DependsOn best practices in AWS Cloud Formation (example included)
What are the best practices for using Depends On in CloudFormation? I believe from what I read, it's not recommended to do so in Azure and to minimise it's use.
I want to put a DependsOn relationship between, for example, an ASG Policy, and an ASG Group.
In the above picture, you can see that ASG Policy has a field AutoScalingGroupName.
Therefore, ASG Policy depends on AutoScaling Group creation.
Would a depends On relationship exist between these two?
In general, any resource in a CloudFormation template that refers to another resource will automatically have an implied DependsOn.
For example:
PrivateRouteTable1:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: !Sub ${EnvironmentName} Private Routes (AZ1)
DefaultPrivateRoute1:
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTable1
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway1
DefaultPrivateRoute1 will have an implied DependsOn with PrivateRouteTable1 and NatGateway1.
So, the only time you particularly need to add a DependsOn is when there is no direct relationship, but there is an order of creation required. Here's an example of that:
InternetGateway:
Type: AWS::EC2::InternetGateway
Properties:
Tags:
- Key: Name
Value: !Ref EnvironmentName
NatGateway1EIP:
Type: AWS::EC2::EIP
DependsOn: InternetGatewayAttachment
Properties:
Domain: vpc
In this case, a DependsOn was defined between the Elastic IP Address and the InternetGateway. This is helpful because there is no direct relationship between an Elastic IP address and an Internet Gateway (which is linked to a VPC).
I have seen situations where an Amazon EC2 instance had failures in its User Data script because other resources were not 'ready', so the script was unable to access the Internet. It can be difficult to diagnose such situations because they can be transient. Therefore, you might want to specifically add some DependsOn references where there is no directly reference between required resources.
- How to use MFA with AWS CLI?
- How do I get the URL for the item using the Amazon API
- How to make links work with exported sites when hosted on AWS Cloudfront?
- Error launching CloudFormation Template for CloudHSM
- Glacier as Resource in CloudFormation template?
- how to secure keys for API calls from android device to amazon services
- Why is this IAM policy denying access with an MFA session?
- AWS Lambda Function Trigger API Gateway Issue
- GetMyFeesEstimate API Amazon vba
- AWS Cloudformation !Ref SecurityGroup returns an invalid ID
- How to set up AWS Client VPN with Keycloak as IdP
- How to view/identify which process taking how much memory?
- using bottlenose in python to extract product price from Amazon in different locale
- Unable to delete cfn stack, role is invalid or cannot be assumed
- How to Set Up Account Linking for a Skill using Alexa API from Amazon?
- GitHub actions "aws: not found" error on ubuntu-latest with Godot CI
- Download file from S3 to Rails 4 app
- Cloudfront (CDN) with Internal Application Load Balancer
- Connecting private load balancer to cloud front distribution?
- Request to Amazon API with delphi : Got HTTP/1.1 403 Forbidden
- Amazon QuickSight Connects Over Internet Instead of VPC to Public Redshift Cluster
- Shift Lambda infrastructure to ECS
- IAM policy to allow EC2 instance API access only to modify itself
- How to match these 2 tables?
- What is the best way of getting files from AWS S3, inserting them into zip and uploading that zip to the bucket?
- What does this mean? An error occurred (SignatureDoesNotMatch) when calling the GetCallerIdentity operation: Signature expired
- AWS ElastiCache in cluster mode has no Primary / Reader endpoints
- How to query: filtering on multiple primary partition keys and range on primary sort key
- How can I get boto3 script to run as a Lambda function?
- Testing AWS CDK Applications Locally