Open anentropic opened 9 months ago
- write code in the cdk stack to mimic the manually created ALB
- run cdk import cli
Can you share your code snippets and full CLI command for the two steps?
the code I've added looks like:
load_balancer = elb.ApplicationLoadBalancer(
self,
"ALB",
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS,
),
internet_facing=False,
)
load_balancer.connections.allow_from(
other=ec2.Peer.ipv4(gateway_cidr),
port_range=ec2.Port.all_icmp(),
)
load_balancer.connections.allow_from(
other=ec2.Peer.ipv4(gateway_cidr),
port_range=ec2.Port.tcp(80),
)
alb_listener = load_balancer.add_listener(
"ALB-http-listener",
port=80,
open=True,
)
alb_listener.add_targets(
"ALB-targets",
targets=[
elb_targets.LambdaTarget(
cast(lambda_.IFunction, django_lambdas.web_lambda)
),
],
)
and then I do like cdk import my-stack
I'm getting a similar error with a following message: "unsupported resource type AWS::ApiGateway::BasePathMapping, skipping import." Also running cdk diff
does not output anything but the resource that is to be imported, but when running cdk import
it stops due to lambda resources requiring an update. cdk import -fv
prints out:
Ignoring updated/deleted resources (--force): ...
EDIT: I've tried importing the resource using AWS Console but that failed as well reporting no resources to update.
@qrsor part of that sounds like a different issue
I have a result from cdk diff
but cdk import
says "No resources selected for import." and names several resources as "unsupported resource type" even though they are shown as supported types in the docs
I now have cdk 2.131.0
and the problem persists, no clue what is actually wrong
am wishing I had used Terraform instead at this point
would love if there was any kind of workaround, besides what I currently have which is just comment out these items from the stack and carry on with the manually deployed resources
e.g. now I want to deploy the stack in a new env, so I have to conditionally define those resources in the stack so they can at least be cdk deployed for one of the envs, but not for the other ... it's just a frustrating mess
@anentropic make sure you have explicitly set DeletionPolicy on imported resources. Without it the resources will not be recognized.
thanks... is this documented somewhere? which deletion policy do they need to have?
the primary resource I am trying to import is an aws_elasticloadbalancingv2.ApplicationLoadBalancer
the closest thing to a deletion policy arg I can see on that is a deletion_protection: bool
which apparently defaults to false
- do I have to set that true
?
ah I see, it's a method, not all resources have it as an arg like S3 Bucket does
adding load_balancer.apply_removal_policy(RemovalPolicy.RETAIN)
did not seem to have an effect, I get the same messages about "unsupported resource type AWS::ElasticLoadBalancingV2::LoadBalancer, skipping import"
Could you maybe test the DESTROY Removal policy? Not in PROD but some test environment?
the code for the chunk I'm trying to import looks like:
from aws_cdk import (
aws_elasticloadbalancingv2 as elb,
aws_elasticloadbalancingv2_targets as elb_targets,
aws_lambda as lambda_,
)
load_balancer = elb.ApplicationLoadBalancer(
self,
"ALB",
load_balancer_name=resource_name_template.format("analytics-dev-alb"),
vpc=vpc,
vpc_subnets=ec2.SubnetSelection(
subnet_type=ec2.SubnetType.PRIVATE_WITH_EGRESS,
),
internet_facing=False,
)
load_balancer.apply_removal_policy(RemovalPolicy.DESTROY)
if config.gateway_cidr:
gateway_peer = ec2.Peer.ipv4(config.gateway_cidr)
else:
gateway_peer = ec2.Peer.any_ipv4()
load_balancer.connections.allow_from(
other=gateway_peer,
port_range=ec2.Port.all_icmp(),
)
load_balancer.connections.allow_from(
other=gateway_peer,
port_range=ec2.Port.tcp(80),
)
# load_balancer.log_access_logs(logs_bucket, prefix="alb")
alb_listener = load_balancer.add_listener(
"ALB-http-listener",
port=80,
open=True,
)
alb_listener.add_targets(
"ALB-targets",
targets=[
elb_targets.LambdaTarget(
cast(lambda_.IFunction, django_lambdas.web_lambda)
),
],
)
alb_listener.apply_removal_policy(RemovalPolicy.DESTROY)
same errors with RemovalPolicy.DESTROY
though
What does diff
output? What does synth
output? Is your ALB managed by other stack or created manually? Is your resources present in the list? https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-supported-resources.html mind that only ELBV2 seem to be supported.
