Understanding use of CloudFormation cfn-signal


From the AWS docs


A common usage pattern is to use cfn-init and cfn-signal together. The
cfn-signal call uses the return status of the call to cfn-init (using
the $? shell construct). If the application fails to install, the
instance will fail to create and the stack will rollback.

Below is my stack

It creates the EC2 Instance and runs the cfn-init defined as Instance Metadata, Installs the httpd and copies the index.html file to /var/www/html/index.html

Although stack created the EC2 Instance and reached to CREATE_COMPLETE state, but when I check the System Logs for the Instance from EC2 console. I see an error on cfn-signal , looks like Cloudformation stack was already reached to CREATE_COMPLETE state hence signaling after CREATE_COMPLETE doesn’t make sense

Also If I remove the cfn-signal altogether and just cfn-init to run the Init Metadata script it works the same, stack reaches to CREATE_COMPLETE after creating the Instance.

Again from the docs

You use the cfn-signal script in conjunction with a CreationPolicy or
an Auto Scaling group with a WaitOnResourceSignals update policy. When
AWS CloudFormation creates or updates resources with those policies,
it suspends work on the stack until the resource receives the
requisite number of signals or until the timeout period is exceeded.

But I’m not clear on when and how we should use cfn-signal?


I was missing the CreationPolicy with my cfn-signal, since I was not using CreationPolicy to wait for Bootstrapping on EC2 Instance to complete and Cloudformation stack was already reached to CREATE_COMPLETE state, signaling success after stack was already reached to CREATE_COMPLETE was giving error. I attached the CreationPolicy on EC2 resource so that Cloudformation waits for 1 signal within 5 minutes before proceeding with stack. This solved the problem.
Below is the updated stack with CreationPolicy

Leave a Reply