I am running a stack on cloudformation that creates some resources like Route53, etc...
I want to be able to recreate only some of the resources with the same value.
for example, One of the stack events creates image on ECR and I want to rebuild it. Run rollback on that event and then create it again with the same parameters.
How can I do that?
It is not possible to specify parts of a stack to 'rebuild'.
For some resources, you can modify an attribute to trigger a redeployment. The documentation will say Update requires: Replacement.
For other resources, you could:
Remove the resource from the template file
Update the stack with the template, which will cause CloudFormation to attempt to remove the resource (if it still exists)
Restore the template to the previous contents
Update the stack again, which will cause CloudFormation to deploy the 'new' resources
Related
Goal:
I need to create an AWS ManagedPolicy that contains ALLOW permissions for API actions on resources created in a pre existing stack. No I cannot modify the existing stack template and simply add a policy to it. I need to create a new stack that deploys a policy that enables actions on the existing stacks resources
Solution:
Create a CDK project to generate and deploy this policy stack. Within this CDK project I want to load the existing stack and iterate over its resources adding permissions to my new stack's policy.
Problem:
I don't see any way to load an existing stack in CDK. I was hunting around for a "Stack.fromArn(...)" but don't see anything even similar.
Question:
Is there some obsucre way to do this? Or is it simply not supported?
I did not tried it, however it looks like if you can access/lookup at least one construct from the existing stack, you can use the method Stack.of(construct) https://docs.aws.amazon.com/cdk/api/latest/docs/#aws-cdk_core.Stack.html#static-ofconstruct to lookup the first stack scope in which the construct is defined. Not sure however how you could iterate resources in the looked up stack construct.
It might be not be the best answer, however one option could be to export the outputs for resources in existing stack which you want to include in the policy, and import these values in the new stack where you create the policy.
Using template.yaml, Cloudformation service created stack having three s3 buckets.
I deleted one s3 resource manually.
Say the stack name is stack1
On running the same template.yaml again(unchanged), with stack name stack1, following this update_procedure
does CloudFormation service update the same stack? with that
missing bucket....it is not updating with missing s3 bucket in my case
You can't create two stacks with the same name in the same region. If you were to do this in another region it would create the bucket you deleted but fail to create the other buckets, all assuming you named your buckets in the template. If the buckets we not named (so CloudFormation created the names for you) then it will create all three buckets, but the names will not be the same as they were before.
CloudFormation will not update a stack when you tell it to create a stack.
EDIT:
Based on your updated question, it seems you are asking if the bucket will be recreated. The answer to that is no. CloudFormation sees that nothing has changed in what you've asked for, so no action is taken. As a matter of fact you should get an error when updating, saying something along the lines of "no changes".
There are exceptions to the above "no", but for your purposes here I think it's sufficient.
The easiest solution for you is to remove the S3 bucket, that you deleted, from the template, run the update (it will "delete" it even though it's already gone) and then add it back to the template and update it again. That will cause it to be created again.
If you are worried about this sort of thing happening in the future consider using Drift Detection with CloudFormation.
I have cloned this repo and deployed the Count stack successfully.
https://github.com/awslabs/aws-cloudformation-templates/blob/master/aws/services/CloudFormation/MacrosExamples/Count/template.yaml
The macro function (CountMacroFunction) is invoked when I deploy Count-test stack (test.yaml).
May I know how to invoke this macro when I delete the stack please?
Because Count is a macro, not a custom resource. A macro is a preprocessor for the Cloudformation template. It takes the template, changes it and outputs a new template. Cloudformation then carries on creating the stack using the updated template.
When you delete the stack, it deletes all resources defined in the stack so there is no need to call the macro again.
In contrast a custom resource is executed at deployment and is used to control resources that Cloudformation doesn't support or to implement other custom logic. The custom resource will be invoked when the stack is deleted to give it a chance to clear up the resources it created.
My use case is that we already have a stack created out of AWS Cloudformation.
