search

aws / aws-cli

Universal Command Line Interface for Amazon Web Services
Other
15.48k stars 4.11k forks source link

cloudformation create-change-set doesn't respect "no-include-nested-stacks" #6949

Open corey-cole opened 2 years ago

corey-cole commented 2 years ago

Describe the bug

When a change set is created using the "--no-include-nested-stacks" parameter, this is not being respected and the nested stack is being updated.

Expected Behavior

I expected "--no-include-nested-stacks" to exclude nested stacks from update during execution of the change set.

Current Behavior

Child nested stacks are being updated during change set execution.

Reproduction Steps

repro.zip

(Templates in attached zip)

aws cloudformation package \
  --template-file parent.yaml \
  --s3-bucket use-your-own-packaged-bucket-target-here \
  --output-template-file parent-pkg.yaml \
  --force-upload

aws cloudformation deploy \
  --template-file parent-pkg.yaml \
  --stack-name nest-test \
  --parameter-overrides file://params.json

aws cloudformation create-change-set \
  --stack-name nest-test \
  --template-body file://parent-pkg.yaml \
  --parameters file://params_update.json \
  --change-set-name parent-only \
  --no-include-nested-stacks

NOTE: Behavior is the same if the "--no-include-nested-stacks" flag is left out

Possible Solution

No response

Additional Information/Context

No response

CLI version used

aws-cli/2.7.0 Python/3.9.12 Darwin/20.6.0 source/arm64 prompt/off

Environment details (OS name and version, etc.)

macOS 11.6.5

corey-cole commented 2 years ago

This might be a boto/boto3 bug. A trivial boto3 script that creates a change set ignoring child stacks behaves the same way as AWS cli.

import json
import boto3
from pprint import pprint

client = boto3.client('cloudformation')

template_body = ''
with open('parent-pkg.yaml', 'r') as f:
    template_body = f.read()

parameters = []
with open('params_update.json', 'r') as f:
    parameters = json.load(f)

response = client.create_change_set(
    StackName='nest-test',
    TemplateBody=template_body,
    Parameters=parameters,
    ChangeSetName='parent-only-boto3',
    ChangeSetType='UPDATE',
    IncludeNestedStacks=False
)

pprint(response)
tim-finnigan commented 2 years ago

Thanks @corey-cole for reaching out. Can you share your debug logs by adding --debug to the CLI command? Please redact any sensitive information.

corey-cole commented 2 years ago

cs-log-debug-redacted.txt I have the unredacted log locally that I can share via secure channel if required.

tim-finnigan commented 2 years ago

Hi @corey-cole here is the create-change-set documentation for reference. It notes:

--include-nested-stacks | --no-include-nested-stacks (boolean) Creates a change set for the all nested stacks specified in the template. The default behavior of this action is set to False . To include nested sets in a change set, specify True .

So according to that the default behavior is set to False. Can you confirm that by omitting the argument entirely? Or could you try --include-nested-stacks False or --no-include-nested-stacks True?

corey-cole commented 2 years ago

The flag itself is boolean by it's presence.

aws cloudformation create-change-set   --stack-name nest-test   --template-body file://parent-pkg.yaml   --parameters file://params_update.json   --change-set-name parent-only   --no-include-nested-stacks True

usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:

  aws help
  aws <command> help
  aws <command> <subcommand> help

Unknown options: True
tim-finnigan commented 2 years ago

@corey-cole thanks sorry I missed that! When you execute the change set which option do you select here?

image

corey-cole commented 2 years ago

Replied via GMail, but I think it got eaten before getting back to GitHub. I've been using the "Roll back" option but am open to trying the other option if it will make a difference.

corey-cole commented 1 year ago

Roll back, but I can try it with the "preserve" option if you think it will result in a different outcome.

On Fri, May 20, 2022 at 12:37 PM Tim Finnigan @.***> wrote:

@corey-cole https://github.com/corey-cole thanks sorry I missed that! When you execute the change set which option do you select here?

[image: image] https://user-images.githubusercontent.com/87778557/169599321-af5a99e7-a4fa-40ff-89a7-82f717963f2f.png

— Reply to this email directly, view it on GitHub https://github.com/aws/aws-cli/issues/6949#issuecomment-1133258862, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA4HRD6XO5EJFDSPZHOR2UTVK7SWBANCNFSM5V7LUB4Q . You are receiving this because you were mentioned.Message ID: @.***>

tim-finnigan commented 1 year ago

Checking in again - I noticed that you are at AWS so if you'd like to ping me internally then I can direct you to the team who owns this customization for further investigation.