AWS CloudFormation 删除资源
AWS CloudFormation delete resources
我有以下 cloudformation 模板:
Parameters:
SizeCondition1:
Type: String
Default: SizeCondition1
Description: >-
Enter the name of the size condition. Note names cannot be modified after
creation and must be alphanumeric without spaces.
SizeURI1:
Type: String
Default: '8192'
Description: Enter the size limit of the URI.
SizeQuery1:
Type: String
Default: '8192'
Description: Enter the size limit of the query string.
Resources:
WAFSizeCondition1:
Type: 'AWS::WAF::SizeConstraintSet'
Properties:
Name: !Ref SizeCondition1
SizeConstraints:
- FieldToMatch:
Type: QUERY_STRING
ComparisonOperator: GT
Size: !Ref SizeQuery1
TextTransformation: NONE
- FieldToMatch:
Type: URI
ComparisonOperator: GT
Size: !Ref SizeURI1
TextTransformation: NONE
WafRule:
Type: 'Custom::CustomResource'
Properties:
ServiceToken: !Join
- ''
- - 'arn:aws:lambda:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':function:WafLambdaTest'
Name: WAFRateTest1
RateLimit: '2000'
MetricName: WAFRateTest1
Predicates:
- DataId: !Ref WAFSizeCondition1
Negated: false
Type: SizeConstraint
当我触发 DELETE 事件时,我看到以下内容:
问题:
- 为什么WafRule先删除?当它不能被删除之前
WAFSizeCondition1?我如何在模板中声明依赖关系以使 WAFSizeCondition1 先删除?
- 为什么
WAFSizeCondition1不能删除?它引用了哪个资源?如何在这里正确处理资源删除?
- Cloudformation 将根据一些内部逻辑选择一个顺序。要影响其顺序,您可以使用
DependsOn 属性指定某种形式的依赖关系。例如:
WAFSizeCondition1:
类型:'AWS::WAF::SizeConstraintSet'
取决于:WafRule
- 您的自定义资源中存在一个错误,您没有说明您是如何编写函数的,我怀疑您没有采取正确的步骤来删除它。根据 the waf.delete_web_acl docs:
Permanently deletes a WebACL . You can't delete a WebACL if it still
contains any Rules .
To delete a WebACL , perform the following steps:
Update the WebACL to remove Rules , if any. For more information, see
UpdateWebACL .
Use GetChangeToken to get the change token that you
provide in the ChangeToken parameter of a DeleteWebACL request. Submit
a DeleteWebACL request.
我有以下 cloudformation 模板:
Parameters:
SizeCondition1:
Type: String
Default: SizeCondition1
Description: >-
Enter the name of the size condition. Note names cannot be modified after
creation and must be alphanumeric without spaces.
SizeURI1:
Type: String
Default: '8192'
Description: Enter the size limit of the URI.
SizeQuery1:
Type: String
Default: '8192'
Description: Enter the size limit of the query string.
Resources:
WAFSizeCondition1:
Type: 'AWS::WAF::SizeConstraintSet'
Properties:
Name: !Ref SizeCondition1
SizeConstraints:
- FieldToMatch:
Type: QUERY_STRING
ComparisonOperator: GT
Size: !Ref SizeQuery1
TextTransformation: NONE
- FieldToMatch:
Type: URI
ComparisonOperator: GT
Size: !Ref SizeURI1
TextTransformation: NONE
WafRule:
Type: 'Custom::CustomResource'
Properties:
ServiceToken: !Join
- ''
- - 'arn:aws:lambda:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':function:WafLambdaTest'
Name: WAFRateTest1
RateLimit: '2000'
MetricName: WAFRateTest1
Predicates:
- DataId: !Ref WAFSizeCondition1
Negated: false
Type: SizeConstraint
当我触发 DELETE 事件时,我看到以下内容:
问题:
- 为什么WafRule先删除?当它不能被删除之前
WAFSizeCondition1?我如何在模板中声明依赖关系以使WAFSizeCondition1先删除? - 为什么
WAFSizeCondition1不能删除?它引用了哪个资源?如何在这里正确处理资源删除?
- Cloudformation 将根据一些内部逻辑选择一个顺序。要影响其顺序,您可以使用
DependsOn属性指定某种形式的依赖关系。例如:
WAFSizeCondition1:
类型:'AWS::WAF::SizeConstraintSet'
取决于:WafRule
- 您的自定义资源中存在一个错误,您没有说明您是如何编写函数的,我怀疑您没有采取正确的步骤来删除它。根据 the waf.delete_web_acl docs:
Permanently deletes a WebACL . You can't delete a WebACL if it still contains any Rules .
To delete a WebACL , perform the following steps:
Update the WebACL to remove Rules , if any. For more information, see UpdateWebACL .
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a DeleteWebACL request. Submit a DeleteWebACL request.