Closed membra closed 2 years ago
Looking at the last processed resource I suspect it might have to do with this particular resource that does not have a physical name
@membra I think you're right. I actually introduced this "bug" when I fixed issue https://github.com/servian/aws-auto-cleanup/issues/97. I don't however know if this is a legit problem or not as it looks like that resource has been "deleted" and therefore the app shouldn't even be looking at those resources.
Maybe I need to filter out those resources when retrieving the resources in the app that I'm whitelisting etc.
I see that the Stack itself is in a ROLLBACK_COMPLETE
state, yet you only have two resources and both were deleted. Can you give me more info?
Can you also run the following CLI for me and send me your output. Make sure you redact any private info.
@mlevit That was the first time I was running the cleanup tool in the actual target account I will be eventually cleaning up. There are many devs working there, This particular stack was just in the middle of work / investigation and I cannot find exact detail of why it was in this state. It is not now in that state anymore, it has been updated since so the describe stack won't give anything important I think now anymore.
But that state it was in - is definitely a real life situation which can block the execution of the cleanup.
I got the same issue in another account as well, here is the output of the command, the resource lacks physical id
{
"StackResources": [
{
"StackName": "cfn-as2-sand-harvey-ec2-security",
"StackId": "arn:aws:cloudformation:ap-southeast-2:accid:stack/cfn-as2-sand-harvey-ec2-security/4e2dbfc0-6ec0-11ec-a6d1-02f59a33595a",
"LogicalResourceId": "HarveyEC2Security",
"PhysicalResourceId": "cfn-as2-sand-harvey-ec2-security-HarveyEC2Security-1WPCTX9KJYUGO",
"ResourceType": "AWS::EC2::SecurityGroup",
"Timestamp": "2022-01-06T07:14:56.798000+00:00",
"ResourceStatus": "DELETE_COMPLETE",
"DriftInformation": {
"StackResourceDriftStatus": "NOT_CHECKED"
}
},
{
"StackName": "cfn-as2-sand-harvey-ec2-security",
"StackId": "arn:aws:cloudformation:ap-southeast-2:accid:stack/cfn-as2-sand-harvey-ec2-security/4e2dbfc0-6ec0-11ec-a6d1-02f59a33595a",
"LogicalResourceId": "HostRole",
"ResourceType": "AWS::IAM::Role",
"Timestamp": "2022-01-06T07:14:54.444000+00:00",
"ResourceStatus": "DELETE_COMPLETE",
"DriftInformation": {
"StackResourceDriftStatus": "NOT_CHECKED"
}
}
]
}
Thanks for that. I'm going to assume the physical ID is missing because the resource has been deleted. Let me add a check for it next week.
Try to keep that stack there for testing 😀
@membra I've made a patch for this issue. Can you test it for me: https://github.com/servian/aws-auto-cleanup/tree/physical-id-missing
@mlevit
same issue from what I see so far in the screenshot you see I am in your new branch
I don't believe you've deployed that branch. The following line
if "/" in resource_child_id:
has actually changed to
if "/" in resource_child_physical_id:
Please check again.
correct, i didn't deploy, just ran, will do, sorry
that looks fine to me now, thanks! Do you need any logs confirming that? For me it looks like it finished analyzing the account, so I am good
There should be some logs stating something along the lines of does not have a PhysicalResourceId and cannot be whitelisted
.
They are however DEBUG logs meaning you'll have to change the log_level
within the serverless.yml
file to DEBUG
.
Describe the bug
Invoking a cleanup with npm run logs -- --region ap-southeast-2 --aws-profile rsadmin
Getting this error in the process: [INFO] Switching to 'ap-southeast-2' region. (main.py, run_cleanup(), line 66) Exception in thread Thread-106: Traceback (most recent call last): File "/var/lang/lib/python3.8/threading.py", line 932, in _bootstrap_inner self.run() File "/var/lang/lib/python3.8/threading.py", line 870, in run self._target(*self._args, **self._kwargs) File "/var/task/src/cloudformation_cleanup.py", line 255, in delete_stack if "/" in resource_child_id: TypeError: argument of type 'NoneType' is not iterable
Full log with debug level attached: output.txt
I suspect it is failing on a certain resource, how do I figure out which one exactly?