CloudFormation commands:
▶ aws cloudformation validate-template --template-body file://processed.yml
{
"CapabilitiesReason": "The following resource(s) require capabilities: [AWS::IAM::Role]",
"Description": "sam-app\nSample SAM Template for sam-app\n",
"Parameters": [],
"Capabilities": [
"CAPABILITY_IAM"
]
}
Next, you will update the stack using this modified template. By updating the stack this way, you get your template and real state to be back in sync from CloudFormation's point of view:
▶ aws cloudformation update-stack --template-body file://processed.yml --stack-name HelloWorld --capabilities CAPABILITY_IAM
{
"StackId": "arn:aws:cloudformation:ap-southeast-2:885164491973:stack/HelloWorld/af2c6810-7884-11e9-9bb3-068b1a8e1450"
}
If all goes well, your stack goes into UPDATE_COMPLETE state. Great!
Finally, uncomment all the resources you commented out, and restore all the original values. Then update stack a second time, and your stack should be restored to its original state.
See also:
AWS Knowledge Base, 2016, 2019, How do I update an AWS CloudFormation stack that's failing because of a resource that I manually deleted?.
More on the cfn-flip utility, if you don't have it.
1 Note that I tested this method using the default HelloWorld Python 2.7 example that ships with SAM.
I had a similar issue. In my case I had deleted the Lambda as an experiment while trying to reset the TRIM_HORIZON to get it to reprocess old events in a DynamoDB Stream.
I found a simpler solution:
Go into the CloudFormation Console and delete the deployed Stack.
sam deploy works fine again after that.
So as suggested in other answers I deleted the function manually from the console.
I was deploying the stack from CDK
The solution
comment the lambda function code (in cdk) of the function I deleted manually.
Deploy stack
Un-comment the code and deploy again
If you want to avoid deleting the stack and deploying it back again, or avoid aligning the CloudFormation template file, perhaps you can just align the resources in AWS to the template file.
That means, if you deleted a certain Lambda (for example) that was created initially from the template file, just create the same Lambda MANUALLY in AWS (either GUI or aws cli).
Now run 'sam deploy' again - you should be aligned.
Now remove the Lambda definition from the template file and deploy again - the Lambda should be removed and the CloudFormation will be aligned.
I'm creating a new user pool in AWS Cognito. As you might know, CF support is missing for a lot of the features in Cognito, so I´ve resorted to using the CLI for Cognito. But I still want to use CloudFormation for other resources like API Gateway that will need to reference the new user pool.
Is there any way I can create parameters with the CLI that I can use in CloudFormation?
Yes, if you have Parameters in your template, then you can use the CloudFormation Deploy command to do exactly this.
For example, you can call aws cloudformation deploy --template-file <file_path> --stack-name <stack_name> --parameter-overrides ParameterKey1=ParameterValue1 ParameterKey2=ParameterValue2 ... where <file_path> is the path to your CloudFormation Template, and <stack_name> is the name of your CloudFormation Stack. If this stack doesn't exist yet, Deploy will create it, but if it does exist, Deploy will update it.