How do I set up single stack ownership of an AWS::StepFunctions::Activity resource in CloudFormation?

4 minute read
0

I want my AWS::StepFunctions::Activity resource to be maintained by a single stack only in AWS CloudFormation.

Short description

You can maintain ownership of an AWS::StepFunctions::Activity resource from multiple stacks. For example, you can create StackA with the first CloudFormation template and StackB with the second template.

Template for StackA:

AWSTemplateFormatVersion: "2010-09-09"
Description: Template for StackA
Resources:
  MyActivity:
    Type: AWS::StepFunctions::Activity
    Properties:
      Name: myActivity

Template for StackB:

AWSTemplateFormatVersion: "2010-09-09"
Description: Template for StackB
Resources:
 MyActivityDuplicate:
 Type: AWS::StepFunctions::Activity
 Properties:
 Name: myActivity
 Tags:
 - Key: Key1
   Value: Val1
....

StackA and StackB will both show the resource as CREATE_COMPLETE. However, the Activity resource referenced in StackA and StackB has the properties that are defined in the template for StackA. The operation appears successful, but the resource's properties don't match the template used by StackA. When either one of the stacks is deleted, the activity is also deleted. There is no indication in the other stack(s) that the resource no longer exists.

It's a best practice when using CloudFormation to make sure that a shared resource has its configuration maintained in a single CloudFormation stack. Doing so provides a single source of truth for the configuration of the resource. The CloudFormation stack that maintains the shared resource can provide the resource's Amazon Resource Name (ARN) as a stack output. Then, any other stacks that depend upon the shared resource can reference the shared resource, such as Step Functions activity. For more information on cross-stack references, see Walkthrough: Refer to resource outputs in another AWS CloudFormation stack.

Resolution

To resolve the issue, complete the following steps for each AWS::StepFunctions::Activity resource being maintained in multiple stacks:

1.    Identify the ARNs shared in the AWS Personal Health Dashboard of the CloudFormation stacks that maintain the AWS::StepFunctions::Activity resource.

2.    Designate one of the stacks as the single stack to maintain the activity going forward.

Complete the following steps within the identified stack:

1.    If there is no Outputs section in your CloudFormation template, then add an Outputs section to your template.

2.    Add a new output to the Outputs section. Your new output must include the following:

  • A unique logical ID for the output. For example: MyActivityArn. You use your unique logical ID as the key for the output within the Outputs section of your template.

  • A Value property within the stack output. The Value property uses Ref with the logical ID of the activity as its argument to retrieve the activity's ARN.

  • An Export property to the stack output, with its value as an object with a single Name property. The Name property's value is a string used to reference this activity's ARN from other CloudFormation stacks. For example:

AWSTemplateFormatVersion: "2010-09-09"
Description: Template for StackA
Resources:
  MyActivity:
    Type: AWS::StepFunctions::Activity
    Properties:
      Name: myActivity
Outputs:
  MyActivityArn:
    Value: 
      Ref: MyActivity
    Export:
      Name: MyActivityArn

3.    Update your stack with the preceding changes.

4.    Validate that the resources referencing the activity are still using the correct ARN.

Complete the followings steps for each stack that references the activity resource:

1.    In the CloudFormation console, identify the logical ID of the activity resource on the Resources tab for your stack.

2.    Add a DeletionPolicy property to the activity's resource declaration, if the property isn't there already. Set the value to Retain. For example:

AWSTemplateFormatVersion: "2010-09-09"
Description: Template for StackB
Resources:
  MyActivityDuplicate:
    Type: AWS::StepFunctions::Activity
    DeletionPolicy: Retain
    Properties:
      Name: myActivity
      Tags:
        - Key: Key1
          Value: Val1
...

3.    Update your stack with the preceding changes.

4.    Determine which other resources in the template are referencing this activity's ARN.

5.    For each of the resources that you identified in step 4, replace the reference to the activity's ARN with the Fn::ImportValue intrinsic function. Pass the export name that you specified when you created a new output earlier as the intrinsic function's argument. For example:

AWSTemplateFormatVersion: "2010-09-09"
Description: Template for StackB
Resources:
  # MyActivityDuplicate:
  #   DeletionPolicy: Retain
  #   Type: AWS::StepFunctions::Activity
  #   Properties:
  #     Name: myActivity
  #     Tags:
  #       - Key: Key1
  #         Value: Val1
  MyStateMachine:
    Type: AWS::StepFunctions::StateMachine
    Properties:
      StateMachineName: MyStateMachine
      RoleArn: arn:aws:iam::111122223333:role/service-role/StatesExecutionRole-us-east-1
      DefinitionString: 
        Fn::Sub:
          - |
              {
                "Comment": "An example using a Task state.",
                "StartAt": "getGreeting",
                "Version": "1.0",
                "TimeoutSeconds": 300,
                "States":
                {
                  "getGreeting": {
                    "Type": "Task",
                    "Resource": "${ActivityArn}",
                    "End": true
                  }
                }
              }
          - ActivityArn:
              Fn::ImportValue: MyActivityArn

6.    Remove the entry for the activity in the Resources section.

7.    Update your stack with the preceding changes.

8.    Validate that the resources referencing the activity are still using the correct ARN.


AWS OFFICIAL
AWS OFFICIALUpdated 3 years ago