Hash in the Logical Id of the resources in CDK/Cloudformation

Question

Whenever I generate cloudformation template from CDK, I see that in logical ids, it adds some kind of Hash. What does that Hash mean? Eg.

Test4FCEEF4A

How does this Hash 4FCEEF4A gets generated?

That's the physical resource id. – 404 Jun 24 '19 at 10:16 — 404, Jun 24 '19 at 10:16

score 8 · Accepted Answer · answered Nov 27 '19 at 12:56

8

The logical IDs for resources are set using the allocateLogicalId method which you can find here. It calls the makeUniqueId method which you can find here. In the makeUniqueId method, it creates a hash component of the logical ID and a human-readable component of the logical ID. It uses the crypto library to create an md5 hash using path, which it gets from the IDs of the nodes of the CfnElement and returns a hex value. So the Hash 4FCEEF4A you see is the hash component that is created in the makeUniqueId method.

answered Nov 27 '19 at 12:56

ehdusjenny

146
2
6

2

Just to add to this answer. The MD5 hash suffix can become a bit of a problem. For example if you are migrating from Terraform to CDK and you don't want names to have to change. The best approach to solve this (not very well documented) is to override the allocateLogicalId method and strip out the last 8 characters (MD5) hash from the name created by the default scheme. Hope this saves someone some time in the future. – Sarel Esterhuizen Nov 23 '20 at 05:25
I'm trying to understand why this hash is important, and what harm would come from overriding (removing) them. Thoughts? – Josh M. Nov 01 '22 at 19:20
Also, if the hash is calculated from the construct's "full path", then isn't that already unique? If two constructs of the same name are given, they get the same hash, so what's the point? – Tuukka Mustonen Jan 26 '23 at 09:28
@TuukkaMustonen "The hash is necessary to distinguish distinct paths, such as A/B/C and A/BC, that would result in the same AWS CloudFormation identifier. AWS CloudFormation identifiers are alphanumeric and cannot contain slashes or other separator characters." - https://docs.aws.amazon.com/cdk/v2/guide/identifiers.html – Scott Lamb Mar 15 '23 at 23:12
Unless I'm mistaken, that's only needed if you set duplicate IDs for sibling elements (which sounds like a bad idea). If CDK ensured the uniqueness of the IDs, then hash would not be needed. – Tuukka Mustonen Mar 17 '23 at 13:51

Hash in the Logical Id of the resources in CDK/Cloudformation

1 Answers1

Linked