-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Log when any stateful resource is in stack #530
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
/** | ||
* A list of resource types that should be considered stateful | ||
* and care should be taken when updating them to ensure they | ||
* are not accidentally replaced as this could lead to downtime. | ||
* | ||
* For example, if a load balancer is accidentally replaced, | ||
* any CNAME DNS entry for it would now be invalid and downtime | ||
* will be incurred for the TTL of the DNS entry. | ||
* | ||
* Currently, this list is used to generate warnings at synth time. | ||
* Ideally we'd add a stack policy to stop the resource being deleted, | ||
* however this isn't currently supported in CDK. | ||
* | ||
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html | ||
* @see https://github.com/aws/aws-cdk-rfcs/issues/72 | ||
*/ | ||
export const StatefulResourceTypes: string[] = [ | ||
"AWS::CertificateManager::Certificate", | ||
"AWS::DynamoDB::Table", | ||
"AWS::ElasticLoadBalancing::LoadBalancer", | ||
"AWS::ElasticLoadBalancingV2::LoadBalancer", | ||
"AWS::S3::Bucket", | ||
]; |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,9 @@ | ||
import type { App, StackProps } from "@aws-cdk/core"; | ||
import { Stack, Tags } from "@aws-cdk/core"; | ||
import type { App, IConstruct, StackProps } from "@aws-cdk/core"; | ||
import { CfnResource, Stack, Tags } from "@aws-cdk/core"; | ||
import { Stage } from "../../constants"; | ||
import { StatefulResourceTypes } from "../../constants/stateful-resource-types"; | ||
import { TrackingTag } from "../../constants/tracking-tag"; | ||
import { Logger } from "../../utils/logger"; | ||
import type { StackStageIdentity } from "./identity"; | ||
import type { GuStageDependentValue } from "./mappings"; | ||
import { GuStageMapping } from "./mappings"; | ||
|
@@ -120,4 +122,26 @@ export class GuStack extends Stack implements StackStageIdentity, GuMigratingSta | |
this.addTag("Stack", this.stack); | ||
this.addTag("Stage", this.stage); | ||
} | ||
|
||
protected prepare(): void { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The docs are a little scary, but we're only logging so should be ok?!
|
||
super.prepare(); | ||
|
||
/* | ||
Log a message whenever a stateful resource is encountered in the stack. | ||
|
||
Ideally we'd add a stack policy to stop the resource being deleted, | ||
however this isn't currently supported in CDK. | ||
|
||
See: | ||
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/protect-stack-resources.html | ||
- https://github.com/aws/aws-cdk-rfcs/issues/72 | ||
*/ | ||
this.node.findAll().forEach((construct: IConstruct) => { | ||
if (CfnResource.isCfnResource(construct) && StatefulResourceTypes.includes(construct.cfnResourceType)) { | ||
Logger.warn( | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We could call |
||
`The resource '${construct.node.path}' of type ${construct.cfnResourceType} is considered stateful by @guardian/cdk. Care should be taken when updating this resource to avoid accidental replacement as this could lead to downtime.` | ||
); | ||
} | ||
}); | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR is in draft whilst we identify items in this list (and also discuss if this PR is a good idea, as I'm not entirely sold...).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few suggestions:
AWS::SNS::Topic
(when used as an API for other services)AWS::SQS::Queue
AWS::Kinesis::Stream
AWS::RDS::DBInstance
There must also be an API Gateway resource which should be included in this list (i.e. the resource which maintains the stable URL which is part of the CNAME DNS entry), but I'm struggling to figure out which resource that is!