Closed dannysteenman closed 2 years ago
hi @dannysteenman, I would expect the same!
A bit more context on how this happens:
if the the task did not change you get the following message "Setting buil action .... None - hash matches stored target". this happens correctly on line 622 of your logs for the CommunityEc2NoDefaultVpcsRP task.
this doesn't seem to happen for ComplianceTemplate (as it clearly executes and fails). 1) this seems to indicate something in your task changed (could be whitespace in the description or the template. 2) now, if something random changed and CloudFormation - after parsing the template - doesn't see a meaningful change, CloudFormation will perform a no-op. 3) if the CloudFormation template changed but this specific resource (the NoDefaultVPC resource) did not change then I would not expect the NoDefaultVPC resource handler to be invoked. CloudFormation would just skip it.
in any case I wouldn't expect the NoDefaultVPC resource to fail. maybe some of the above context helps diagnose the issue? otherwise maybe share the template? I believe your colleague Yannick is on the org-formation slack and feel free to reach out through slack if needed. good luck
All my attempts to register the NoDefaultVpc type are failing with the same error.
hi @dannysteenman, I would expect the same!
A bit more context on how this happens:
if the the task did not change you get the following message "Setting buil action .... None - hash matches stored target". this happens correctly on line 622 of your logs for the CommunityEc2NoDefaultVpcsRP task.
this doesn't seem to happen for ComplianceTemplate (as it clearly executes and fails).
- this seems to indicate something in your task changed (could be whitespace in the description or the template.
- now, if something random changed and CloudFormation - after parsing the template - doesn't see a meaningful change, CloudFormation will perform a no-op.
- if the CloudFormation template changed but this specific resource (the NoDefaultVPC resource) did not change then I would not expect the NoDefaultVPC resource handler to be invoked. CloudFormation would just skip it.
in any case I wouldn't expect the NoDefaultVPC resource to fail. maybe some of the above context helps diagnose the issue? otherwise maybe share the template? I believe your colleague Yannick is on the org-formation slack and feel free to reach out through slack if needed. good luck
Thanks for the reply @OlafConijn I totally forgot to respond to this github issue. Good news is that I found the culprit :) and basically what caused the issue in our account was that the custom resource which manages the nodefaultvpc functionality was deleted by our janitor bot (a bot on our AWS account that deletes untagged resources) and every cloudformation stack update caused the error that I've shared earlier. So basically this is bug on our side 😅. Keep up the great work!
Update: This has cleared up for me on it's own.
We're using this community package: Community::Organizations::NoDefaultVPC and installed it using org-formation as explained in these instructions: https://github.com/org-formation/aws-resource-providers/blob/master/ec2/no-default-vpc/installation.md#installation-using-org-formation-task
Next to that, we've supplied a task to deploy the stack (stackname: compliance-config) using this example: https://github.com/org-formation/aws-resource-providers/blob/master/ec2/no-default-vpc/example.yml
So our tasks look like this:
However, the defaultvpc's are removed the first time. But running the pipeline again having this task enabled causes the following errors:
I would expect org-formation to skip making changes if it detects that there are no default vpc's anymore. Now, it's causing the pipeline to slow down since it retries the tasks before giving up.
As a workaround, I've disabled the task.