CreationPolicy
- Wait on resource configuration actions before stack creation proceeds
- Supported by
- AWS::AutoScaling::AutoScalingGroup
- AWS::EC2::Instance
- AWS::CloudFormation::WaitCondition
- Prevents resource reaching CREATE_COMPLETE until signals are received
- Example
- create instance
- wait on application configuration
- signal when code is deployed and service started
- Example
- Signal resource
- cfn-signal helper script
- SignalResource API
- Properties
- Count - how many success signals must be received
- If failure signal received -> rollback
- Timeout - how long to wait
- Starts when resource is creating
- Max 12h, Default 5 minutes
- ISO duration format (e.g. PT#H#M#S)
- Count - how many success signals must be received
UpdatePolicy (AutoScalingGroup)
- How CF handles updates to instances in AutoScaling Groups when CF stack is updated
- Policies
- AutoScalingReplacingUpdate
- Used when
- Launch Configuration change
- VPCZoneIdentifier (Subnet) change
- Properties
- WillReplace - should the group be retained (in-place) or a brand new one created (Blue/Green)
- Used when
- AutoScalingRollingUpdate
- Used when
- Launch Configuration change
- VPCZoneIdentifier (Subnet) change
- Properties
- MaxBatchSize - maximum number of instances terminated at a given time
- MinInstanceInService - minimum number of instances InService
- WaitOnResourceSignal
- should CF wait for "signal" after launching new instance (e.g. "I'm ready!")
- MinSuccessfulInstancesPercent - percent of instances that must signal success
- Must enable WaitOnResourceSignal
- Waits until PauseTime
- PauseTime
- how long to wait before another instance launched/terminated
- gives instance time to bootstrap
- if WaitOnResourceSignal enabled and PauseTime exceeded the update is considered failed -> Rollback initiated
- SuspendProcess
- useful to avoid interference from normal AS operations (e.g. AZRebalance)
- Used when
- AutoScalingScheduledAction - change to stack that contains ASG with scheduledAction
- Used when
- ASG contains ScheduledAction
- Properties
- IgnoreUnmodifiedGroupSizeProperties
- how to handle changes to Min,Max,Desired
- prevents interference with Scheduled Action which could be in progress
- Normally CF would set the values on ASG to those defined in the template
- IgnoreUnmodifiedGroupSizeProperties
- Used when
- AutoScalingReplacingUpdate
UpdatePolicy (Lambda)
- CodeDeployLambdaAliasUpdate
- Perform CodeDeploy when the version property changes on Alias resource
DeletionPolicy
- Allows preserving backing up resource on deletion
- By default all are deleted
- DeletionPolicy overrides the behavior
- DELETE - default (see exceptions)
- RETAIN - keeps the resource
- Can be added to any resource type
- SNAPSHOT
- AWS::EC2::Volume
- AWS::ElastiCache::CacheCluster
- AWS::ElastiCache::ReplicationGroup
- AWS::RDS::DBInstance (default when no DBClusterIdentifier)
- AWS::RDS::DBCluster (default)
- AWS::Redshift::Cluste
DependsOn
- Control order of resource creation (imposes sequence)
- Use cases
- Override default parallelism
- Enforce WaitCondition
- Required for
- VPC-Gateway attachment (IGW or VGW)
- When in VPC and have Public IP address
- AutoScalingGroups
- EC2 instances
- ELB
- EIP
- RDS database
- VPC routes that include Internet Gateway
- When in VPC and have Public IP address
- ECS service and AutoScalingGroup
- Container instances must be running before ECS service is created
- IAM Role Policy
- Some Resources make calls to AWS
- e.g. CodeDeploy::DeploymentGroup
- Add dependency on the IAM policy
- Some Resources make calls to AWS
- VPC-Gateway attachment (IGW or VGW)
Metadata
- Associate arbitrary JSON/YAML with resource
- Inside you can use Intrinsic Functions, parameters, pseudo-parameters
- Retrieve with describe-stack-resources
No comments:
Post a Comment