DependsOn | Notion

AWS CloudFormation: Understanding the DependsOn Attribute

Purpose of DependsOn:
- The DependsOn attribute is used to define the creation order of AWS resources in a CloudFormation template.
- It ensures that certain resources are created only after the specified dependencies are successfully created.
Example Scenario:
- An EC2 instance and an RDS database instance are defined in a CloudFormation template.
- Without DependsOn, both resources would be created simultaneously.
- By adding DependsOn: DBInstance to the EC2 instance resource, the RDS database instance (DBInstance) will be created first, followed by the EC2 instance.

Resources:
  MyDBInstance:
    Type: 'AWS::RDS::DBInstance'
    Properties:
      AllocatedStorage: '5'
      DBInstanceClass: 'db.t2.small'
      Engine: 'mysql'
      EngineVersion: '5.6'
      MasterUsername: 'admin'
      MasterUserPassword: 'password'
      VPCSecurityGroups: 
        - !Ref MyDBSecurityGroup

  MyDBSecurityGroup:
    Type: 'AWS::RDS::DBSecurityGroup'
    Properties:
      GroupDescription: 'My database security group'
      EC2VpcId: 'vpc-1a2b3c4d'

  MyEC2Instance:
    Type: 'AWS::EC2::Instance'
    DependsOn: MyDBInstance
    Properties:
      InstanceType: 't2.micro'
      ImageId: 'ami-0abcdef1234567890'
      KeyName: 'my-key-pair'
      NetworkInterfaces:
        - AssociatePublicIpAddress: 'true'
          DeviceIndex: '0'
          SubnetId:
            - !Ref MyEC2SecurityGroup

  MyEC2SecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: 'My EC2 security group'
      VpcId: 'vpc-1a2b3c4d'

When to Use DependsOn:
- Use DependsOn when there is no direct reference (using Ref or Fn::GetAtt) between resources that should have a creation order.
- It is applicable to any resource in the template.
Template Example: 5-dependson.yml
- Contains two resources: an EC2 instance (MyEC2Instance) and an S3 bucket (MyBucket).
- The S3 bucket has a DependsOn attribute set to MyEC2Instance, ensuring the bucket is created after the EC2 instance.

Resources:
  MyS3Bucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      BucketName: 'my-s3-bucket'

  MyEC2Instance:
    Type: 'AWS::EC2::Instance'
    DependsOn: MyS3Bucket
    Properties:
      InstanceType: 't2.micro'
      ImageId: 'ami-0abcdef1234567890'
      KeyName: 'my-key-pair'
      NetworkInterfaces:
        - AssociatePublicIpAddress: 'true'
          DeviceIndex: '0'
          GroupSet:
            - !Ref MyEC2SecurityGroup
          SubnetId: 'subnet-1a2b3c4d'

  MyEC2SecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: 'My EC2 security group'
      VpcId: 'vpc-1a2b3c4d'

Observing DependsOn in Action:
- Upon uploading the template and initiating the stack creation, the EC2 instance is created first.
- The S3 bucket creation begins only after the EC2 instance reaches the CREATE_COMPLETE status.
DependsOn with Stack Deletion:
- The deletion order is also influenced by DependsOn.
- The S3 bucket will be deleted first, followed by the termination of the EC2 instance.

Summary

DependsOn is crucial for managing resource creation and deletion order in AWS CloudFormation.
It is particularly useful when there are no intrinsic function references between resources.
The attribute ensures that dependencies are respected, avoiding potential issues during stack creation and deletion.

Next Steps

Understand when to use DependsOn vs. intrinsic functions like Ref and Fn::GetAtt.
Practice creating templates with various dependencies to see how DependsOn affects the creation and deletion processes.