Now I want to update that stack and my requirement is that I want to delete a resource that was already created and add the new modified resource but I want to make sure that the delete happens before the create part.
I explored the dependsOn but that helps me with setting the order of resource creation. It doesn't help with ensuring the delete and the create ordering (or atleast nothing that i could find)
How to make sure that the resource deletion happens before resource creation while doing the cloudformation update
I understand you want to,
delete a resource that was already created and add the new modified
resource
Below is my understanding, let me know if it helps,
It is very trickey to Delete and Create resource having same resource name/dependency in a single CloudFormation deployment.
Easiest approach :
First deploy CFN template to Delete a resource i.e. remove the code
from template and than add new resource/modified one. While doing
that you need to check if "retention policy" is in place because if
you are retaining deleted resources than CloudFormation will not
create same resource again.
Than deploy the CFN template to create/modify resources
Other approach might be:
If you want to ensure the resource deletes before creating new one,
in a single template, you might need to create a nested stack
for resource deletion and resource creation
And add dependency on the deletion cloudFormation template i.e.
Create resource template will depends on Delete resource template.
There are also AWS::CloudFormation::WaitCondition which can be
used here.
Also I think anyway you will receive an error if you try to create/modify on deleted/ delete in-progress resource
There is no other option unless dividing your operation into two steps:
You will need to update the stack, using the current template, changing only the name of the resources which you will modify later.
Update the stack - uploading a new template with your modifications - but remember to set the resource name with the previous value.
I have a cloudformation template that creates an S3 bucket as part of a cloudformation stack. On the new version of my template, I 'm planning to migrate my application from S3 to EFS.
Is there a way to remove the S3 bucket resource from the template, without having it deleted? Ideally, I would like my older users to have the s3 bucket available after they upgrade, but for the new users to not have it at all. It looks like DeletionPolicies could help here, but the documentation on it says that it only applies to stack deletion, but not upgrades.
Going to elaborate on user3470009's answer.
The main, advertised purpose of the DeletionPolicy is to keep a resource when a stack is deleted. It's mentioned almost as an afterthought in the AWS docs for DeletionPolicy that it also functions during resource removal from a stack:
Note that this capability also applies to stack update operations that
lead to resources being deleted from stacks. For example, if you
remove the resource from the stack template, and then update the stack
with the template.
So the workflow to remove a resource from a stack without deleting the actual resource is:
Add "DeletionPolicy" : "Retain" to the resource declaration in your CF template
Apply changes by either saving in the UI or running aws cloudformation on the CLI or whatever other tool you use
Check in the UI that your resource has the correct changes. There are some gotchas about when CF doesn't update the metadata. See the docs link above
Remove the resource from your template
Apply changes. Watch the events log to see that it says DELETE_SKIPPED:
2018-10-15T15:32:32.956Z HostedZone DELETE_SKIPPED
Setting a DeletionPolicy of "Retain" will cause the bucket itself to remain after a stack update that deletes the resource.
I came across this question requiring a slight variation. I needed to extract my bucket to another stack and can not delete it in the move. This method worked well:
create a new stack with the bucket in question. (note: you now have 2 stacks referencing the same bucket)
remove the bucket from the original stack. The resource is deleted from the original stack but not from S3 since it is still referenced in your new stack.
I also tested Houser's response above and confirmed the bucket will not be deleted if it contains files. While this works, it does attempt to delete the bucket 3 times before it completes (and reports errors each time). migrating to a new stack will not throw any errors.
When you remove a resource from your template, and update a stack from this template, the resources will be deleted. There is no way to avoid that.
Since your existing users will continue using the S3 bucket, I would recommend preserving the bucket in your template. Remove it when the bucket has been removed from your product completely.
If needed, you could version your template (old vs. new).
If you absolutely need to remove the bucket from your template, you may be able to use a loophole. When CloudFormation deletes a bucket, the bucket must be empty. If it's not empty, then the bucket should be preserved and removed from your stack. You could experiment and see if it works for you. If it works in testing, then you can try using it in production.