-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DocDB : cdk upgrade shows VpvSecurityIds change and requires cluster to be replaced #31483
Comments
checking |
Please allow me to confirm:
And please share with us:
Related to internal tracking: V1195768568 |
Answer to question 1: But the cdk upgrade required us to make one modification in 1.156, when setting In 1.156 we passed the values from Answer to question 2: yes |
It's still unclear to me what exactly is the code you used to create the cluster in CDK v1 and CDK v2. Are you able to share the code you create the cluster both in v1 and v2 so we could could better support you? Looks like what you have change actually is the vpc_security_group_ids property and that explains
I think this would not be a regression as you actually have modified this prop. If you run |
adding the remaining details requested... yes there was a difference in the from the ( I compared the actual contents of the cdk 1.156
cdk 2.158
the python cdk code used to create the cluster is: (showing only the security group relevant section) cdk 1.156
cdk 2.158.0
also noting that we made the same change to set the
whereas the output from the
|
@qqsandas Thank you for your detailed report. This is very helpful. Looks like the diff is literally the same but cloudformation considers it might cause replacement, which is not determined by CDK. I am guessing this might be related to #29429 (comment) that would happen when upgrading the major version of docdb but obviously you are not. Are you able to try the workaround as mentioned in #29429 (comment) to remove the VpcSecurityGroupIds prop and see if you are still seeing the replacement warning. Also, please make sure to test that in a testing environment and make all the necessary backups. |
We don't have another test cluster to try this right now. We are thinking now a 2 step upgrade from 1.156 => 2.51.1 first, since that does not show cluster replacement warning, Thank you for looking into this, we will check back on this thread for updates |
Describe the bug
While from upgrading from cdk 1.156 to cdk 2.158.0
in a stack with CfnDBCluster, cdk diff shows
We performed a similar upgrade a while ago upgrading from cdk 1.156 to 2.51.1, that upgrade also showed a difference in VpcSecurityGroupIds, but did not require cluster replacement
Regression Issue
Last Known Working CDK Version
2.51.1
Expected Behavior
Change in security group should not require entire DocDB cluster to be replaced
Current Behavior
While from upgrading from cdk 1.156 to cdk 2.158.0
in a stack with CfnDBCluster, cdk diff shows
Reproduction Steps
Upgrade cdk from 1.156 to 2.158 with a stack containing CfnDBCluster
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.158
Framework Version
No response
Node.js Version
Python cdk
OS
Linux
Language
Python
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: