我有以下云信息模板:
Parameters:
SizeCondition1:
Type: String
Default: SizeCondition1
Description: >-
Enter the name of the size condition. Note names cannot be modified after
creation and must be alphanumeric without spaces.
SizeURI1:
Type: String
Default: '8192'
Description: Enter the size limit of the URI.
SizeQuery1:
Type: String
Default: '8192'
Description: Enter the size limit of the query string.
Resources:
WAFSizeCondition1:
Type: 'AWS::WAF::SizeConstraintSet'
Properties:
Name: !Ref SizeCondition1
SizeConstraints:
- FieldToMatch:
Type: QUERY_STRING
ComparisonOperator: GT
Size: !Ref SizeQuery1
TextTransformation: NONE
- FieldToMatch:
Type: URI
ComparisonOperator: GT
Size: !Ref SizeURI1
TextTransformation: NONE
WafRule:
Type: 'Custom::CustomResource'
Properties:
ServiceToken: !Join
- ''
- - 'arn:aws:lambda:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':function:WafLambdaTest'
Name: WAFRateTest1
RateLimit: '2000'
MetricName: WAFRateTest1
Predicates:
- DataId: !Ref WAFSizeCondition1
Negated: false
Type: SizeConstraint
当我触发 DELETE
事件时,我看到以下内容:
问题:
- 为什么 WafRule 首先删除?当之前无法删除时
WAFSizeCondition1
?如何在模板中声明依赖项以使WAFSizeCondition1
首先删除? - 为什么
WAFSizeCondition1
无法删除?它引用了哪些资源?这里如何正确处理资源删除?
最佳答案
- Cloudformation 将根据某些内部逻辑选择顺序。要影响其顺序,您可以使用 DependsOn 属性指定某种形式的依赖关系。例如:
WAFSizeCondition1:
类型:'AWS::WAF::SizeConstraintSet'
取决于:WafRule
- 您的自定义资源中存在错误,您没有显示如何编写函数,我怀疑您没有采取正确的步骤来删除它。根据the waf.delete_web_acl docs :
Permanently deletes a WebACL . You can't delete a WebACL if it still contains any Rules .
To delete a WebACL , perform the following steps:
Update the WebACL to remove Rules , if any. For more information, see UpdateWebACL .
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a DeleteWebACL request. Submit a DeleteWebACL request.
关于amazon-web-services - AWS CloudFormation 删除资源,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50347789/