Cloudformation-coverage-roadmap: AWS::RDS::DBCluster with it's associated AWS::Logs::LogGroup error

Created on 23 Sep 2019  路  2Comments  路  Source: aws-cloudformation/cloudformation-coverage-roadmap

This is not specifically about a new attribute or a new option to support. So the issue temple does not feat really well in this case.

When creating a new AWS::RDS::DBCluster the cluster immediately starts logging in /aws/rds/cluster/${DBCluster}/error and then it is impossible to explicitly create the AWS::Logs::LogGroup in the CloudFormation template as the resource exists as soon as the DBCluster is created.

Here is an example that fails with this error:

CREATE_FAILED /aws/rds/cluster/apviz-api-sql-test-dbcluster-xxxxx/error already exists

  DBCluster:
    Type: AWS::RDS::DBCluster
    Properties:
      DatabaseName: foo
      Engine        : aurora
      EngineMode    : serverless
      EngineVersion : 5.6.10a

  DBClusterLogGroupError:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: !Sub /aws/rds/cluster/${DBCluster}/error
      RetentionInDays: 90

As you can see in order to create the log group, I need the DB cluster name... but the DB cluster will create the log group implicitly before I can create it explicitly using AWS::Logs::LogGroup.

Is there a workaround?

Or should we think about a new CloudFormation feature? Something like a way to "upsert" a AWS::Logs::LogGroup resource? Not failing if the log group already exists but update it. I'm not sure that's a good idea. 馃

Or maybe a new resource that sets the default properties of any AWS::Logs::LogGroup created with a prefix e.g. /aws/rds/cluster/* 馃憤

For example we could have:

  LogGroupDefaultProperties:
    Type: AWS::Logs::LogGroupDefaultProperties
    Properties:
      LogGroupPattern: /aws/rds/cluster/*/error
      RetentionInDays: 90

Edit: Maybe it's much more of a AWS::Logs::LogGroup issue

database
Source
picture yvele
👍7

Most helpful comment

I ran into this today.

Having an Aurora MySQL database with audit logs enabled, I am unable to update my existing CFN stack with an AWS::Logs::LogGroup to specify a log retention period as infrastructure as code.

I think a nice solution would be to give AWS::RDS::DBCluster an explicit attribute for referencing an AWS::Logs::LogGroup instead of defining the log group name implicitly.

picture schuch on 20 Jul 2020
👍41

All 2 comments

I have not been able to reproduce this error, I was able to create rds log groups with CloudFormation for both serverless/provisioned. Has this issue perhaps been (silently) resolved, or is it perhaps a race condition between CFN/RDS that might be producing unpredictable behaviour ?

georgej-github picture georgej-github on 3 Jun 2020

I ran into this today.

Having an Aurora MySQL database with audit logs enabled, I am unable to update my existing CFN stack with an AWS::Logs::LogGroup to specify a log retention period as infrastructure as code.

I think a nice solution would be to give AWS::RDS::DBCluster an explicit attribute for referencing an AWS::Logs::LogGroup instead of defining the log group name implicitly.

schuch picture schuch on 20 Jul 2020
👍41
Was this page helpful?
0 / 5 - 0 ratings

Related issues

TheDanBlanco picture TheDanBlanco  路  3Comments
JohnPreston picture JohnPreston  路  3Comments
hoegertn picture hoegertn  路  4Comments
seansummers picture seansummers  路  3Comments
johnkoehn picture johnkoehn  路  3Comments