1

For example, I created a LAMP stack with multiple EC2 instances using Cloud Formation. Now, I just want to assign a temporary Security Group to one of the instances for next day or two. Can I do this via AWS Console? Will this cause any issues with future Cloud Formation update?

starchx
  • 533
  • 10
  • 24

3 Answers3

1

You can use the AWS Management Console to update pretty much any aspect of an AWS CloudFormation stack, see Updating a Stack. While the most common approach is to have things that are anticipated to change modeled as input parameters, it is also possible to modify the stack template itself in principle:

If you want to modify resources and properties that are declared in a stack template, you must modify the stack's template. To ensure that you update only the resources that you intend to update, use the template for the existing stack as a starting point and then make your updates to that template. [...]

However, as hinted upon already, not every change is allowed, and the effect varies:

If your template includes an unsupported change, AWS CloudFormation returns a message saying that the change is not permitted. This message might occur asynchronously, however, because resources are created and updated by AWS CloudFormation in a non-deterministic order by default.

Each property of every AWS Resource Type specifically states whether or not a resource can be changed and whether an update requires No Interruption, Some Interruption or a Replacement (see section Updates to stack resources in AWS CloudFormation Stacks Updates for details).

Steffen Opel
  • 5,638
  • 37
  • 55
0

Quick answer yes.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html#cfn-ec2-securitygroup-securitygroupingress

This type supports updates. For more information about updating stacks, see AWS CloudFormation Stacks Updates.

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks.html

It is not totally clear in the documentation if you can do this without interruption however I know if you were to add the ingress rule to the security group by hand in the AWS web console (a test I have performed in the past, but not recommended as it causes divergence between your cloud formation script and the actual running code) it will cause you zero interruption.

Sam
  • 617
  • 1
  • 6
  • 14
0

Yes, you can use the AWS console to modify anything that was created by CloudFormation. You can also use different CloudFormation templates to launch various AWS resources. Here's how: enter link description here

Megan Usher
  • 1
  • 1
    what does that "how" say? – Pierre.Vriens May 25 '17 at 18:52
  • Hi Megan. Welcome to ServerFault. Can you make your answer stand on its own? Links tend to go stale over time. https://meta.stackexchange.com/questions/8231/are-answers-that-just-contain-links-elsewhere-really-good-answers – chicks Jun 02 '17 at 21:39