Reputation: 416
Cloudformation: prevent deletion after updates on replacement resources
In AWS Cloudformation there are special resources that can't be updated directly. They are getting replaced with aws cloudformation update-stack command instead. This works fine as long as you don't want to keep these resources after an update.
In my example, I want to keep all updated versions of AWS::AutoScaling::LaunchConfiguration resources for manual switching of LaunchConfigurations in the AutoScalingGroup (for testing purposes or emergency rollback). I need to do that, because web interface users are not able to use Cloudformation, nor are they authorized to do so.
So i created a template which creates/updates a LaunchConfiguration resource by setting a custom LaunchConfigurationName with including current date/time.
This works for fine, but:
after UPDATE_COMPLETE_CLEANUP_IN_PROGRESS state the old version of AWS::AutoScaling::LaunchConfiguration resource always gets deleted. To avoid that i tried to setup a set-stack-policy:
{
"Statement" : [
{
"Effect" : "Allow",
"Action" : "Update:*",
"Principal": "*",
"Resource" : "*"
},
{
"Effect" : "Deny",
"Action" : "Update:Delete",
"Principal" : "*",
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"ResourceType" : ["AWS::AutoScaling::LaunchConfiguration"]
}
}
}
]
}
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html
Update:Delete
Specifies update actions during which resources are removed.
Updates that completely remove resources from a stack template require this action.
result: The resource still gets deleted after updating the AutoScalingGroup (UPDATE_COMPLETE_CLEANUP_IN_PROGRESS state).
Do you have an idea how to keep old versions?
Upvotes: 2
Views: 1475
Answers (1)
Reputation: 4606
You can set the deletion policy to RETAIN and also change the logical id of the resource. Changing the logical id of the resource causes Cloudformation to delete the old resource (or retain it based on the deletion policy) and create a new one. It works like this because cloudformation does know that you've changed the logical id. It sees it as one resource being removed and one being added.
Upvotes: 0
Related Questions
- How to remove a resource without deleting it during a cloudformation stack update
- How do I force a CloudFormation stack to update when the parameter is updated?
- How to ensure Resource deletion/creation order during AWS Cloudformation Update
- CloudFormation: Create resources if they do not exist, but do not delete them
- Is there a way to have CloudFormation not replace an existing resource on update?
- CloudFormation resources not updated on regular deployment
- CloudFormation - Manual deletion of resource in a stack and update
- How to prevent CloudFormation stack from being deleted (accidentally)?
- AWS CloudFormation delete resources
- CloudFormation: Block deleting resources