cloudformation-coverage-roadmap icon indicating copy to clipboard operation
cloudformation-coverage-roadmap copied to clipboard

Published 20 hours ago verified publisher icon aws-cloudformation

[ChangeSet] - [Add more details to indicate potential changes ]

Open NdemeraS opened this issue 1 year ago • 0 comments
trafficstars

Name of the resource

Other

Resource name

No response

Description

Hi team

Is it possible to add more details about whether or not a resource will be replaced after a changeset has been executed.

As an example, the changeset in the CloudFormation console will show the the NAT gateway "nat-xxxxxxxxx000" will be replaced i.e. ````Replacement = True```

However, the changeset JSON, the AfterValue is set to {{changeSet:KNOWN_AFTER_APPLY}} meaning the NAT gateway may not actually be replaced. See snippet below:

"ResourceChange": {
                "PolicyAction": "ReplaceAndDelete",
                "Action": "Modify",
                "LogicalResourceId": "NAT_GW",
                "PhysicalResourceId": "nat-xxxxxxxxx000",
                "ResourceType": "AWS::EC2::NatGateway",
                "Replacement": "True",
                "Scope": [
                    "Properties"
                ],
                "Details": [
                    {
                        "Target": {
                            "Attribute": "Properties",
                            "Name": "SubnetId",
                            "RequiresRecreation": "Always",
                            "Path": "/Properties/SubnetId",
                            "BeforeValue": "subnet-xxxxxxxxx000",
                            "AfterValue": "{{changeSet:KNOWN_AFTER_APPLY}}",
                            "AttributeChangeType": "Modify"
                        },
                        "Evaluation": "Static",
                        "ChangeSource": "ResourceReference",
                        "CausingEntity": "PublicSubnet4DMZ"
                    },
                    {
                        "Target": {
                            "Attribute": "Properties",
                            "Name": "SubnetId",
                            "RequiresRecreation": "Always",
                            "Path": "/Properties/SubnetId",
                            "BeforeValue": "subnet-xxxxxxxxx000",
                            "AfterValue": "{{changeSet:KNOWN_AFTER_APPLY}}",
                            "AttributeChangeType": "Modify"
                        },
                        "Evaluation": "Dynamic",
                        "ChangeSource": "DirectModification"
                    }
                ]

For context, this example involves nested stacks that have condition functions. Specifically in the docs

"At stack creation or stack update, AWS CloudFormation evaluates all the conditions in your template before creating any resources. Resources that are associated with a true condition are created. Resources that are associated with a false condition are ignored. CloudFormation also re-evaluates these conditions at each stack update before updating any resources. Resources that are still associated with a true condition are updated. Resources that are now associated with a false condition are deleted."

For the example, it therefore makes sense the the "AfterValue" is unknown.

Given this, Is it possible to add (for the console changeset) a value like like "Possibly modified" for "Replacement" to make it clear that the CloudFormation is not able to evaluate the values until after the stack updates?

Similarly, the JSON, is it possible to add some like "{{changeSet:KNOWN_AFTER_APPLY-Based on Changeset}}" to give more details about why the value is unknown

Other Details

No response

NdemeraS avatar Aug 21 '24 07:08 NdemeraS