OlafConijn
commented
3 years ago should primaryIdentitier become something similar to an arn?
arn:community:<service>:<region-or-empty>:<account>:<resource-type>/<resource-id>
Open OlafConijn opened 4 years ago
OlafConijn
commented
3 years ago should primaryIdentitier become something similar to an arn?
arn:community:<service>:<region-or-empty>:<account>:<resource-type>/<resource-id>
eduardomourar
commented
3 years ago i believe we can just simply use the account id as you suggested... we can use the arn if that is provided by the underlying api
OlafConijn
commented
3 years ago Nice, seems like a solution is in the making https://github.com/aws-cloudformation/aws-cloudformation-resource-schema/pull/86
OlafConijn
commented
3 years ago i believe we can just simply use the account id as you suggested... we can use the arn if that is provided by the underlying api
you mean either way is fine? i have a preference for the ARN-style syntax as it shows you the type of resource as well as whether it is specific to a region (or global).
eduardomourar
commented
3 years ago I have no issue in using the arn, but we should rename the primary id property to Arn then
OlafConijn
commented
3 years ago Mmm, yes...
eduardomourar
commented
3 years ago As part of building the arn, my only preference is to use a uuid v4 whenever the resource id is not the account id
OlafConijn
commented
3 years ago after having talked this through offline:
aws:community:partition:region:accountId:service:something)
There is quite a bit of examples where we create resource providers that change settings without an ARN and global to an account or account/region. At this moment there is no consistent implementation for the primaryIdentifier.
I think the best suggestion i have is to use awsAccountId for this. This has the benefit of CloudFormation ensuring there is no 2 resources that own the same setting (the combination ResourceType/primaryIdentifier needs to be unique within a region/account).
There is 1 undesired side-effect: If you change the logicalName of a resource with this type of ID CFN will create 2 operations:
CreateandDelete. Depending on the order this will fail: Create before delete will violate the uniqueness constraint. This is something CloudFormation users did/do get used to because it is how CFN works. arguable it is also the CFN behavior i find hardest to deal with....Is there a way around this? specify Deletes should go before Creates? Do them in parallel and retry the Create (max 3 times with backoff?)? any other suggestions?