Custom Resource with CloudFormation

Use Case

If you include execution of a Lambda in your CloudFormation template and you update your Lambda Code, CloudFormation will not execute your Custom Resource again unless it detects that the template or parameters have been changed. Here are two Workarounds to invoke Custom Resources after CFN Update.

Workaround 1: Include a Parameter

A very easy way to execute the Custom Resource every time when your Lambda changed is to add a parameter to your Custom Resource (eg. a timestamp, which will always be different) - if this parameter changes, the custom resources will automatically be executed again.

Parameters: 
  LambdaExecutionTimestamp:
    Type: String
    Default: 201906010800
    
 Resources:
   ExecuteLambda:
    Type: 'Custom::ExecuteLambda'
    Properties:
      ServiceToken: !GetAtt
        - Lambda
        - Arn
      Timestamp: !Ref LambdaExecutionTimestamp

Workaround 2: Use SNS to invoke the Custom Ressource

Use an SNS trigger to invoke your Custom Resource, when your Cloudformation Stack is updated.

CustomeResourcesviaSNS
Use SNS to invoke the Custom Ressource

Addtional Information: Handling AWS Cloudformation Events




CloudFormation security validation

Integrate cfn-nag to validate all CloudFormation files

Nov 15th 2019

Joao Carvalho

DevOps on AWS like a Rockstar

DevOps Automation on AWS

Jun 6th 2019

Alan Kiš