AWS CloudFormation CreationPolicy vs WaitCondition


Both CreationPolicy & WaitCondition are used to delay the creation of a CloudFormation stack. In this article, we’ll see the differences between the two & when their use is most appropriate.

WaitCondition is a Resource; CreationPolicy is an Attribute

WaitCondition is a CloudFormation resource in itself, whereas CreationPolicy is an attribute associated with other resources.

Currently, only AutoScalingGroup, EC2 Instance & WaitCondition resources support the CreationPolicy attribute.

Both WaitCondition & CreationPolicy delay the creation of the stack until they receive a specified number of “success signals”.

Typically, the success signals for a CreationPolicy are sent by an initialization script that runs on an EC2 instance immediately after it’s created. This script installs the application on the instance, configures it, starts it & finally uses the CloudFormation helper script cfn-signal to send a single success signal to its parent CreationPolicy. The CreationPolicy, in this case, can be configured to wait for more than 1 success signals, in case the init script is performing the set up in stages or in a loop.

While CreationPolicy causes the creation status of its parent resource to stay in CREATE_IN_PROGRESS, a WaitCondition on the other hand, being a resource in itself, waits in CREATE_IN_PROGRESS state, thus blocking the stack from reaching the CREATE_COMPLETE state.

Syntax

WaitCondition

Type: AWS::CloudFormation::WaitCondition
Properties: 
  Count: Integer
  Handle: String
  Timeout: String

CloudFormation holds this WaitCondition resource in CREATE_IN_PROGRESS state until either “Count” number of success signals are received, or “Timeout” has elapsed. The “Handle” is used by the cfn-signal helper script to specifically target this particular WaitCondition resource when it’s sending out the success signals.

CreationPolicy

CreationPolicy:
  AutoScalingCreationPolicy:
    MinSuccessfulInstancesPercent: Integer
  ResourceSignal:    
    Count: Integer
    Timeout: String

CloudFormation holds this CreationPolicy’s parent resource in CREATE_IN_PROGRESS state until either “Count” number of success signals are received, or “Timeout” has elapsed. Timeout (default 5 minutes) can be a maximum of 12 hours, specified in the ISO 8601 duration format in the form “PT#H#M#S”, where each # is the number of hours, minutes, and seconds, respectively. When updating the stack, MinSuccessfulInstancesPercent % of the number of instances in the ASG need to signal success for the stack update to continue.

Use Cases

When you need to pause the creation of an EC2 instance or of multiple instances in an auto-scaling group & make the stack wait for applications to be installed & started on the instances, think CreationPolicy.

When you want to coordinate a resource creation with actions external to the stack, think WaitCondition with a DependsOn attribute on the resource.

Leave a Reply