Nested ChangeSets w/ !Ref or !GetAtt

[dehli]

Nested ChangeSets w/ !Ref or !GetAtt

Originally posted by @herbertmuraro in https://github.com/aws-cloudformation/aws-cloudformation-coverage-roadmap/issues/142#issuecomment-733054387

While using --include-nested-stacks option, when parameters of a nested stack resource refers an output from another nested stack resource using Ref! or Fn::GetAtt it does not recurse the change detection and worst it shows incorrect information on the nested stack. It'd be better not showing anything instead of informing the replacement of some resources.

In the below example, although there're no changes to the bastion stack, it shows that there're changes and resources will be replaced.

Also, when some nested resource uses Fn::Select(1, ...), it fails the change set creation. I suppose it's because the mappings are created during execution and it's not possible to evaluate them, but in case there're no changes in the inputs it shouldn't mark it for change at all.

.. with that, this feature becomes useless unless there are predefined parameters on the nested stacks.

The same changeset creates fine when --include-nested-stacks option is disabled.

Category

CloudFormation functionality itself (didn't seem to match any of the existing categories)