I need to automatically delete a cloudformation stack after the EC2 instance created using that stack has finished running its UserData. I have tried to run deletion from the ec2 instance but it gives me permission error as the ec2 instance itself is deleted before deleting the whole stack.
I quite don't understand what you want in your question. But in general, if you delete the CloudFormation stack, all the resources created by that stack will also be deleted. All your resources, including EC2, will be deleted first before you can see successful deletion of your CloudFormation stack.
Related
I would like to create a RDS instance with Cloudformation and keep a snapshot when the stack is deleted. According to AWS I can do that by setting DeletionPolicy: Snapshot in my Cloudformation template.
When I create a stack from the same template I want to use the snapshot. I can do that with DBSnapshotIdentifier.
What does a single Cloudformation template look like that:
works when the RDS instance is created for the very first time and there no snapshot available?
updates the DBSnapshotIdentifier every time the stack gets deleted?
Thank you!
I'm currently learning AWS CloudFormation, and I came across the update feature that CloudFormation has. My understanding is that since CloudFormation is infrastructure as a code, updating a stack in CloudFormation will update the infrastructure within the stack (i.e. changing an EC2 instance from T2.nano to T2.micro). However, I couldn't find any information on what happens to anything that's stored in the stack. For example, if you have a bucket stored in S3 Standard and you update the stack to have the bucket in S3 Infrequent Access instead, does this move the bucket into Infrequent Access or does this make a copy of the bucket in the new Infrequent Access and delete the original? Would this be similar to other services within the stack (such as changing an EC2 instance from T2.nano to T2.micro affecting any configurations done within the EC2 instance)?
Change of InstanceType will lead to "some interruptions" as explained in the AWS::EC2::Instance.
This means that your instance will be stopped, its type will be changed and started again. There is no replacement, so all your data will be preserved.
Context: I have been using CloudFormation for provisioning application resources for a while, and that has worked out just fine. However, I recently moved my application over to different infrastructure (Kubernetes), and to go live with that change, I modified the Route53 DNS record to point to the new resources, and left up all the AWS resources created by CloudFormation. For clarity, the DNS record which I modified was created as part of the CloudFormation stack.
Problem: I want to delete the now unused resources, including the CloudFormation stack itself. However, doing so would either delete a DNS record that I very much care about, or fail to delete the DNS record because it has been modified, rolling back the entire operation.
Question: Does anybody know a clever way I can remove a CloudFormation stack while still preserving the Route53 entries created by it with zero downtime?
Note: I do not want to manually delete the resources created by CloudFormation, except for the DNS records, and leave the stack hanging around.
I recently had a need to preserve my Route53 records that were created with CloudFormation. I performed the following exercise based on #jarmod response and it worked perfectly. The key here is the: "DeletionPolicy" : "Retain" More information on the DeletionPolicy attribute. I'll also note that when I applied the change set to change my deletion policy, CloudFormation DID NOT detect any drift in the Route53 entry. Success!
Create a basic CloudFormation stack; Load Balancer, ASG and a Route53 record pointing to the Load Balancer
Change the Route53 entry to point to another location using the Route53 console
Apply the "DeletionPolicy" : "Retain" to my Route53 resource block via a change set
Delete the CloudFormation stack from the AWS console
Confirm Route53 still has your entries after the stack has been deleted
Image of CloudFormation Skipping Delete
Deny delete privileges for Route53 and delete the stack in 2 phases.
Delete Stack Fails
When stacks are in the DELETE_FAILED state because AWS CloudFormation
couldn't delete a resource, rerun the deletion with the
RetainResources parameter and specify the resource that AWS
CloudFormation can't delete. AWS CloudFormation deletes the stack
without deleting the retained resource. Retaining resources is
useful when you can't delete a resource, such as an S3 bucket that
contains objects that you want to keep, but you still want to delete
the stack. After you delete the stack, you can manually delete
retained resources by using their associated AWS service.
Lets say an AWS stack was created using CloudFormation.
