aws-cloudformation / cloudformation-coverage-roadmap

The AWS CloudFormation Public Coverage Roadmap
https://aws.amazon.com/cloudformation/
Creative Commons Attribution Share Alike 4.0 International
1.11k stars 56 forks source link

[AWS::EFS::FileSystem] - [BUG] - Changing `ThroughputMode` in the AWS GUI is not recognized by Drift Detection #1809

Open r-heimann opened 1 year ago

r-heimann commented 1 year ago

Name of the resource

AWS::EFS::FileSystem

Issue Description

When you create a AWS::EFS::FileSystem using CloudFormation

  EFSVolume:
    Type: AWS::EFS::FileSystem
    Properties:
      AvailabilityZoneName: !Sub "${AWS::Region}a"
      BackupPolicy:
        Status: "DISABLED"

The default ThroughputMode will be bursting. Changing bursting to elastic in the AWS GUI will result in the CloudFormation Stack to be drifted, but this is not recognized by Drift Detection and the Resource is showing up as Resource drift status: IN_SYNC

Expected Behavior

Drift Detection of AWS::EFS::FileSystem is working for the ThroughputMode.

Observed Behavior

It's not working.

Test Cases

  1. Create an EFS Volume:
  EFSVolume:
    Type: AWS::EFS::FileSystem
    Properties:
      AvailabilityZoneName: !Sub "${AWS::Region}a"
      BackupPolicy:
        Status: "DISABLED"
  1. Change the ThroughputMode to a different value in the AWS GUI
  2. Check the Resource Drift in the Drift Detection GUI
FarrOut commented 1 year ago

Confirmed. (In eu-west-1 & us-east-1)

template

Type: AWS::EFS::FileSystem
Properties:
  Encrypted: true
  FileSystemTags:
    - Key: Name
      Value: EfsStack/EfsNestedStack/Efs
UpdateReplacePolicy: Delete
DeletionPolicy: Delete

Drift

IN_SYNC

Expected

{
  "Encrypted": true,
  "FileSystemTags": [
    {
      "Value": "EfsStack/EfsNestedStack/Efs",
      "Key": "Name"
    }
  ]
}

Actual

{
  "Encrypted": true,
  "FileSystemTags": [
    {
      "Key": "Name",
      "Value": "EfsStack/EfsNestedStack/Efs"
    }
  ]
}

Seems like the read handler is returning "ThroughputMode" property...

aws efs describe-file-systems --file-system-id fs-xxxxxxxxxxxxxxxxxxxx --output json > describe_file_system_dub.json
{
    "FileSystems": [
        {
            "OwnerId": "000000000000",
            "CreationToken": "Efs9E8BF36B-xxxxxxxxxx",
            "FileSystemId": "fs-xxxxxxxxxxxxxxxxxxxx",
            "FileSystemArn": "arn:aws:elasticfilesystem:eu-west-1:000000000000:file-system/fs-xxxxxxxxxxxxxxxxxxxx",
            "CreationTime": "2023-10-03T12:31:02+02:00",
            "LifeCycleState": "available",
            "Name": "EfsStack/EfsNestedStack/Efs",
            "NumberOfMountTargets": 3,
            "SizeInBytes": {
                "Value": 6144,
                "Timestamp": "2023-10-03T14:24:41+02:00",
                "ValueInIA": 0,
                "ValueInStandard": 6144
            },
            "PerformanceMode": "generalPurpose",
            "Encrypted": true,
            "KmsKeyId": "arn:aws:kms:eu-west-1:000000000000:key/50aa0ccc-df61-49e7-9e55-xxxxxxxxxxxxxxx",
            "ThroughputMode": "elastic",
            "Tags": [
                {
                    "Key": "BelongsTo",
                    "Value": "SeedyKay"
                },
                {
                    "Key": "Name",
                    "Value": "EfsStack/EfsNestedStack/Efs"
                }
            ]
        }
    ]
}