Palo Alto Networks Knowledgebase: How to Update Your AWS CloudFormation Deployment Without Relaunching Your Cloud
How to Update Your AWS CloudFormation Deployment Without Relaunching Your Cloud
Created On 02/07/19 23:57 PM - Last Updated 02/07/19 23:57 PM
Inside AWS, after deploying your cloud formation template, you may find that some of your settings need to be tuned to better reflect your production resource requirements. When an adjustment is needed, there is a straight forward way to accomplish this with minimal to no impact to productity. In this article, we will walk through the steps to update settings for an already deployed template. But before we do that here are a few things to consider
- Do I have to edit the actual template? No. AWS provides the option to "Update" your stack without having to edit the template
- Will the changes impact productivity? This depends. If you need to make subnet changes then yes there will be an impact to productivity.
In this example, After deploying your template you find that you need two minimum instances per auto scale group and not the default setting of one.
As you can see by the screenshot below, our cloud formation template has been successfully deployed
The existing auto scale group has the desired and minimum value set to 1 instance
Take note of the instance ID's of the existing production vm-series firewalls
Now we will update the stack to reflect the desired settings
1. Navigate to the CloudFormation tab and under actions select "Update Stack"
2. On the next page leave "Use current template" selected and click next
3. On the "Specify Details" page scroll down to the ASG Configuration and change the "Minimum VM-Series Instances" value to two
4. Click leave all defaults on the next pages by clicking next. On the very last page check the box to accept the acknowledgement and select update
5. You will then see the template status change from update_in_progress to update_complete
Note that your auto scale group now reflects the desired and minimum settings
Important thing to note is that two new EC2 Instances were launched without termining the existing instances. Verify by matching the instance ID's from above