Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I check if a resource was created by CloudFormation?

Tags:

amazon-cloudformation

I have inherited an AWS account with a lot of resources. Some of them were created manually, other by CloudFormation.

How can I check if a resource (in my case Security Group) was created by CloudFormation and belongs to a stack?

For some security groups aws ec2 describe-security-groups --group-ids real_id results in:

...
"Tags": [
            {
                "Value": "REAL_NAME",
                "Key": "aws:cloudformation:logical-id"
            },
            {
                "Value": "arn:aws:cloudformation:<REAL_ID>",
                "Key": "aws:cloudformation:stack-id"
            },
]
...

Other security groups don't have any tags.

Is it the only indicator? I mean, someone could easily remove tags form an SG created by CloudFormation.

like image 227
Pawel Avatar asked Aug 22 '18 09:08

Pawel

People also ask

How do I check my CloudFormation stack?

To view information about your CloudFormation stack On the Stacks page of the CloudFormation console, select the stack name. CloudFormation displays the stack details for the selected stack. Select a stack details pane to view the related information about your stack.

What is the name of a collection of resources created in AWS CloudFormation?

A stack is a collection of AWS resources that you can manage as a single unit. In other words, you can create, update, or delete a collection of resources by creating, updating, or deleting stacks. All the resources in a stack are defined by the stack's AWS CloudFormation template.

How are resources defined in CloudFormation?

The resource type identifies the type of resource that you are declaring. For example, AWS::EC2::Instance declares an EC2 instance. For a list of all resource types, see AWS resource and property types reference. Resource properties. Resource properties are additional options that you can specify for a resource.

How do I delete all resources created by CloudFormation?

To delete a stackOpen the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation . On the Stacks page in the CloudFormation console, select the stack that you want to delete. The stack must be currently running. In the stack details pane, choose Delete.

1 Answers

As per the official documentation, in addition to any tags you define, AWS CloudFormation automatically creates the following stack-level tags with the prefix aws::

aws:cloudformation:logical-id

aws:cloudformation:stack-id

aws:cloudformation:stack-name

All stack-level tags, including automatically created tags, are propagated to resources that AWS CloudFormation supports. Currently, tags are not propagated to Amazon EBS volumes that are created from block device mappings.

--

This should be a good place to start with but since CF doesn't enforce the stack state so if someone deleted something manually then you would never know.

If I were you, I would export everything (supported) via Cloudformer and re-design the whole setup my way.

Another way:

You can pass PhysicalResourceId of a resource to describe_stack_resources and get the stack information if it belongs to a CF stack. This is an example:

cf = boto3.client('cloudformation') cf.describe_stack_resources(PhysicalResourceId="i-0xxxxxxxxxxxxxxxx")

https://boto3.readthedocs.io/en/latest/reference/services/cloudformation.html#CloudFormation.Client.describe_stack_resources

like image 84
bhalothia Avatar answered Oct 12 '22 21:10

bhalothia
Sign in to Comment

Related questions

How to create an "alias target" A DNS record in Route53 for an elasticache replication group
DynamoDB auto scaling with Cloudformation
AWS API Gateway Method Response in CloudFormation
AWS Cloudformation : Fn::Join within a Fn::FindInMap statement?
How to pass parameters between one cloud formation to another cloud formation template
Does AWS CloudFormation support ECS Task Placement strategies?
IdentityPool Creation with CloudFormation
DeletionPolicy:Snapshot cannot be specified for a cluster instance, use deletion policy on the cluster instead
Clear stack policy in Cloudformation?
The DB instance and EC2 security group are in different VPCs, cloudFormation error
Reusing AWS::CloudFormation::Init (and userdata?) for multiple instances
Cloudformation template to trigger Lambda on S3 event
Is it possible to just add tags to CloudFormation stack after it is created?
What is double colon in yaml ? I'm seeing in AWS Cloud Formation
Aws cli cloudformation error seen on passing parameter value of type CommaDelimitedList
CloudFormation specify None value for parameter
AWS Amplify: How to recreate manually deleted CloudFormation stacks
How do I implement a DynamoDB Global Secondary Index with Infrastructure As Code in CloudFormation
How to create some random or unique value in a CloudFormation template?
Serverless: Deplyment error S3 Bucket already exists in stack

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!