使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

How can I automatically add termination protection to stacks launched using service catalog?

0

Hi,

We are launching stacks using service catalog (via the Java client, as it happens). We'd like to enable termination protection for each stack that gets launched.

I'm struggling to find out how... possibilities:

  • It's a parameter to the provision product API call - but I can't see it if so
  • It's defined in the product's definition - but I can't see where if so
  • We should turn it on with a subsequent API call after the product is provisioned?

Just to muddy the waters further, we actually create the product stack and the product via the Java CDK - there is actually a a setTerminationProtection setter on software.amazon.awscdk.services.servicecatalog.ProductStack but setting it to true doesn't actually affect the CloudFormation template that gets generated 🤷‍♂️.

  • Rob Elliot
    7 个月前

    Trying the third option, but just getting from the result of serviceCatalogClient.provisionProduct to an actual cloudformation stack in the AWS SDK v2 seems to be a labour of Hercules - bafflingly complicated.

主题
管理与治理AWS 云开发工具包 (CDK)
标签
AWS CloudFormationAWS Service CatalogAWS 云开发工具包 (CDK)
语言
English
Rob Elliot
已提问 7 个月前248 查看次数
1 回答
0
已接受的回答

Edit - updated to retry until the stack arn is present on the record outputs...

The only solution I've so far found is to set it immediately after creation using the SDK.

import software.amazon.awssdk.services.cloudformation.CloudFormationClient
import software.amazon.awssdk.services.cloudformation.model.UpdateTerminationProtectionRequest
import software.amazon.awssdk.services.servicecatalog.ServiceCatalogClient
import software.amazon.awssdk.services.servicecatalog.model.DescribeRecordRequest
import software.amazon.awssdk.services.servicecatalog.model.ProvisionProductRequest
import java.time.Duration
import java.time.Instant.now

val serviceCatalogClient = ServiceCatalogClient.create()
val cloudFormationClient = CloudFormationClient.create()

val provisionProductResponse = serviceCatalogClient.provisionProduct(ProvisionProductRequest.builder()
   // TODO add params!
  .build()
)

var stackArn: String? = null
val timeout = now() + Duration.ofSeconds(20)

while (stackArn == null && now() < timeout) {
  Thread.sleep(Duration.ofSeconds(1).toMillis())
  val record = serviceCatalogClient.describeRecord(DescribeRecordRequest.builder()
    .id(provisionProductResponse.recordDetail().recordId())
    .build()
  )
  stackArn = record
    .recordOutputs()
    ?.singleOrNull { it.outputKey() == "CloudformationStackARN" }
    ?.outputValue()
}

if (stackArn != null) {
  cloudFormationClient.updateTerminationProtection(UpdateTerminationProtectionRequest.builder()
    .stackName(stackArn)
    .enableTerminationProtection(true)
    .build()
  )
}
Rob Elliot
已回答 7 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容