As the title says, I have a CFN stack that uses a LaunchConfiguration for EC2. The config gets the AMI-id from a Lambda function that looks up the latest AMI for a particular type. This is very similar to what's described here
The AMI that was used in creating the launch-config has been deleted. When I try to update the stack I get an expected error:
UPDATE_FAILED AWS::AutoScaling::LaunchConfiguration ECSLaunchConfiguration AMI cannot be described
I cannot delete the stack, so is there any way to resolve this using CFN. A new AMI is out there, so how I get CFN to re-create the config by re-running the Lambda function?
Related
I'm deploying an AWS lambda using CloudFormation.
In the template I use the flag AutoPublishAlias: v1 which should create a version, add the necessary permissions, and update the alias "v1" to point to the latest version.
When I deploy this change, I get the following error:
A version for this Lambda function exists ( 8 ). Modify the function to create a new version.
I am using CICD. Sometimes I redeploy the same lambda having modified another part of the CloudFormation template (e.g adding the AutoPublishAlias flag).
I thought CloudFormation was supposed to be able to handle this correctly - only updating resources which have changed?
So why am I seeing this error, and is there a workaround other than introducing a dummy code change?
Please see https://seed.run/docs/serverless-errors/a-version-for-this-lambda-function-exists.html
The error is not Cloudformation, it's Serverless telling CF to deploy a new lambda version, which is in fact the same one.
I saw this issue after upgrading from sls 1 to 2. Had to do dummy changes for every function at once.
After that haven't seen the issue come up.
I have a Lambda function defined in a Cloudformation template with a reference to an S3 bucket and key where I have saved a zipfile containing the Lambda source in the usual fashion. I have a separate CI build process building the Lambda function and dumping it into S3. Now I want the S3 key within the Cloudformation template to be static, I don't want to be changing it for every Lambda commit+rebuild. But Cloudformation thinks the Lambda hasn't changed because the S3 key hasn't changed, even though the contents of the zipfile have been changed.
Must I change the S3 key each time to trigger Lambda redeployment, or is there a way to force Lambda redeployment via Cloudformation whilst retaining the static key ?
You are right, CFT doesn't realise the changes since the S3 key remains same despite the content of it is changed.
As you mentioned, can have the S3 Key different from the previous CFT execution so that the lambda code gets deployed.
You will have to keep the S3 key as CFT parameter
Otherwise, try using SAM Packaging in AWS Code Build and use Code Deploy with Cloud Formation.
Here, the location will not be mentioned as zip, instead takes the code path and builds it and template gets updated with the new deployment package location everytime. (See buildspec.yml in CodeBuild)
References:
https://docs.aws.amazon.com/lambda/latest/dg/build-pipeline.html
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-deploying.html
Hope this helps.
One of my developer is creating a Images and they are storing in AWS, and I can see them under Images --> AMI.
Now here my request starts -
I want to take the latest AMI and launch EC2. So how can I write JSON to call the latest AMI and launch EC2.
Can you please help me quickly. Thanks in Advance!
You have two options:
Determine the AMI to use, and then pass that value to the CloudFormation template as a Parameter. Whatever code you use to launch the template would be responsible for doing a lookup on the AMI to use, so it is happening before CloudFormation is called.
Use a Custom Resource in CloudFormation that can call a Lambda function, which would determine the AMI to use. The Lambda function would return the value to CloudFormation, which would then use that value to launch the instance.
Either way, you would need to write code to perform your logic. It cannot be done within the JSON itself.
So I have an existing CloudFormation stack up and running. However, I haven't found a solution for my problem, which is that I want my resources, for example EC2 and Lambda, to have up to date code.
It seems that a CloudFormation stack doesn't update if the template doesn't have any changes. I'm holding my code inside a S3 bucket as a zip-file, but if this file gets changed, CloudFormation doesn't notice it.
Is my best bet creating a git hook script that uses AWS CLI and updates the EC2 and Lambda code or is there some 'elegant' way for CloudFormation to notice these changes?
Create a new lambda function to update your existing lambda and ec2 or call the cloud formation to update them. On your S3, create an object Put event and call that new lambda function. So whenever a new file(zip) is put in s3, your ec2 & lambda gets updated.
I cannot find decent documentation about using CloudFormation with Windows 2008 R2 AMI. AWS recently released a new Windows AMI which has CloudFormation tools pre-installed.
The AMI itself can be found here :
https://aws.amazon.com/amis/microsoft-windows-server-2008-r2-base-cloudformation
Aim: I want to use CloudFormation so that during bootup the instance can download the latest dlls and config files of my application from S3.
In that AMI, by default, where are these tools located under C:\ ? ( I did a search in the file system and couldn't find it)
Do these tools already run by default automatically on bootup ? Or do I have to write a script to do so and re-bundle (remake) an EBS backed AMI ? I would like to test this !
To try out the sample templates provided by AWS for Windows, I tried launching the Windows Sharepoint template given here : https://s3.amazonaws.com/cloudformation-templates-us-east-1/Windows_Single_Server_SharePoint_Foundation.template .When I try to launch this stack given by that template, it gives me the following error and rollsback :
AccessDenied. User doesn't have permission to call iam:CreateUser
As per the "Account Owner", my IAM account belongs to the Administrators Group which "cannot create new users", if that's the case how should I tackle this issue.
As per my understanding, if I have to use CloudFormation to retrieve metadata, the CloudFormation stack creates a new IAM user with only "DescribeStackResource" action permission and this new IAM user lives as long as that stack lives.
It will be available under C:\Program Files (x86)\Amazon\cfn-bootstrap but not sure whether it will run on boot, that I have to verify.