search

aws-cloudformation / cloudformation-coverage-roadmap

The AWS CloudFormation Public Coverage Roadmap
https://aws.amazon.com/cloudformation/
Creative Commons Attribution Share Alike 4.0 International
1.11k stars 54 forks source link

(AWS::RDS::GlobalCluster) False-positive drift on SourceDBClusterIdentifier #1856

Closed dbayardAWS closed 5 months ago

dbayardAWS commented 9 months ago

Name of the resource

AWS::RDS::GlobalCluster

Resource Name

No response

Issue Description

Currently, when a customer does a managed switch over (via the Console or CLI), drift detection will report that their GlobalCluster resource is now out of sync. This is because the GlobalCluster CFN resource thinks the SourceDBClusterIdentifier value is the cluster member from describe-global-clusters with the isWriter attribute=true.

My customer believes this property should be ignored when determining drift.

Expected Behavior

The customer feels that we should ignore the SourceDBClusterIdentifier property when calculating drift. This would allow them to do managed switchover without the GlobalCluster resource being marked as in drift.

If at a later date, we enable the GlobalCluster CFN resource to be used to initiate managed switchover, then it would make sense to re-add this property to drift detection. But until we do that, my customer feels that the logic should assume that the decision to switchover outside of CFN was made on purpose and should not mark the GlobalCluster resource as drifted.

Observed Behavior

Post managed switchover, the GlobalCluster resource will be marked as in drift:

    {
        "StackId": "arn:aws:cloudformation:us-east-2:946160804999:stack/aurora-globaldatabase/ac1ee0c0-8d57-11ee-afb7-02c9fadea403",
        "LogicalResourceId": "GlobalDBCluster",
        "PhysicalResourceId": "globaldbcluster",
        "ResourceType": "AWS::RDS::GlobalCluster",
        "ExpectedProperties": "{\"GlobalClusterIdentifier\":\"globaldbcluster\",\"SourceDBClusterIdentifier\":\"arn:aws:rds:us-east-2:946160804628:cluster:dbcluster01\"}",
        "ActualProperties": "{\"GlobalClusterIdentifier\":\"globaldbcluster\",\"SourceDBClusterIdentifier\":\"arn:aws:rds:us-west-2:946160804628:cluster:dbcluster02\"}",
        "PropertyDifferences": [
            {
                "PropertyPath": "/SourceDBClusterIdentifier",
                "ExpectedValue": "arn:aws:rds:us-east-2:946160804999:cluster:dbcluster01",
                "ActualValue": "arn:aws:rds:us-west-2:946160804999:cluster:dbcluster02",
                "DifferenceType": "NOT_EQUAL"
            }
        ],
        "StackResourceDriftStatus": "MODIFIED",
        "Timestamp": "2023-11-27T19:54:12.896000+00:00"
    },

Test Cases

Create a GlobalCluster configuration using CFN with a primary cluster in region1 and secondary cluster in region2.
Use the Console/CLI to do a managed switchover. Run drift detection on the stack that contains the GlobalCluster resource.

Other Details

No response