CloudFormation log group migration and UpdateReplacePolicy lessons

CloudFormation log group migration and UpdateReplacePolicy lessons

Hotovo Hotovo

Hotovo

We're a software development team... that delivers. #HotovoMeansDone

发布日期: 2024年12月9日
+ 关注

The other day, we decided to tidy up our CloudWatch Log Group names in AWS. We use CloudFormation for infrastructure deployment, so it seemed like a simple task.

Since logs are a big deal for troubleshooting, we wanted to make sure they wouldn’t be deleted during the migration. In CloudFormation, you can use DeletionPolicy: Retain to keep resources from being deleted when a stack or resource is removed. Confident in our setup, we made the change.

After testing in our environment and seeing the old log group still there, we pushed it to production.

That’s when things went sideways. The old log groups existed—but they were empty. Months of logs were gone.

We soon learned the hard way that renaming a resource in CloudFormation actually replaces it, and DeletionPolicy doesn’t cover this. Instead, you need UpdateReplacePolicy to keep the old resource. The kicker? The old log groups reappeared, but they’d been recreated by running resources during the deployment (like Lambdas).

Further reading: AWS CloudFormation Resource Attribute Reference

Dev Diary Dev Diary

Dev Diary

828 位关注者

订阅

要查看或添加评论,请登录

Hotovo的更多文章

社区洞察

其他会员也浏览了