- \n
- Stack Creation Fails: (CreateStack API)\n
- \n
- Default everything rolls back (gets deleted). We can look at the log OnFailure=ROLLBACK<\/li>\n
- Troubleshoot: Option to disable rollback and manually troubleshoot OnFailure=DO_NOTHING<\/li>\n
- Delete: get rid of the stack entirely, do not keep anything OnFailure DELETE<\/li>\n<\/ul>\n<\/li>\n
- Stack Update Fails: (UpdateStack API)\n
- \n
- The stack automatically rolls back to the previous known working state<\/li>\n
- Ability to see in the log what happened and error messages<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
Let’s use the same template file:<\/p>\n
---\r\nParameters:\r\n SSHKey:\r\n Type: AWS::EC2::KeyPair::KeyName\r\n Description: Name of an existing EC2 KeyPair to enable SSH access to the instance\r\n\r\nResources:\r\n MyInstance:\r\n Type: AWS::EC2::Instance\r\n Properties:\r\n AvailabilityZone: eu-central-1a\r\n ImageId: ami-00a205cb8e06c3c4e\r\n InstanceType: t2.micro\r\n KeyName: !Ref SSHKey\r\n SecurityGroups:\r\n - !Ref SSHSecurityGroup\r\n # we install our web server with user data\r\n UserData: \r\n Fn::Base64:\r\n !Sub |\r\n #!\/bin\/bash -xe\r\n # Get the latest CloudFormation package\r\n yum update -y aws-cfn-bootstrap\r\n # Start cfn-init\r\n \/opt\/aws\/bin\/cfn-init -s ${AWS::StackId} -r MyInstance --region ${AWS::Region}\r\n # Start cfn-signal to the wait condition\r\n \/opt\/aws\/bin\/cfn-signal -e $? --stack ${AWS::StackId} --resource SampleWaitCondition --region ${AWS::Region}\r\n Metadata:\r\n Comment: Install a simple Apache HTTP page\r\n AWS::CloudFormation::Init:\r\n config:\r\n packages:\r\n yum:\r\n httpd: []\r\n files:\r\n \"\/var\/www\/html\/index.html\":\r\n content: |\r\n <h1>Hello World from EC2 instance!<\/h1>\r\n <p>This was created using cfn-init<\/p>\r\n mode: '000644'\r\n commands:\r\n hello:\r\n command: \"echo 'boom' && exit 1\"\r\n services:\r\n sysvinit:\r\n httpd:\r\n enabled: 'true'\r\n ensureRunning: 'true'\r\n\r\n SampleWaitCondition:\r\n CreationPolicy:\r\n ResourceSignal:\r\n Timeout: PT1M\r\n Count: 1\r\n Type: AWS::CloudFormation::WaitCondition\r\n\r\n # our EC2 security group\r\n SSHSecurityGroup:\r\n Type: AWS::EC2::SecurityGroup\r\n Properties:\r\n GroupDescription: SSH and HTTP\r\n SecurityGroupIngress:\r\n - CidrIp: 0.0.0.0\/0\r\n FromPort: 22\r\n IpProtocol: tcp\r\n ToPort: 22\r\n - CidrIp: 0.0.0.0\/0\r\n FromPort: 80\r\n IpProtocol: tcp\r\n ToPort: 80\r\n\r\n<\/pre>\nNow we can create a stack<\/p>\n
![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation049.jpg\")
<\/p>\nbut with different option:<\/p>\n
![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation050-1.jpg\")
<\/p>\n<\/p>\n
![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation051.jpg\")
<\/p>\nThis time we still failed to receive 1 resource signal(s) <\/span><\/p>\n
![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation052-1.jpg\")
<\/p>\nBut stack wasn’t rolled back.<\/p>\n
When we connect to the created EC2 instance we can see the reason of an error:<\/p>\n
[ec2-user@ip-172-31-31-182 ~]$ sudo \/var\/log\/cfn-init.log\r\nsudo: \/var\/log\/cfn-init.log: command not found\r\n[ec2-user@ip-172-31-31-182 ~]$ sudo cat \/var\/log\/cfn-init.log\r\n2021-06-01 16:41:35,941 [INFO] -----------------------Starting build-----------------------\r\n2021-06-01 16:41:35,942 [INFO] Running configSets: default\r\n2021-06-01 16:41:35,943 [INFO] Running configSet default\r\n2021-06-01 16:41:35,944 [INFO] Running config config\r\n2021-06-01 16:41:47,932 [INFO] Yum installed ['httpd']\r\n2021-06-01 16:41:47,947 [ERROR] Command hello (echo 'boom' && exit 1) failed\r\n2021-06-01 16:41:47,947 [ERROR] Error encountered during build of config: Command hello failed\r\nTraceback (most recent call last):\r\n File \"\/usr\/lib\/python3.7\/site-packages\/cfnbootstrap\/construction.py\", line 573, in run_config\r\n CloudFormationCarpenter(config, self._auth_config).build(worklog)\r\n File \"\/usr\/lib\/python3.7\/site-packages\/cfnbootstrap\/construction.py\", line 273, in build\r\n self._config.commands)\r\n File \"\/usr\/lib\/python3.7\/site-packages\/cfnbootstrap\/command_tool.py\", line 127, in apply\r\n raise ToolError(u\"Command %s failed\" % name)\r\ncfnbootstrap.construction_errors.ToolError: Command hello failed\r\n2021-06-01 16:41:47,947 [ERROR] -----------------------BUILD FAILED!