Using the Cloudformation attribute DependsOn to control resource creation


Brett Gillett

By default, Amazon CloudFormation deploys resources defined in a template in parallel. When you think about it, this makes a lot of sense; deploying in parallel CloudFormation can reduce the amount of time it takes to create the services you’ve defined in your template.

In most cases, parallel deployment is acceptable, but what if you find yourself in a situation where you need a specific resource to be available before creating another? This is where the DependsOn attribute comes into play - it allows you to control the order of deployment within your template.

Here’s a simple scenario

EC2 and RDS in separate private subnets

In the diagram above, we have an RDS DB Instance and EC2 instance we need to deploy. In our scenario, we need the DB Instance to exist before the EC2 Instance.

Here’s how we can do that.

In our CloudFormation template, we define both resources and any attributes we need to be configured.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

Parameters:
  ...
  
Resources:
  ec2Instance0:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: !Ref imageId
      InstanceType: !Ref instanceType
      KeyName: !Ref keyName
      SecurityGroupsIds:
        - !Ref ec2SecurityGroupId
      SubnetId: !Ref privateSubnet0

  dbSubnetGroup0:
    Type: AWS::RDS::DBSubnetGroup
    Properties:
      DBSubnetGroupDescription: A sample subnet group
      SubnetIds:
        - !Ref privateSubnet0
        - !Ref privateSubnet1

  rdsInstance0:
    Type: AWS::RDS::DBInstance
    Properties:
      AllocatedStorage: !Ref storageSize
      DBInstanceClass: !Ref dbInstanceClass
      DBSubnetGroup: !Ref dbSubnetGroup
      Engine: !Ref engine
      EngineVersion: !Ref version
      MasterUserName: !Ref adminUser
      MasterUserPassword: !Ref adminPass
      MultiAZ: !Ref multiAz
      PubliclyAccessible: !Ref public
      StorageType: !Ref storageType
      VPCSecurityGroups:
        - !Ref rdsSecurityGroupId

While the snippet above is technically correct, CloudFormation will deploy the EC2, Subnet Group and RDS resources simultaneously.

To control the order, we just add the DependsOn attribute - in our situation, we’d add it to the RDS resource definition. This ensures that both the EC2 Instance and the Subnet Group are deployed before the RDS DB Instance.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

Parameters:
  ...
  
Resources:
  ec2Instance0:
    Type: AWS::EC2::Instance
    Properties:
      ...

  dbSubnetGroup0:
    Type: AWS::RDS::DBSubnetGroup
    Properties:
      ..

  rdsInstance0:
    Type: AWS::RDS::DBInstance
    DependsOn:
      - ec2Instance0
      - dbSubnetGroup0
    Properties:
     ..

The DependsOn attribute is a simple but powerful tool to help you control how CloudFormation deploys and configures resources in your AWS account. We use it frequently when building templates for our Infrastructure as Code service and for our customers.


Brett Gillett

Orbit

Like what you read? Why not subscribe to the weekly Orbit newsletter and get content before everyone else?