Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Termination Protection is not Enabled for Existing Stacks when Create Change Set is Enabled #2149

Open
1 task done
jmwyson opened this issue Jun 25, 2024 · 2 comments
Open
1 task done

Termination Protection is not Enabled for Existing Stacks when Create Change Set is Enabled #2149

jmwyson opened this issue Jun 25, 2024 · 2 comments
Labels
backlog jira

Comments

@jmwyson
Copy link

jmwyson commented Jun 25, 2024
edited
Loading

Summary

When both create_changeset and termination_protection are set when calling the cloudformation module, the termination_protection is not configured for the stack.

The problem seems to be the if logic in https://github.com/ansible-collections/amazon.aws/blob/52d3965188d45841495c1721aaf1615d08d6874d/plugins/modules/cloudformation.py#L779C1-L787C110 where if create changeset is enabled, then the "else" where the termination protection is updated, is not executed.

Issue Type

Bug Report

Component Name

cloudformation

Ansible Version

ansible [core 2.15.10]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/runner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /home/runner/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.9.18 (main, Sep 22 2023, 17:58:34) [GCC 8.5.0 20210514 (Red Hat 8.5.0-20)] (/usr/bin/python3.9)
  jinja version = 3.1.3
  libyaml = True

Collection Versions

# /usr/share/ansible/collections/ansible_collections
Collection                    Version
----------------------------- -------
amazon.aws                    7.5.0  
ansible.windows               2.3.0  
community.aws                 7.2.0  
community.general             8.6.0

AWS SDK versions

WARNING: Package(s) not found: boto
Name: boto3
Version: 1.29.0
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email: None
License: Apache License 2.0
Location: /usr/local/lib/python3.9/site-packages
Requires: botocore, jmespath, s3transfer
Required-by: cloudformation-cli, aws-sam-translator
---
Name: botocore
Version: 1.34.90
Summary: Low-level, data-driven core of boto 3.
Home-page: https://github.com/boto/botocore
Author: Amazon Web Services
Author-email: None
License: Apache License 2.0
Location: /usr/local/lib/python3.9/site-packages
Requires: urllib3, jmespath, python-dateutil
Required-by: s3transfer, cloudformation-cli, boto3

Configuration

No response

OS / Environment

No response

Steps to Reproduce

- name: Deploy CloudFormation Stack
  cloudformation:
    stack_name: my-stack
    template: "mytemplate.yml"
    on_create_failure: DELETE
    state: present
    create_changeset: true
    profile: "my-aws-profile"
    region: us-east-1
    termination_protection: true

Expected Results

For an existing stack, the stack should have termination protection enabled.

Actual Results

For an existing stack, termination protection is not enabled.

Code of Conduct

  • I agree to follow the Ansible Code of Conduct
@gravesm
Copy link
Member

gravesm commented Jul 2, 2024

@jmwyson Thanks for filing an issue. Would you be willing to create a PR for this?

@mandar242
Copy link
Contributor

Hi @jmwyson thanks for filing the issue. Could you please let me know the following

  • Are you still facing the error?
  • Do you encounter the issue when creating a completely new cloudformation stack with create_changeset and termination_protection enabled? or when working with a stack that already exists?
  • What version amazon.aws are you on currently? (issue mentioned 7.5)

From my testing locally, I am unable to reproduce the issue and am able achieve the expected result when creating a new cloudformation stack. Could you please provide more detailed example for reproducing the issue?
Playbook task used for testing is

    - name: Deploy CloudFormation Stack
      amazon.aws.cloudformation:
        stack_name: xxx-aaws-2149-stack
        template: cloudformation-example-template.json
        template_parameters:
          InstanceType: "t2.micro"
          ImageId: "ami-xxxxx"
          SubnetId: "subnet-xxxxx"
        on_create_failure: DELETE
        state: present
        create_changeset: true         #<----------- create_changeset
        # profile: "my-aws-profile"
        region: ca-central-1
        termination_protection: true #<----------- termination_protection

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backlog jira
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gravesm @jmwyson @mandar242 @GomathiselviS