aws-cloudformation
AWS::CodeStarNotifications::NotificationRule - Change Set is wrong & tag update failing due to replacement triggered by CloudFormation
Name of the resource
AWS::CodeStarNotifications::NotificationRule
Resource Name
No response
Issue Description
We are using AWS::CodeStarNotifications::NotificationRule within our AWS CodePipeline stacks, which containing different resources related to CodePipeline. Those CodePipeline are managed by CDK and using Self-Mutating.
Once we update/add/delete tags of AWS::CodeStarNotifications::NotificationRule, unfortunately a replacement is triggered, which doesn't succeed.
Expected Behavior
a) During Stack-Update (e.g. also triggerd by CodePipeline or via AWS Console) the Change Set during Stack Update while changing tags would reflect the replacement of the resource.
b) Since replacement is a general pattern for AWS::CodeStarNotifications::NotificationRule, CloudFormation should be able to replace this resource and not failing due to notification rule name.
For more background, please see "Observed Behavior" below.
Observed Behavior
a) Even CFN documentation for AWS::CodeStarNotifications::NotificationRule reflects that currently update of tags needs replacement, the Change Set does not.
b) Normally CFN handles a replacement of a resouce much better (it's working) and not failing with this error shown in test-case below. You can see:
~~ informing by cfn: \"Requested update requires the creation of a new physical resource; hence creating one.\"
~~ failing due to: \"The notification rule was not created because another notification rule already exists with the same name. Notification rule names must be unique within an AWS account.\"
Test Cases
step 1 create a new stack with a simple CFN template as shown below:
---
AWSTemplateFormatVersion: '2010-09-09'
Description: Stack with Tagged CodeStarNotifications - case 10476586721
Resources:
CodeStarNotificationWithTags:
Type: AWS::CodeStarNotifications::NotificationRule
Properties:
Name: 'rogoECS-Sandbox-Pipeline-TestRule3'
DetailType: FULL
Resource: 'arn:aws:codepipeline:eu-central-1:<XXXacountIdXXX>::<XXXsomePipelineNameXXX>'
EventTypeIds:
- codepipeline-pipeline-pipeline-execution-succeeded
Targets:
- TargetType: SNS
TargetAddress: 'arn:aws:sns:eu-central-1:<XXXacountIdXXX>::<XXXsomeNotificationSnsXXX>'
Tags:
Environment: sandbox
Wait until the stack is created sucessfully. You will see the NotificationRule
[... now we like to change a tag-value from sandbox to dev for tag-key Environment]
step 2 update the existing stack with a new version of CFN-template as stated below (updated value of the tag).
---
AWSTemplateFormatVersion: '2010-09-09'
Description: Stack with Tagged CodeStarNotifications - case 10476586721
Resources:
CodeStarNotificationWithTags:
Type: AWS::CodeStarNotifications::NotificationRule
Properties:
Name: 'rogoECS-Sandbox-Pipeline-TestRule3'
DetailType: FULL
Resource: 'arn:aws:codepipeline:eu-central-1:<XXXacountIdXXX>::<XXXsomePipelineNameXXX>'
EventTypeIds:
- codepipeline-pipeline-pipeline-execution-succeeded
Targets:
- TargetType: SNS
TargetAddress: 'arn:aws:sns:eu-central-1:<XXXacountIdXXX>::<XXXsomeNotificationSnsXXX>'
Tags:
Environment: dev
step 3 [issue a)] - please check the CFN change set. It's reporting Replacement = False (It's not showing True):
step 4 [issue b)] - trigger the stack update anyway and check the CFN events and the results of the stack-update:
step 5 [summary/result] The stack update failed - Since normally CDK lib would trigger such step for this component AWS::CodeStarNotifications::NotificationRule, it's not possible to workaround this (AWS::CodeStarNotifications::NotificationRule is part of a stack with many resources).
Other Details
Since issue #1223 fixed the drift CFN Drift detection bug with AWS::CodeStarNotifications::NotificationRule, we can't deploy a solution for our current drifts. Furthermore, a day-to-day-operation like update of Tags of the Pipeline-Stack (having also the AWS::CodeStarNotifications::NotificationRule) would also fail due to replacment-handling as stated above.
In general: It's really needed to replace AWS::CodeStarNotifications::NotificationRule resouce for an update of tags?
