问题
I have create a cloudformation template that creates one SNS::Topic and bunch of other resources. Problem now is that when i try to update the stack, it fails with the following error
"Update to resource type AWS::SNS::Topic is not supported"
Stack Policy is:
{
"Statement" : [
{
"Effect" : "Deny",
"Action" : "Update:*",
"Principal": "*",
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"ResourceType" : ["AWS::SNS::Topic", "AWS::EC2::Subnet"]
}
}
},
{
"Effect" : "Allow",
"Action" : "Update:*",
"Principal": "*",
"Resource" : "*"
}
]
}
CF Template is
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "......",
"Resources": {
"MySNSTopic":{
"Type":"AWS::SNS::Topic",
"Properties":{
"DisplayName": "",
"Subscription": [ ],
"TopicName": { "Fn::Join": [ "-", [ "Simple", "sns", "topic" ] ] }
}
}
}
Is there anything (even hackable) that i can change to let aws complete the aws update stack without deleting/modifying sns_topic?
回答1:
I believe the error message Update to resource type AWS::SNS::Topic is not supported is not complaining about your permissions, but about the limitations of CloudFormation templates for SNS Topics.
The documentation for SNS resource templates states the following:
Important
After you create an Amazon SNS topic, you cannot update its properties by using AWS CloudFormation. You can modify an Amazon SNS topic by using the AWS Management Console.
Instead, you might try adding a new topic, switching clients to use the new topic, then deleting the old topic. If you are paranoid, you could do those in separate updates.
回答2:
This will also happen if you try to change topic subscriptions. If it is an option for you, just change topic's name in the template and it'll be recreated.
来源:https://stackoverflow.com/questions/34330845/not-able-to-update-cloudformation-stack-when-having-aws-snstopic-resource