[AWS::EC2::Instance] - [Enhancement] - Prevent Resource Duplication When DeletionProtection Is Enabled #2226
Labels
enhancement
New feature or request
Comments
pirothat
changed the title
pirothat
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Name of the resource
AWS::EC2::Instance
Resource name
DeletionProtectionBehaviorOnUpdate
Description
Issue Description
When attempting to update an EC2 instance with DeletionProtection enabled via CloudFormation, a new instance is created instead of replacing the existing one. The original instance remains intact, which results in resource duplication and potential cost overruns. This behavior is unexpected and does not align with the typical behavior of CloudFormation updates.
Expected Behavior
If DeletionProtection is enabled and the update requires the instance to be replaced, the CloudFormation stack update should fail and roll back. This ensures that no new instance is created unless the existing instance can be properly replaced.
Observed Behavior
During the update process:
A new EC2 instance is created.
The original EC2 instance is retained due to DeletionProtection.
CloudFormation completes the stack update with errors , leaving both the original and new instances active.
Test Cases
Create an EC2 instance with DeletionProtection enabled via CloudFormation.
Update the instance's ImageId or other attribute that triggers a replacement.
Observe whether a new instance is created and the old instance remains due to DeletionProtection.
Other Details
・This behavior can cause unexpected costs and complicate resource management.
・It contradicts the principle of stack consistency, where updates should either succeed or roll back.
・Suggested fix: Ensure that when DeletionProtection prevents an instance replacement, the stack update fails and rolls back instead of creating a new instance.
The text was updated successfully, but these errors were encountered: