Palo Alto Networks Knowledgebase: How to Update Your AWS CloudFormation Deployment Without Relaunching Your Cloud

How to Update Your AWS CloudFormation Deployment Without Relaunching Your Cloud

809
Created On 02/07/19 23:57 PM - Last Updated 02/07/19 23:57 PM
SaaS Security Cloud Services
Resolution

Inside AWS, after deploying your cloud formation template, you may find that some of your settings need to be tuned to better reflect your production resource requirements. When an adjustment is needed, there is a straight forward way to accomplish this with minimal to no impact to productity. In this article, we will walk through the steps to update settings for an already deployed template. But before we do that here are a few things to consider

 

- Do I have to edit the actual template?
No. AWS provides the option to "Update" your stack without having to edit the template

 

- Will the changes impact productivity?
This depends. If you need to make subnet changes then yes there will be an impact to productivity.

 

In this example, After deploying your template you find that you need two minimum instances per auto scale group and not the default setting of one.  

 

As you can see by the screenshot below, our cloud formation template has been successfully deployed

CFT_Deployed.PNG

 

The existing auto scale group has the desired and minimum value set to 1 instance

ASG.PNG

 

Take note of the instance ID's of the existing production vm-series firewalls

Firewalls.PNG

 

Now we will update the stack to reflect the desired settings

 

1. Navigate to the CloudFormation tab and under actions select "Update Stack"

step3.PNG

 

2. On the next page leave "Use current template" selected and click next 

step4.PNG

 

3. On the "Specify Details" page scroll down to the ASG Configuration and change the "Minimum VM-Series Instances" value to two 

 

step5.PNG

 

4. Click leave all defaults on the next pages by clicking next. On the very last page check the box to accept the acknowledgement and select update

step6.PNG

 

5. You will then see the template status change from update_in_progress to update_complete

step7_b.PNG

UPDATE_COMPLETE

Update_Complete.PNG

 

Note that your auto scale group now reflects the desired and minimum settings

step8.PNG

 

Important thing to note is that two new EC2 Instances were launched without termining the existing instances. Verify by matching the instance ID's from above

step9.PNG



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClDHCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language