Now one of those resources was modified outside CloudFormation.
1) Is it possible to have CloudFormation specifically create those resources? Based on my understanding, we can't do that because CloudFormation does not identify a difference, and so does not create the modified resources. Is my observation correct?
2) Also, what options do I have to revert a stack to its original state, if modified outside CloudFormation?
This is one possible hack you could use without deleting the entire stack.
From the template remove the specific resource which got deleted accidentally.
Now update the stack which makes your stack and resources in your account in sync.
Revert the template to its state before step1 and update again which will create the resource which got deleted accidentally.
Unfortunately the answer for both your questions is NO.
If you modify the resources in the stack after stack creation status is COMPLETE, there is nothing CF can do since it doesn't keep track of modification to resources
You have no option other than deleting the current stack and create a new one
First, beware that modifying CloudFormation-created resources outside of CloudFormation is explicitly discouraged, according to AWS CloudFormation Best Practices:
Manage All Stack Resources Through AWS CloudFormation
After you launch a stack, use the AWS CloudFormation console, API, or AWS CLI to update resources in your stack. Do not make changes to stack resources outside of AWS CloudFormation. Doing so can create a mismatch between your stack's template and the current state of your stack resources, which can cause errors if you update or delete the stack.
However, if you've modified a CloudFormation-managed resource accidentally and need to recover, you may have some limited options beyond simply deleting and re-creating the stack altogether (which may not be an acceptable option):
It is not possible for CloudFormation to automatically update its internal state based on the current state of an externally-modified resource.
However, depending on the exact resource type, in some cases you can manually update CloudFormation afterwards by applying a stack update that matches the current state of the resource.
Similarly, it is not possible for CloudFormation to automatically revert an externally-modified resource back to its original unmodified CloudFormation state.
However, depending on the exact resource type, in some cases you can either:
Revert a resource by manually updating the resource back to its original state;
Update the resource by applying a stack update, bringing both the CloudFormation stack and the managed resource to an altogether new state that will once again be in sync.
To force the EC2 re-creating, I do use a simple trick, when I'm deploying, I jump between AMI's IDs (I took two similar AMI's ID), that had helped me when I'm testing user data or things that I want to test during the EC2 bootstrap. Again, it just works for EC2.
Unfortunately, the answer is NO
if you made changes in the stack after the creation, Cloudformation can't track those changes.
if you need to revert those changes, you must delete the stack and rebuild.
How can I force delete my AWS cloud formation stack? The tied resources were already deleted previously like the DNS, route53, etc. Whenever I delete the stack, it failed because it couldn't find the resources.
The specified hosted zone does not exist. DELETE_FAILED.
This made the deletion halt and made the stack still active. How can I force clean-up and remove this stack?
Based on this thread, it appears that stack deletion can be problematic if the stack is altered.
https://forums.aws.amazon.com/thread.jspa?threadID=71050&start=0&tstart=0
Looks like you need to go via Support to get it deleted.
That said, I have been able to delete stacks where I have manually altered the components. Sometimes you need to wait a couple of hours after you terminate instances, VPCs, subnets etc before the stack deletion actually succeeds.
AWS Cloud formation stack does not get deleted until all dependency resources either used in other stack or busy with non stack resources. So better see which resource is shared some where else and try to release that.
hope that help.
It seems the Route53 records were either deleted manually before cloudformation or there was some failure within cloudformation after it deleted the record. Its stuck because it can't find the hosted zone because it was already deleted if indeed this is what was described in your post. You can try to update the stack with the original script and then delete the stack via cloudformation without any manual intervention.
Check your IAM role and the policy, review the privileges that you have associated with the role, so that if there is any permission issue, that should resolve the issue.
Refer: https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-stack-delete-failed/
Need to check the reason for failure in stack details
Either delete this manually, or retain those resources while eleteing
eg:
$ aws cloudformation delete-stack --stack-name my-stack --retain-resources myresource1 myresource2