AWS CloudFormation CreationPolicy vs WaitCondition
Both CreationPolicy & WaitCondition are used to delay the creation of a CloudFormation stack. In this article, we’ll see the differences between the two & when their use is most appropriate.
WaitCondition is a Resource; CreationPolicy is an Attribute
WaitCondition is a CloudFormation resource in itself, whereas CreationPolicy is an attribute associated with other resources.
Currently, only AutoScalingGroup, EC2 Instance & WaitCondition resources support the CreationPolicy attribute.
Both WaitCondition & CreationPolicy delay the creation of the stack until they receive a specified number of “success signals”.
Typically, the success signals for a CreationPolicy are sent by an initialization script that runs on an EC2 instance immediately after it’s created. This script installs the application on the instance, configures it, starts it & finally uses the CloudFormation helper script cfn-signal to send a single success signal to its parent CreationPolicy. The CreationPolicy, in this case, can be configured to wait for more than 1 success signals, in case the init script is performing the set up in stages or in a loop.
While CreationPolicy causes the creation status of its parent resource to stay in CREATE_IN_PROGRESS, a WaitCondition on the other hand, being a resource in itself, waits in CREATE_IN_PROGRESS state, thus blocking the stack from reaching the CREATE_COMPLETE state.
Type: AWS::CloudFormation::WaitCondition Properties: Count: Integer Handle: String Timeout: String
CloudFormation holds this WaitCondition resource in CREATE_IN_PROGRESS state until either “Count” number of success signals are received, or “Timeout” has elapsed. The “Handle” is used by the cfn-signal helper script to specifically target this particular WaitCondition resource when it’s sending out the success signals.
CreationPolicy: AutoScalingCreationPolicy: MinSuccessfulInstancesPercent: Integer ResourceSignal: Count: Integer Timeout: String
CloudFormation holds this CreationPolicy’s parent resource in CREATE_IN_PROGRESS state until either “Count” number of success signals are received, or “Timeout” has elapsed. Timeout (default 5 minutes) can be a maximum of 12 hours, specified in the ISO 8601 duration format in the form “PT#H#M#S”, where each # is the number of hours, minutes, and seconds, respectively. When updating the stack, MinSuccessfulInstancesPercent % of the number of instances in the ASG need to signal success for the stack update to continue.
When you need to pause the creation of an EC2 instance or of multiple instances in an auto-scaling group & make the stack wait for applications to be installed & started on the instances, think CreationPolicy.
When you want to coordinate a resource creation with actions external to the stack, think WaitCondition with a DependsOn attribute on the resource.
A very helpful and well explaining document. In a short period, try to understand the all key concept with their use case scenario.
Suggestion -I found little trouble while reading the content on the screen. So you can Keep the font of the letter bold/bright so that it is easily visible and it will not strain the eyes.
Very precise and informative, makes concepts clear. Thank you.