------------------------\r\n2021-06-01 16:41:47,947 [ERROR] Unhandled exception during build: Command hello failed\r\nTraceback (most recent call last):\r\n File \"\/opt\/aws\/bin\/cfn-init\", line 176, in <module>\r\n worklog.build(metadata, configSets)\r\n File \"\/usr\/lib\/python3.7\/site-packages\/cfnbootstrap\/construction.py\", line 135, in build\r\n Contractor(metadata).build(configSets, self)\r\n File \"\/usr\/lib\/python3.7\/site-packages\/cfnbootstrap\/construction.py\", line 561, in build\r\n self.run_config(config, worklog)\r\n File \"\/usr\/lib\/python3.7\/site-packages\/cfnbootstrap\/construction.py\", line 573, in run_config\r\n CloudFormationCarpenter(config, self._auth_config).build(worklog)\r\n File \"\/usr\/lib\/python3.7\/site-packages\/cfnbootstrap\/construction.py\", line 273, in build\r\n self._config.commands)\r\n File \"\/usr\/lib\/python3.7\/site-packages\/cfnbootstrap\/command_tool.py\", line 127, in apply\r\n raise ToolError(u\"Command %s failed\" % name)\r\ncfnbootstrap.construction_errors.ToolError: Command hello failed<\/pre>\n
For troubleshooting we need not to rollback on failure.<\/p>\n
<\/p>\n
Nested stacks<\/span><\/p>\n
- \n
- Nested stacks are stacks as part of other stacks<\/li>\n
- They allow you to isolate repeated patterns \/ common components in separate stacks and call them from other stacks<\/li>\n
- Example:\n
- \n
- Load Balancer configuration that is re-used<\/li>\n
- Security Group that is re-used<\/li>\n<\/ul>\n<\/li>\n
- Nested stacks are considered best practice<\/li>\n
- To update a nested stack, always update the parent (root stack)<\/li>\n<\/ul>\n
Consider such a cloudformation template:<\/p>\n
Parameters:\r\n SSHKey:\r\n Type: AWS::EC2::KeyPair::KeyName\r\n Description: Name of an existing EC2 KeyPair to enable SSH access to the instance\r\n \r\nResources:\r\n myStack:\r\n Type: AWS::CloudFormation::Stack\r\n Properties:\r\n TemplateURL: https:\/\/s3.amazonaws.com\/cloudformation-templates-us-east-1\/LAMP_Single_Instance.template\r\n Parameters:\r\n KeyName: !Ref SSHKey\r\n DBName: \"mydb\"\r\n DBUser: \"user\"\r\n DBPassword: \"pass\"\r\n DBRootPassword: \"passroot\"\r\n InstanceType: t2.micro\r\n SSHLocation: \"0.0.0.0\/0\"\r\n\r\nOutputs:\r\n StackRef:\r\n Value: !Ref myStack\r\n OutputFromNestedStack:\r\n Value: !GetAtt myStack.Outputs.WebsiteURL<\/pre>\n
As we see to TemplateURL is attached to this yaml. The URL of the attached template is<\/p>\n
![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation054-1.jpg\")
<\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation055.jpg\")
<\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation056.jpg\")
<\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation058-1.jpg\")
<\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation060.jpg\")
<\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation059.jpg\")
<\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation062.jpg\")
<\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation063.jpg\")
<\/code><\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation065.jpg\")
<\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation066-1.jpg\")
<\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation067.jpg\")
<\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation069.jpg\")
<\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation070.jpg\")
<\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation071-1.jpg\")
<\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation071-2.jpg\")
<\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation073.jpg\")
<\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation075.jpg\")
<\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation076.jpg\")
![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation077.jpg\")
<\/p>\n![\"\"](\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/CloudFormation078.jpg\")
<\/p>\n