cloudformation-coverage-roadmap icon indicating copy to clipboard operation
cloudformation-coverage-roadmap copied to clipboard

Published 20 hours ago verified publisher icon aws-cloudformation

AWS::ECS::Service - PlacementConstraints: [] (empty array) results in false-positive drift

Open rgoltz opened this issue 1 year ago • 2 comments

Name of the resource

AWS::ECS::Service

Resource Name

No response

Issue Description

Within your AWS::ECS::Service you are able to define a PlacementConstraints, which is a object/array of PlacementConstraint.

In some case, it's needed to define this PlacementConstraints array as empty []. Once you deploy such a configuration via CFN, it's resulting in a drift after running CloudFormation Drift Detection on those stacks.

Expected Behavior

CloudFormation is aware of the possibility to define a empty array of PlacementConstraints - It's not resulting in a stack drift for AWS::ECS::Service.

Observed Behavior

We are using CDK to generate our CFN templates. In CDK it's possible to define an empty array for PlacementConstraints: https://github.com/aws/aws-cdk/pull/30382. This was discussed here: https://github.com/aws/aws-cdk/issues/27555

After you deploy your stack (+ run CloudFormation Drift Detection), you will see following drift details for AWS::ECS::Service: PlacementCon-DriftDetail (It's missing on "Expected")

Test Cases

(Please mind that you need to create a Cluster, TaskDefinition, ... before you are able deploy a a ECS Service. Please mind the PlacementConstraints CFN definition)

  ECSServiceByCDK:
    Type: AWS::ECS::Service
    Properties:
      CapacityProviderStrategy:
        - CapacityProvider:
            Fn::ImportValue: YourCapProviderReferenceInOtherStack
          Weight: 1
      Cluster: rogoECS-sandbox-Cluster
      DeploymentConfiguration:
        Alarms:
          AlarmNames: []
          Enable: false
          Rollback: false
        DeploymentCircuitBreaker:
          Enable: true
          Rollback: false
        MaximumPercent: 100
        MinimumHealthyPercent: 0
      DeploymentController:
        Type: ECS
      DesiredCount: 1
      EnableECSManagedTags: true
      EnableExecuteCommand: false
      HealthCheckGracePeriodSeconds: 120
      LoadBalancers:
        - ContainerName: sidecar
          ContainerPort: 10000
          TargetGroupArn:
            Fn::ImportValue: YourTargetGroupReferenceInOtherStack
      NetworkConfiguration:
        AwsvpcConfiguration:
          AssignPublicIp: DISABLED
          SecurityGroups:
            - Fn::ImportValue: YourSecGroupReferenceInOtherStack
          Subnets:
            - subnet-001
            - subnet-002
            - subnet-003
      PlacementConstraints: []
      PlacementStrategies:
        - Field: attribute:ecs.availability-zone
          Type: spread
        - Field: CPU
          Type: binpack
      SchedulingStrategy: REPLICA
      ServiceName: ecs-Service-sandbox1-drift-rogo
      Tags:
        - Key: AwsCaseForThisIssue
          Value: 172796075700011
      TaskDefinition:
        Ref: ECSTaskDefinitionByCDK

Other Details

The deployed ECS Service Looks like this (for Task placement constraint): PlacementCon-ResourceDetail

rgoltz avatar Oct 03 '24 13:10 rgoltz