AWS CloudFormation删除资源

Question

I have following cloudformation template: 我有以下cloudformation模板：

Parameters:
  SizeCondition1:
    Type: String
    Default: SizeCondition1
    Description: >-
      Enter the name of the size condition. Note names cannot be modified after
      creation and must be alphanumeric without spaces.
  SizeURI1:
    Type: String
    Default: '8192'
    Description: Enter the size limit of the URI.
  SizeQuery1:
    Type: String
    Default: '8192'
    Description: Enter the size limit of the query string.
Resources:
  WAFSizeCondition1:
    Type: 'AWS::WAF::SizeConstraintSet'
    Properties:
      Name: !Ref SizeCondition1
      SizeConstraints:
        - FieldToMatch:
            Type: QUERY_STRING
          ComparisonOperator: GT
          Size: !Ref SizeQuery1
          TextTransformation: NONE
        - FieldToMatch:
            Type: URI
          ComparisonOperator: GT
          Size: !Ref SizeURI1
          TextTransformation: NONE
  WafRule:
    Type: 'Custom::CustomResource'
    Properties:
      ServiceToken: !Join 
        - ''
        - - 'arn:aws:lambda:'
          - !Ref 'AWS::Region'
          - ':'
          - !Ref 'AWS::AccountId'
          - ':function:WafLambdaTest'
      Name: WAFRateTest1
      RateLimit: '2000'
      MetricName: WAFRateTest1
      Predicates:
        - DataId: !Ref WAFSizeCondition1
          Negated: false
          Type: SizeConstraint

When I fire DELETE event I see following: 当我触发DELETE事件时，我看到以下内容：

Questions: 问题：

Why does WafRule delete first? 为什么WafRule首先删除？ When it can not be removed before WAFSizeCondition1 ? 当无法在WAFSizeCondition1之前将其删除WAFSizeCondition1 ？ How can I declare dependency in the template to make WAFSizeCondition1 deletes first? 如何在模板中声明依赖关系以使WAFSizeCondition1首先删除？
Why WAFSizeCondition1 can not be deleted? 为什么WAFSizeCondition1无法删除？ By which resource it referenced? 它引用了哪些资源？ How to handle Resources deletion correctly here? 在这里如何正确处理资源删除？

Answer 1

Cloudformation will choose an order based on some internal logic. Cloudformation将基于一些内部逻辑选择一个订单。 To influence its order, you can specify some form of dependency with the DependsOn attribute. 为了影响其顺序，您可以使用DependsOn属性指定某种形式的依赖关系。 eg: 例如：

WAFSizeCondition1: WAFSizeCondition1：

Type: 'AWS::WAF::SizeConstraintSet' 类型：“ AWS :: WAF :: SizeConstraintSet”

DependsOn: WafRule 取决于：WafRule

There's a bug in your custom resource, you didn't show how you wrote your function and I suspect you didn't take the correct steps to delete it. 您的自定义资源中存在一个错误，您没有展示如何编写函数，我怀疑您没有采取正确的步骤删除它。 According to the waf.delete_web_acl docs : 根据waf.delete_web_acl docs ：

Permanently deletes a WebACL . 永久删除WebACL。 You can't delete a WebACL if it still contains any Rules . 如果WebACL仍然包含任何规则，则无法删除。

To delete a WebACL , perform the following steps: 要删除WebACL，请执行以下步骤：

Update the WebACL to remove Rules , if any. 更新WebACL以删除“规则”（如果有）。 For more information, see UpdateWebACL . 有关更多信息，请参见UpdateWebACL 。

Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a DeleteWebACL request. 使用GetChangeToken获取在DeleteWebACL请求的ChangeToken参数中提供的更改令牌。 Submit a DeleteWebACL request. 提交DeleteWebACL请求。

AWS CloudFormation删除资源

问题描述

1 个解决方案

解决方案1
1 已采纳 2018-05-16 05:28:21

AWS CloudFormation删除资源

问题描述

1 个解决方案

解决方案1 1 已采纳 2018-05-16 05:28:21

解决方案1
1 已采纳 2018-05-16 05:28:21