Ought to this concern be dealt with by CloudFormation robotically behind the scenes?
I added a buyer managed prefix checklist to a safety group after which I began getting this error message:
CloudFormation can't replace a stack when a custom-named useful resource requires changing
This can be a very unusual error message to me. What precisely is a custom-named useful resource? I give plenty of assets I create with CloudFormation a reputation. What makes one thing a “custom-named useful resource” versus another useful resource I merely give a reputation.
It’s not even clear on this case that the prefix checklist is the issue, however I presume it’s — as a result of that’s the solely factor I modified or added to this safety group.
I’m not positive why the prefix checklist requires changing both. Or is it the safety group that requires changing as a result of it’s utilizing a prefix checklist?
What I’m pondering on this case is why CloudFormation can’t deal with this concern for the shopper. No matter is inflicting that is very unclear to me and looks like it could possibly be dealt with on the again finish.
The opposite factor is that this error message is telling me to “rename” my safety group. That’s the identify I would like for my safety group. If I rename my current safety group, I’ll have an extraneous safety group hanging round that I don’t want or need. If I write some automated code it’ll merely hold creating increasingly more safety teams. Wouldn’t it make extra sense to delete the safety group os CloudFormation can create a brand new one? Or ought to I rename the useful resource, run the code, then run it once more with the brand new identify?
I additionally discovered this put up nevertheless it’s not that useful by way of answering my questions. It additionally simply says to rename the useful resource.
Right here’s the subsequent drawback…I attempted to delete the assets associated to this error.
First I attempted to delete the safety group:
However it could’t be deleted because of the guidelines:
So I’ve to delete these too:
And..now my useful resource is caught in “Delete in progress state”
It’s been sitting that method for fairly a while.
Later I spotted that though it was caught in that state I may click on on the useful resource and the occasions checklist has an error code:
DependencyViolation
Sadly it doesn’t say which dependency however I presume it’s my EC2 occasion. So I may take away this group after which re-add it to the EC2 occasion once more later. Sure, that works. As quickly as I eliminated the safety group from my occasion, the useful resource acquired delete.
Hopefully somebody at AWS reads this and sees how painful this error is.
I don’t absolutely perceive what’s inflicting this error. I want it was extra clear however what I actually want is that AWS CloudFormation would simply deal with it correctly. It looks like AWS CloudFormation may rename the useful resource in a transaction after which rename it once more again to what it’s presupposed to be if that’s what must occur right here. AWS may additionally quickly take away the SG from the group and delete and re-add it. Higher but, resolve the problem in a method that doesn’t have an effect on the safety group or EC2 occasion, solely the principles, as a result of that’s the solely factor that’s altering in my case.
These are the varieties of issues that make deployments troublesome in cloud environments.
Teri Radichel
In case you preferred this story please clap and comply with:
Medium: Teri Radichel or Electronic mail Checklist: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests providers by way of LinkedIn: Teri Radichel or IANS Analysis
© 2nd Sight Lab 2022
____________________________________________
Writer:
Cybersecurity for Executives within the Age of Cloud on Amazon
Want Cloud Safety Coaching? 2nd Sight Lab Cloud Safety Coaching
Is your cloud safe? Rent 2nd Sight Lab for a penetration take a look at or safety evaluation.
Have a Cybersecurity or Cloud Safety Query? Ask Teri Radichel by scheduling a name with IANS Analysis.
Cybersecurity & Cloud Safety Sources by Teri Radichel: Cybersecurity and Cloud safety courses, articles, white papers, displays, and podcasts
