DEV Community

Cover image for Why it is important to use RemovalPolicy in CDK/CloudFormation.
Sri
Sri

Posted on

Why it is important to use RemovalPolicy in CDK/CloudFormation.

#aws #cloud #community

Table of Contents

  1. Introduction
  2. RemovalPolicy Problem
  3. RemovalPolicy Solution
  4. Summary
  5. Reference

1. Introduction

I attend Coffee & Cloud: The Local Developer Experience organised by Mirabela Dan & Jason Forte on Wednesdays every fortnight.

During one of the sessions, Jason showcased Deploy a Serverless API in 30 mins.

While I was practising deploying Jason's code, I noticed that the DynamoDB was not being deleted when I ran cdk destroy

This blog is about the importance of RemovalPolicy with CDK.

2. RemovalPolicy Problem

I deployed the app using cdk deploy and then cleaned up by using csk destroy

Upon raising this in repost:

👉 AWS advised that the table defintion was missing RemovalPolicy.
By default, CDK will (generally) apply a RemovalPolicy value of RETAIN to stateful resources which can contain data in order to avoid deleting it when destroying the stack.

We can see this in the synthesised template. For example, with this resource declared in CDK:

const table = new Table(this, 'Table', {
    partitionKey: { type: AttributeType.STRING, name: 'id' },
})
Enter fullscreen mode Exit fullscreen mode

The synthesised template is under /home/ec2-user/environment/example-serverless-python-api/cdk.out/ExampleServerlessPythonApiStack.template.json and will contain the following:

"Resources": {
    "TableCD117FA1": {
      "Type": "AWS::DynamoDB::Table",
      "Properties": {
        ...
      },
      "UpdateReplacePolicy": "Retain",
      "DeletionPolicy": "Retain",
      "Metadata": {
        "aws:cdk:path": "ExampleServerlessPythonApiStack/Table/Resource"
      }
    },
 ...
Enter fullscreen mode Exit fullscreen mode

Note: I am using Cloud 9

The CloudFormation UpdateReplacePolicy and DeletionPolicy attributes being Retain will cause CloudFormation to leave the resource intact when deleting the stack.

DynamoDB not deleted

3. RemovalPolicy Solution

Let's update /example-serverless-python-api/lib/example-serverless-python-api-stack.ts with removalPolicy: RemovalPolicy.DESTROY

const table = new Table(this, 'Table', {
      partitionKey: { type: AttributeType.STRING, name: 'id' },
      removalPolicy: RemovalPolicy.DESTROY,
    })
Enter fullscreen mode Exit fullscreen mode

👉 To have the resource deleted when we run cdk destroy, we need to specify a RemovalPolicy of DESTROY or SNAPSHOT in the code.

The synthesised template under /home/ec2-user/environment/example-serverless-python-api/cdk.out/ExampleServerlessPythonApiStack.template.json will contain the following:

"Resources": {
    "TableCD117FA1": {
      "Type": "AWS::DynamoDB::Table",
      "Properties": {
        ...
      },
      "UpdateReplacePolicy": "Delete",
      "DeletionPolicy": "Delete",
      "Metadata": {
        "aws:cdk:path": "ExampleServerlessPythonApiStack/Table/Resource"
      }
    },
 ...
Enter fullscreen mode Exit fullscreen mode

DynamoDB deleted

4. Summary

👉 Remember to add RemovalPolicy when using CDK for databases to avoid unexpected costs.

removalPolicy: RemovalPolicy.DESTROY,
Enter fullscreen mode Exit fullscreen mode

5. Reference

CDK destroy is not deleting DynamoDB table created by CDK

Top comments (0)

Read next

rsiv profile image

Bringing declarative infrastructure to developers

Rak -

takuma818t profile image

Lambda Performance Evaluation: The Relationship Between Memory and Internal vCPU Architecture, and Their Comparison

takuma818t -

ianbrumby profile image

Effortless Debugging: AWS CDK TypeScript Projects in VSCode

Ian -

karthiksakthiveltechie profile image

Amazon Bedrock announces support for cost allocation tags on inference profiles

Karthik Sakthivel -