SOLVED || Issue with RDS stack when updating a single stack using AWS-CDK Typescript

1
votes

Due to the time it takes to create and destroy a vpc and rds instance with aws-cdk, we separated them into individual stacks.

Vpc Rds ( depends on vpc ) Application ( depends on Rds )

At first there was an issue with DB Instance naming. Once this was fixed i started to work on the pipeline for the application stack.

When i try to deploy my application stack it will run through the dependencies and check. Vpc has no changes so that runs through quite quick no updates needed. The same should be said for the Rds stack but its trying to update the stack on every deploy. which if nothing has changed, surely it should behave like the Vpc stack and understand no changes so skip to the next stack.

With CloudFormation we can skip or block any unwanted updates by applying a policy to the stack. This is still in development from what i can see.

https://github.com/aws/aws-cdk/issues/3414 https://github.com/aws/aws-cdk-rfcs/issues/72

There is an example to use setPolicy but that is creating a new cloudformation and im not too sure how i would implement that. 

    const app = new cdk.App();

const vpc = new VpcStack(app, "vpc", { env, appEnvironment: "staging" });
const rds = new RdsStack(app, "rds", {
  env,
  vpc: vpc.vpc,
  appEnvironment: "staging",
  masterPassword: dbPassword,
});
rds.addDependency(vpc);

const appStack = new AppStack(app, "app", {
  env,
  // configure the environments you want to setup.  The default is production &
  // staging, but for testing we'll just do staging.
  appEnvironments: ["staging"],
  environmentProps: {
    // per environment options go here
    staging: {
      vpc: vpc.vpc,
      db: {
        instance: rds.dbInstance,
        securityGroup: rds.securityGroup,
        username: rds.username,
        password: dbPassword,
      },
      ebOptions: {
        ec2KeyName: "App",
      },
    },
  },
});
appStack.addDependency(rds);
const pipeStack = new PipelineStack(app, "pipeline", {
  appEnvironment: "staging"
});
pipeStack.addDependency(appStack);

app.synth();

EDIT

cdk diff output

  cdk diff
Stack vpcStaging
There were no differences
Stack rdsStaging
Resources
[~] AWS::RDS::DBInstance instance instanceB**** replace
 ├─ [~] DBName (requires replacement)
 │   ├─ [-] rds_staging
 │   └─ [+] DBRds
 ├─ [~] DeletionPolicy
 │   ├─ [-] Delete
 │   └─ [+] Retain
 └─ [~] UpdateReplacePolicy
     ├─ [-] Delete
     └─ [+] Retain

Stack application
Template
[-] Description Description: Elasticbeanstalk setup for application

Security Group Changes
┌───┬─────────────────────────────────────────────┬─────┬─────────────────────────────────────────────┬─────────────────────────────────────────────┐
│   │ Group                                       │ Dir │ Protocol                                    │ Peer                                        │
├───┼─────────────────────────────────────────────┼─────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┤
│ - │ {"Fn::ImportValue":"rdsStaging:ExportsOutput │ In  │ TCP {"Fn::ImportValue":"rdsStaging:ExportsOu │ ${prodsecurityGroupD*****.GroupId}        │
│   │ FnGetAttsecurityGroup88888GroupId***** │     │ tputFnGetAttinstance*****EndpointPort***** │                                             │
│   │ 1"}                                         │     │ *****"}                                     │                                             │
├───┼─────────────────────────────────────────────┼─────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┤
│ + │ ${staging/securityGroup.GroupId}         │ Out │ Everything                                  │ Everyone (IPv4)                             │
├───┼─────────────────────────────────────────────┼─────┼─────────────────────────────────────────────┼─────────────────────────────────────────────┤
│ + │ {"Fn::ImportValue":"rdsStaging:ExportsOutput │ In  │ TCP {"Fn::ImportValue":"rdsStaging:ExportsOu │ ${staging/securityGroup.GroupId}         │
│   │ FnGetAttsecurityGroup*****GroupId***** │     │ tputFnGetAttinstance*****EndpointPort***** │                                             │
│   │ 1"}                                         │     │ *****"}                                     │                                             │
└───┴─────────────────────────────────────────────┴─────┴─────────────────────────────────────────────┴─────────────────────────────────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

Resources
[-] AWS::EC2::SecurityGroup stagingsecurityGroup****** destroy
[-] AWS::EC2::SecurityGroupIngress stagingsecurityGrouprdsStagingsecurityGroup*****IndirectPortto***** destroy
[-] AWS::ElasticBeanstalk::Environment staging***** destroy
[+] AWS::EC2::SecurityGroup staging/securityGroup stagingsecurityGroup***** 
[+] AWS::EC2::SecurityGroupIngress staging/securityGroup/rdsStagingsecurityGroup*****:{IndirectPort} to stagingsecurityGrouprdsStagingsecurityGroup*****IndirectPortto***** 
[+] AWS::ElasticBeanstalk::Environment staging/staging staging*****
1
typescriptamazon-web-servicesaws-cdk
Can you allow share the cdk diff output ?Amit Baranes
@AmitBaranes I updated the question with the diff output. seems the name is being changed even though it isnt. then a security group but again the file has no changes at all.scope
could it be possible that a change was made online instead of with the cdk?scope
Ok, so my guess is since the rds stack is getting the Vpc object from a different stack. rds stack sign this Vpc with a unique identifier and use it as reference. therefore, every time you run cdk deploy new identifier creating and that's why you see the changes. Let me dig into the documentation just to back up my thoughts.Amit Baranes
Can you share the code of your AppStack? The DBName is changing apparently and an update of this property requires a replacement docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/…jogold

1 Answers

0
votes

It depends how you are creating the RDS stack? the diff shows the DBName has changed and that's what requires replacement.