the ALB was created manually
Is your resources present in the list? https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-supported-resources.html mind that only ELBV2 seem to be supported.
as per my original post, all of the resource types it complains "unsupported resource type" for are listed in the table on that page as supporting import
cdk diff
looks like:
Stack my-stack
Hold on while we create a read-only change set to get a diff with accurate replacement information (use --no-change-set to use a less accurate but faster template-only diff)
IAM Statement Changes
┌───┬──────────────────────────┬────────┬───────────────────────┬────────────────────────────────────────────┬───────────┐
│ │ Resource │ Effect │ Action │ Principal │ Condition │
├───┼──────────────────────────┼────────┼───────────────────────┼────────────────────────────────────────────┼───────────┤
│ + │ ${Django/Web Lambda.Arn} │ Allow │ lambda:InvokeFunction │ Service:elasticloadbalancing.amazonaws.com │ │
└───┴──────────────────────────┴────────┴───────────────────────┴────────────────────────────────────────────┴───────────┘
Security Group Changes
┌───┬──────────────────────────────┬─────┬─────────────┬────────────────────┐
│ │ Group │ Dir │ Protocol │ Peer │
├───┼──────────────────────────────┼─────┼─────────────┼────────────────────┤
│ + │ ${ALB/SecurityGroup.GroupId} │ In │ All ICMP │ 10.4.0.0/16 │
│ + │ ${ALB/SecurityGroup.GroupId} │ In │ TCP 80 │ 10.4.0.0/16 │
│ + │ ${ALB/SecurityGroup.GroupId} │ In │ TCP 80 │ Everyone (IPv4) │
│ + │ ${ALB/SecurityGroup.GroupId} │ Out │ ICMP 252-86 │ 255.255.255.255/32 │
└───┴──────────────────────────────┴─────┴─────────────┴────────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)
Resources
[+] AWS::Lambda::Permission Django/Web Lambda/Invoke2UTWxhlfyqbT5FTn--5jvgbLgj+FfJwzswGk55DU1H--Y= DjangoWebLambdaInvoke2UTWxhlfyqbT5FTn5jvgbLgjFfJwzswGk55DU1HYFC50E0FF
[+] AWS::ElasticLoadBalancingV2::LoadBalancer ALB ALBAEE750D2
[+] AWS::EC2::SecurityGroup ALB/SecurityGroup ALBSecurityGroup8B8624F8
[+] AWS::ElasticLoadBalancingV2::Listener ALB/ALB-http-listener ALBALBhttplistener38A8914F
[+] AWS::ElasticLoadBalancingV2::TargetGroup ALB/ALB-http-listener/ALB-targetsGroup ALBALBhttplistenerALBtargetsGroup6742614E
Outputs
[+] Output ALB URL ALBURL: {"Description":"Load-balancer hostname","Value":{"Fn::GetAtt":["ALBAEE750D2","DNSName"]},"Export":{"Name":"ifm-ssa-loadbalancer-dns-name-dev-eu"}}
✨ Number of stacks with differences: 1
I would suggest two possible actions:
cdk diff
only outputs the ALB to be imported without any other resources being created or changed and try cdk import
thencdk synth -j
Describe the bug
I am trying to import pre-created resources into my stack via
cdk import
cliThe docs say:
...and that page has a table of importable resource types (which seems pretty comprehensive)
But when I try to import the resources I get errors like "unsupported resource type ___, skipping import" ...for resource types which are found in the importable list linked in the docs
Expected Behavior
the resources are imported, or I get an error explaining why not
Current Behavior
I get these errors:
so there are five resources identified for import, of the following types:
AWS::Lambda::Permission
AWS::ElasticLoadBalancingV2::LoadBalancer
AWS::EC2::SecurityGroup
AWS::ElasticLoadBalancingV2::Listener
AWS::ElasticLoadBalancingV2::TargetGroup
all of these resource types are found in the table of importable resource types linked in the docs
Reproduction Steps
at the moment I am unable to provide a minimal repro
but basically:
cdk import
cliPossible Solution
I am guessing that maybe, rather than the docs being totally wrong, my resources are non-importable for some other reason and the error message is wrong, obscuring the real problem?
Additional Information/Context
No response
CDK CLI Version
2.121.1 (build d86bb1a)
Framework Version
No response
Node.js Version
v18.18.0
OS
macOS 14.1
Language
Python
Language Version
3.11.5
Other information
No response