Open jmwyson opened 5 days ago
When both create_changeset and termination_protection are set when calling the cloudformation module, the termination_protection is not configured for the stack.
The problem seems to be the if logic in https://github.com/ansible-collections/amazon.aws/blob/52d3965188d45841495c1721aaf1615d08d6874d/plugins/modules/cloudformation.py#L779C1-L787C110 where if create changeset is enabled, then the "else" where the termination protection is updated, is not executed.
Bug Report
cloudformation
ansible [core 2.15.10] config file = /etc/ansible/ansible.cfg configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.9/site-packages/ansible ansible collection location = /home/runner/.ansible/collections:/usr/share/ansible/collections executable location = /usr/bin/ansible python version = 3.9.18 (main, Sep 22 2023, 17:58:34) [GCC 8.5.0 20210514 (Red Hat 8.5.0-20)] (/usr/bin/python3.9) jinja version = 3.1.3 libyaml = True
# /usr/share/ansible/collections/ansible_collections Collection Version ----------------------------- ------- amazon.aws 7.5.0 ansible.windows 2.3.0 community.aws 7.2.0 community.general 8.6.0
WARNING: Package(s) not found: boto Name: boto3 Version: 1.29.0 Summary: The AWS SDK for Python Home-page: https://github.com/boto/boto3 Author: Amazon Web Services Author-email: None License: Apache License 2.0 Location: /usr/local/lib/python3.9/site-packages Requires: botocore, jmespath, s3transfer Required-by: cloudformation-cli, aws-sam-translator --- Name: botocore Version: 1.34.90 Summary: Low-level, data-driven core of boto 3. Home-page: https://github.com/boto/botocore Author: Amazon Web Services Author-email: None License: Apache License 2.0 Location: /usr/local/lib/python3.9/site-packages Requires: urllib3, jmespath, python-dateutil Required-by: s3transfer, cloudformation-cli, boto3
No response
- name: Deploy CloudFormation Stack cloudformation: stack_name: my-stack template: "mytemplate.yml" on_create_failure: DELETE state: present create_changeset: true profile: "my-aws-profile" region: us-east-1 termination_protection: true
For an existing stack, the stack should have termination protection enabled.
For an existing stack, termination protection is not enabled.
Summary
When both create_changeset and termination_protection are set when calling the cloudformation module, the termination_protection is not configured for the stack.
The problem seems to be the if logic in https://github.com/ansible-collections/amazon.aws/blob/52d3965188d45841495c1721aaf1615d08d6874d/plugins/modules/cloudformation.py#L779C1-L787C110 where if create changeset is enabled, then the "else" where the termination protection is updated, is not executed.
Issue Type
Bug Report
Component Name
cloudformation
Ansible Version
Collection Versions
AWS SDK versions
Configuration
No response
OS / Environment
No response
Steps to Reproduce
Expected Results
For an existing stack, the stack should have termination protection enabled.
Actual Results
For an existing stack, termination protection is not enabled.
Code of Conduct