Cloudformation Resource Creation and Deletion Order
In this post, I will try to test experimentally and understand the order in which CloudFormation resources are created, updated and deleted. I will explore 3 different approaches, with and without CloudFormation resource dependencies, and finally nested stacks with dependencies.
Scenarios
These are the 3 scenarios:
Without dependencies between CloudFormation resources,
with dependencies between CloudFormation resources using the
DependsOn
attribute (or the equivalent syntax in CDK), and finallyby placing resources in nested stacks and enforcing dependencies at the nested stack level.
Experimental setup
The complete code used in this experiment can be found in this AWS CDK project on github.
I am using CloudFormation custom resources that allow me to run custom code and record the exact time a resource was created/updated/deleted. I record this information in an Amazon Timestream database.
The project contains a core stack, that defines the Timestream database and the custom resource provider. The lambda function of the custom resource provider handles the create/update/delete events for the custom resources and records the following information in the database
Time of event
The name of the resource
The version of the resource (this is an attribute that I change to trigger an update)
The type of the operation (create, update, delete)
The approach, i.e. one of the 3 scenarios mentioned above
This is a sample of records in the database
In the CDK project, apart from the core stack, I create one stack for every approach. Each stack creates a configurable amount of custom resources, this number is set to 10.
These are all the stacks created by the project. If you deployed my code and you see many nested stacks with long names, flip the switch "View nested" to off to see only non-nested stacks.
The experiment has 3 phases
Deploy all stacks: trigger the creation of resources
Increment the version number and deploy again: trigger the update of resources
Delete the stacks from the CloudFormation console: trigger the deletion of resources
In the last step, I do not delete the core stack yet. The core stack contains the Database with the collected data.
The results
It is time for the data to speak!
Scenario 1: Without dependencies
In this scenario, we do not enforce any dependencies between the resources.
The resources are created in no particular order, they are created in parallel.
I increment the version of the resources, which triggers an update. The updates happen in no particular order.
Finally, I delete the specific stack and the resources are deleted in parallel in no particular order.
Scenario 2: With dependencies
In this scenario, we use the DependsOn attribute
Resources:
Resource2:
...
Resource1:
...
DependsOn: Resource2
or in CDK the equivalent is
resource1.node.add_dependency(resource2)
Specifically, in our example, we create a chain of dependencies where resource-(n+1)
depends on resource-n
.
As we see in the data, the resources are created one by one in order from resource-1
to resource-10
.
The update is done in the same order from resource-1
to resource-10
while the deletion is performed in reverse order, i.e. starting with the last resource created resource-10
and finishing with resource-1
.
Scenario 3: Nested stacks with dependencies
In this scenario, I place the resources within nested stacks. Nested stacks would usually contain several resources, but in this example, I only place a single resource per nested stack.
I create a similar chain of dependencies with scenario 2, but this time at the nested stack level. In CloudFormation this is done with the same DependsOn
attribute (a nested stack is just another resource in the parent stack).
In CDK, this is done like this
nested_stack1.add_dependency(nested_stack2)
See here for the complete code of stack, including how to create nested stack with CDK.
Nested stacks are useful if your main CloudFormation stack is hitting one of the limits, e.g. size of the template or the number of resources per template.
Similarly to scenario 2, the resources are created in order from resource-1
to resource-10
Update of resources happens in the same order they have been created
and deletion happens in the reverse order, i.e. starting with the last resource created resource-10
.
Summary of results
In this post, I tested experimentally the order of creation/update/deletion of resources in CloudFormation.
When no dependencies are defined between resources, operations happen in parallel in no specific order.
Next, I defined dependencies using the DependsOn
attribute with 2 different approaches: dependencies at resource-level, or dependencies between nested stacks containing the resources.
When A <- B <- C <- D
(B
depends on A
, C
depends on B
, ...), then in both approaches
Resources are created in order
A
,B
,C
,D
Resources are updated in order
A
,B
,C
,D
Resources are deleted in order
D
,C
,B
,A