search

aws-cloudformation / cloudformation-cli

The CloudFormation Provider Development Toolkit allows you to author your own resource providers and modules that can be used by CloudFormation.
Apache License 2.0
316 stars 157 forks source link

CloudFormation silently doesn't associate second CloudFront function and produces no error. #991

Closed garretwilson closed 9 months ago

garretwilson commented 1 year ago

I have a CloudFront distribution with a single function:

  CloudFrontDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
…
        DefaultCacheBehavior:
…
          FunctionAssociations:
            - EventType: viewer-request
              FunctionARN: !GetAtt FooFunction.FunctionMetadata.FunctionARN

I deploy the stack using aws cloudformation deploy … and see that in the console the FooFunction has a status of Deployed.

I define another function in the CloudFormation template and call aws cloudformation deploy … again.

  CloudFrontDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
…
        DefaultCacheBehavior:
…
          FunctionAssociations:
            - EventType: viewer-request
              FunctionARN: !GetAtt FooFunction.FunctionMetadata.FunctionARN
            - EventType: viewer-request
              FunctionARN: !GetAtt BarFunction.FunctionMetadata.FunctionARN

Note that both functions have AutoPublish: true set.

In the console both functions now appear under "Functions". The status of FooFunction still shows Deployed. However the status of BarFunction is Published. And if I click on BarFunction, under "Associated distributions" it says:

This function is not associated with any distributions.

Yet it is clearly listed under FunctionAssociations.

garretwilson commented 1 year ago

To try to force CloudFormation to update, I deleted the entire FunctionAssociations section altogether and did an aws cloudformation deploy …. As expected, the status of both functions changed to Published.

But then I added the FunctionAssociations section back, referencing both functions, both with AutoPublish set to true. After the deploy, I get:

(sigh)

Like #989, CloudFormation seems to be full of little hidden "sticky" settings. I never know when a deploy is going to "take" and really update, or just half-baked update.

garretwilson commented 1 year ago

I don't believe it.

  1. I deleted both functions themselves from the template, as well as the entire FunctionAssociations section of the distribution.
  2. I did an aws cloudformation deploy … and then verified in the console that both functions no longer exist.
  3. I manually invalidated the entire (/*) distribution from the console.
  4. I added back both functions to the template, along with the FunctionAssociations.
  5. I did another aws cloudformation deploy.

I get back two functions:

This is tiring and frustrating. Somehow it remembered these two functions, even though they were supposedly completely deleted, and only associated one of them with the distribution, when the configurations for both are identical in the template.

I am giving up for today.

garretwilson commented 1 year ago

I have now raised this issue on Stack Overflow.

garretwilson commented 1 year ago

I succeeded in getting BarFunction deployed, but only by removing FooFunction:

  1. I deleted FooFunction altogether from the template and from the FunctionAssociations section of the distribution, leaving only BarFunction.
  2. I did an aws cloudformation deploy … and then verified in the console that FooFunction was not listed. This time BarFunction showed a status of Deployed!
  3. I added BarFunction back to the template and added it back to the FunctionAssociations section of the distribution.
  4. I did another aws cloudformation deploy.

Yet again I get back two functions:

There is something broken about CloudFormation that will not allow two functions to be deployed at the same time, even though they are both listed in the FunctionAssociations section.

garretwilson commented 1 year ago

Someone responded about this on Stack Overflow, saying that some other page mentioned that each event type can only have one function associated with it in a distribution.

However this is not mentioned anywhere in the docs for AWS::CloudFront::Distribution DefaultCacheBehavior. Moreover, if a CloudFormation is invalid (i.e. if CloudFormation will refuse to implement the template as written), shouldn't CloudFormation produce an error instead of silently doing something different than what the CloudFormation template specifies?

mircealam commented 9 months ago

This is not the right place. Please verify if there is an issue here and if not please open one: https://github.com/aws-cloudformation/cloudformation-coverage-roadmap

Also, when reporting the issue it helps if you can provide a bit more details to help replicate the issue (e.g. a minimal template that helps reproduce the issue can immensely help)