Based on this page I can do:
aws cloudformation delete-stack \
--stack-name my-stack
It says I can attach the command:
[--retain-resources <value>]
Does that mean that if I don't specify that line, all the resources created by the stack will be removed? I'm trying to delete everything generated by the stack, which is a lot.
How can I achieve this?
Thanks
Yes, those resources will be kept if you specify the [--retain-resources <value>], if you dont Cloudformation will delete all the resources in the stack name (including the nested stacks as well) you are providing given you have permissions to do. If any of the resources inside the cloudformation stack has retain policy set they won't be deleted.
During deletion, AWS CloudFormation deletes the stack but does not delete the retained resources.
From the same page aws cloudformation delete-stack
You might wanna read this too How do I retain some of my resources when I delete an AWS CloudFormation stack?
You can specify the retain policy as well in cloudformation template.
Related
I was testing the AWS SAM functionality and encountered an issue.
If by manually delete a resource that was originally created by the SAM template, then subsequent SAM deployment will fail. I do understand that deleting resource manually that was created by SAM is not a good practice. But this was just a test only
Error
Is there any way to fix this?
AWS SAM uses Cloudformation underneath to create various resources.
How do I update an AWS CloudFormation stack that's failing because of a resource that I manually deleted?
If you delete a resource from an AWS CloudFormation stack, then you must remove the resource from your AWS CloudFormation template. Otherwise, your stack fails to update, and you get an error message.
similar post : Function not found after manually deleting a function in a SAM CloudFormation stack
I want to create permissions for AWS CloudFormation.
I have to provide delete permission. How can I restrict in a way so that it can only delete resources which were created by CloudFormation?
AWS CloudFormation will only delete resources that it originally created.
When deploying a stack, CloudFormation will create resources using the permissions associated with the credentials that created the stack. Or, if an IAM Role is specified when the stack is created, it will use those credentials to create resources.
When deleting resources, it will use the same credentials.
It is not possible to create permissions that say "only delete resources that were created by CloudFormation" because the permissions are defined outside of CloudFormation.
I know that CloudFormation adds tags to most (all?) of the resources it creates, so you might be able to do some fancy stuff with tags, but it generally shouldn't be necessary because CloudFormation will only delete resources it originally created.
I'm trying to understand the behavior of CloudFormation with respect to applying tags to the resources it creates.
As per their documentation - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html
In addition to any tags you define, AWS CloudFormation automatically creates the following stack-level tags with the prefix aws::
aws:cloudformation:logical-id
aws:cloudformation:stack-id
aws:cloudformation:stack-name
I created a DynamoDB table from CloudFormation and I visited the DynamoDB console and selected the tags tab and couldn't find any specific tag being added. I also did not find the aws:cloudformation:logical:id tag being added.
I then tried to create a S3 bucket using CloudFormation. That seems to work and I was able to visit the S3 console and find the aws:cloudformation:logical-id tag for the S3 bucket.
Is this some kind of inconsistency? Is there any specific documentation I can follow to find the list of AWS resources to which CloudFormation applies the tags prefixed with aws: as mentioned in the documentation?
Any help would be appreciated. Thanks!
I've had to recently contact AWS Enterprise support about this
Commonly requested services that aren't receiving tags from cloud formation include
DynamoDB
Elasticache
IAM resources
ECS clusters
Cloudfront distributions
Glue jobs
SQS
Firehose Delivery stream
There is an internal feature request open, however their suggested action was to just manually tag the resources.
Do you have any other resource besides DynamoDB in the same CFT? If yes, is that resource getting tagged by CF?
If you do not have any other resource, you may add an EC2 instance resource to validate if this is a resource specific issue or a template wide issue.
From what you posted, it seems that the stack creation is successful. Though it sounds silly, you may try once with the CLI - aws cloudformation create-stack --stack-name Name-of-your-stack --template-body file://your_template.json --tags Key=Name,Value=Your_Tag_Value --profile default --region region --capabilities CAPABILITY_NAMED_IAM
You can skip --capabilities CAPABILITY_NAMED_IAM if you do not have IAM resources in your CFT.
I have never experienced any issues tagging through CF, may want to check these sample templates.
Is there a way to just add tags to existing CloudFormation stacks ?
In update stack operation there is away to specify new tags, but is it possible to do it without update (Just like any other resources in AWS) ?
No, you cannot add tags to the existing CloudFormation stack without updating the stack.
When you add new Tags to CloudFormation, stack will go to UPDATE_IN_PROGRESS state and updates the wewly added tags to all the supported resources in the stack. Updating/Adding tags will not replace the resources. However, I recommend you to check the Resource Tag Properties, before Updating.
I hope this helps!
You can create change set with previous template, review the changeset (look out for scope as tag only in the resource description of changeset), and then execute the change set. For example:
aws cloudformation create-change-set --stack-name test--change-set-name test --use-previous-template --parameters file://test.parameters --tags Key=TestKey,Value=TestValue --capabilities CAPABILITY_IAM
aws cloudformation describe-change-set --stack-name test --change-set-name test
aws cloudformation execute-change-set --stack-name test --change-set-name test
I have an existing AWS CloudFormation stack, and I would like to add an additional tag to the stack. I went through the "Update Stack" UI steps, but didn't see anything that allows me to update the tag.
Is it possible to add a tag to an existing tag, and if so, how?
You can update the tags on an existing stack by running update-stack for the aws cli:
$ aws cloudformation update-stack --stack-name myStack --template-body file://myCloudformationTemplate.yaml --tags='[{"Key": "Author","Value": "Me"}, {"Key": "Project", "Value": "Foo"}]'
Creating a stack
provides you a way to add a tag, but Updating a stack does not have that option. Because of this limitation boto has no way to update the tag of CF stack.
setting tags for CloudFormation Stack "CURRENTLLY" is possible only when you create the stack, you have 2 options here : 1) tag your resources manually. 2) create a new stack with the new tags and delete the old one.