feat(cli): support CloudFormation simplified resource import #29087
Conversation
maybe revert later
Co-authored-by: Luca Pizzini <[email protected]>
Co-authored-by: Luca Pizzini <[email protected]>
Co-authored-by: Luca Pizzini <[email protected]>
github-actions
bot
added
effort/medium
tmokmss
had a problem deploying
to
test-pipeline
GitHub Actions
Failure
aws-cdk-automation
removed
pr/needs-maintainer-review
|
@SankyRed Thanks! I guess we also need to add |
SankyRed
added
the
pr-linter/exempt-integ-test
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
aws-cdk-automation
added
the
pr/needs-maintainer-review
There was a problem hiding this comment.
we probably want this feature on diff changesets as well... @TheRealAmazonKendra what do you think?
| ResourcesToImport: this.options.resourcesToImport, | ||
| Description: `CDK Changeset for execution ${this.uuid}`, | ||
| ClientToken: `create${this.uuid}`, | ||
| ImportExistingResources: importExistingResources, |
There was a problem hiding this comment.
what happens if they specify both ResourcesToImport and ImportExistingResources?
There was a problem hiding this comment.
I guess it will not work, but the spec says nothing about such restriction, so I would like to keep it as-is.
Actually users cannot set both ImportExistingResources and ResourcesToImport from the CDK CLI, because the former is only used in cdk deploy, and cdk deploy does not have any command argument to directly set ResourcesToImport.
There was a problem hiding this comment.
The spec isn't really the source of truth we all wish it was so it's not uncommon we enforce logical things the spec does not. However in this specific instance I believe it is correct not to enforce these arguments be exclusive because there is a difference between the resources supported by importExistingResources and ResourcesToImport. Auto-import is a subset of resources supported by ResourcesToImport so it is entirely possible to have both. It is entirely possible then someone could build a command which fails, but I believe this won't really be a common occurence and this is fine to leave as is
aws-cdk-automation
removed
the
pr/needs-maintainer-review
|
@comcalvi @tmokmss @TheRealAmazonKendra What exactly is this PR blocked on? It has been months since the PR was raised. If it's adding this feature in a different cdk operation (cdk diff), can that be a separate PR/issue? |
mergify
bot
dismissed
comcalvi’s stale review
Pull request has been modified.
tmokmss
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
|
@comcalvi Hi, I resolved the merge conflict. Can you take a look at this once again? |
aws-cdk-automation
added
the
pr/needs-maintainer-review
| ResourcesToImport: this.options.resourcesToImport, | ||
| Description: `CDK Changeset for execution ${this.uuid}`, | ||
| ClientToken: `create${this.uuid}`, | ||
| ImportExistingResources: importExistingResources, |
There was a problem hiding this comment.
The spec isn't really the source of truth we all wish it was so it's not uncommon we enforce logical things the spec does not. However in this specific instance I believe it is correct not to enforce these arguments be exclusive because there is a difference between the resources supported by importExistingResources and ResourcesToImport. Auto-import is a subset of resources supported by ResourcesToImport so it is entirely possible to have both. It is entirely possible then someone could build a command which fails, but I believe this won't really be a common occurence and this is fine to leave as is
packages/aws-cdk/README.md
Outdated
| This allows you to automatically import the resources in your template that already | ||
| exist in your AWS account during CloudFormation deployments. | ||
| With this feature, you can reduce the manual effort of import operations and avoid | ||
| deployment failures because of naming conflicts. |
There was a problem hiding this comment.
| This allows you to automatically import the resources in your template that already | |
| exist in your AWS account during CloudFormation deployments. | |
| With this feature, you can reduce the manual effort of import operations and avoid | |
| deployment failures because of naming conflicts. | |
| Automatically import resources in your CDK application which represent | |
| unmanaged resources in your account. | |
| Reduces the manual effort of import operations and avoids | |
| deployment failures due to naming conflicts with unmanaged resources in your account |
There was a problem hiding this comment.
adding some active voice to be more similar to how our other command readme's are written.
aws-cdk-automation
removed
the
pr/needs-maintainer-review
| @@ -880,6 +880,41 @@ describe('disable rollback', () => { | |||
|
|
|||
| }); | |||
|
|
|||
| describe('import-existing-resources', () => { | |||
There was a problem hiding this comment.
Can we get a CLI integ test that creates a single resource and then imports it with this new flag?
There was a problem hiding this comment.
@comcalvi
Thanks, but I don't fully agree with implementing such test on CDK side. Because:
- Such test would more or less complicate the test code, not noly the success case, but also ensuring there is no orphaned resource when test failed halfway through. This possibly increases maintenance cost of the cli integ test code.
- It is not CDK's responsibility to ensure that a resource is successfully imported when the flag is set. It is CFn's responsibility to guarantee the functionality. CDK should just make sure the flag is set properly (as tested in the current code.)
What do you think?
Existing Resource Import MethodsCDK has 3 ways to import stuff into a CDK stack:
The New Resource Import MethodCFN launched a feature that allows a changeset to absorb new resources into the stack. This is specified as a flag on the changeset and it effectively turns any "Resource already exists" errors into resource import operations. This means that if your stack attempts to create a resource with the same physical ID as another resource in the same environment, it will import it instead. It's unclear if this flag works with That doesn't affect this PR though, because this, conceptually, is a standard Bottom LineWe should add this as a flag to |
Co-authored-by: Calvin Combs <[email protected]>
mergify
bot
dismissed stale reviews from HBobertz and comcalvi
Pull request has been modified.
tmokmss
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
Co-authored-by: Hogan Bobertz <[email protected]> Co-authored-by: Calvin Combs <[email protected]>
tmokmss
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
tmokmss
requested a deployment
to
test-pipeline
GitHub Actions
Waiting
|
Thanks! I addressed all the comments from you :)
As far as I tested, CFn decides whether a resource is created or imported when we create a changeset. If a resource will be imported, the changeset type for the resource will become |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
aws-cdk-automation
added
the
pr/needs-maintainer-review
Issue # (if applicable)
Closes #28060.
Reason for this change
This feature allows to automatically import exsting resources with the same physical name, such as S3 bucket, DDB table, etc, during a CFn deployment.
Because resource import is a vital feature for CDK users e.g. to refactor a construct tree, cdk migrate, etc, it would benefit many potential users if cdk natively support it.
Description of changes
This PR adds a CLI option --import-exsting-resources: boolean to cdk deploy command and pass it to createChangeSet API call.
Description of how you validated changes
Added a cli integ test.
Checklist
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license