Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is CloudFormation idempotent?

I read in many places on internet that CloudFormation is not idempotent, but I cannot find any example that proves this fact.

Could you please provide me an example that runs a resource to prove that CloudFormation is not idempotent ?

like image 527
Tk421 Avatar asked Jul 07 '15 22:07

Tk421


People also ask

Is Cloud Formation idempotent?

The CloudFormation steps are designed to be idempotent, which means you can run them multiple times and the result will be the same. This means that Octopus will create the stack if it doesn't exist, update the stack if it does exist, and ignore cases where the stack has no updates.

What is Idempotency in AWS?

In programming, idempotency refers to the capacity of an application or component to identify repeated events and prevent duplicated, inconsistent, or lost data. Making your AWS Lambda function idempotent requires designing your function logic to treat duplicated events correctly.

What is AWS CloudFormation?

General. Q: What is AWS CloudFormation? AWS CloudFormation is a service that gives developers and businesses an easy way to create a collection of related AWS and third-party resources, and provision and manage them in an orderly and predictable fashion.

Is CloudFormation secure?

Cloud security at AWS is the highest priority. As an AWS customer, you benefit from data centers and network architectures that are built to meet the requirements of the most security-sensitive organizations.


2 Answers

I am not sure whether this answer will be useful as the question has been posted 2 years ago. Better late than never.

AWS CloudFormation has changed a lot in these 2 years. Right now, I can say for sure that it's API calls are idempotent.

Have a look at these API calls:

  1. CreateStack
  2. UpdateStack
  3. DeleteStack

You will find that there is an optional parameter called ClientRequestToken. This provides idempotency to the API calls. It's the token that client provides to tell the CloudFormation service that it is not making a new API call. As long as you use the same token and keep making the call with rest of the parameters same, CloudFormation knows that you are only retrying the call.

like image 125
Will_of_fire Avatar answered Sep 28 '22 10:09

Will_of_fire


The definition of idempotent according to Wikipedia is as follows:

In computer science, the term idempotent is used more comprehensively to describe an operation that will produce the same results if executed once or multiple times.

CloudFormation is considered not idempotent in several aspects of its behavior:

  • Calling the create API for a stack that already exists will result in an error
  • Calling the update API with an unchanged CloudFormation stack results in an error
  • Creating and deleting the same stack again will result in creating resources with different ARNs for IAM Users, Security Group IDs, EC2 Instance IDs, VPC IDs, etc...
  • Resources modified outside of CloudFormation will not be changed back to original values if existing stack is updated with existing content

However, from a high level one of the main reasons to use CloudFormation is so you represent your infrastructure as code so you can use it to produce the same infrastructure repeatedly. That is almost identical to the original definition of idempotent, but the distinction is on the multiple times part here. As listed above when using the same stack and applying on top of it or deleting a stack and recreating it, technically you are not getting the exact same results, but from a practical standpoint this is completely understandable and often perfectly acceptable.

like image 30
JaredHatfield Avatar answered Sep 28 '22 08:09

JaredHatfield