DEV Community

Cover image for Why it is important to use RemovalPolicy in CDK/CloudFormation.
Sri
Sri

Posted on

Why it is important to use RemovalPolicy in CDK/CloudFormation.

#aws #cloud #community

Table of Contents

  1. Introduction
  2. RemovalPolicy Problem
  3. RemovalPolicy Solution
  4. Summary
  5. Reference

1. Introduction

I attend Coffee & Cloud: The Local Developer Experience organised by Mirabela Dan & Jason Forte on Wednesdays every fortnight.

During one of the sessions, Jason showcased Deploy a Serverless API in 30 mins.

While I was practising deploying Jason's code, I noticed that the DynamoDB was not being deleted when I ran cdk destroy

This blog is about the importance of RemovalPolicy with CDK.

2. RemovalPolicy Problem

I deployed the app using cdk deploy and then cleaned up by using csk destroy

Upon raising this in repost:

πŸ‘‰ AWS advised that the table defintion was missing RemovalPolicy.
By default, CDK will (generally) apply a RemovalPolicy value of RETAIN to stateful resources which can contain data in order to avoid deleting it when destroying the stack.

We can see this in the synthesised template. For example, with this resource declared in CDK:

const table = new Table(this, 'Table', {
    partitionKey: { type: AttributeType.STRING, name: 'id' },
})
Enter fullscreen mode Exit fullscreen mode

The synthesised template is under /home/ec2-user/environment/example-serverless-python-api/cdk.out/ExampleServerlessPythonApiStack.template.json and will contain the following:

"Resources": {
    "TableCD117FA1": {
      "Type": "AWS::DynamoDB::Table",
      "Properties": {
        ...
      },
      "UpdateReplacePolicy": "Retain",
      "DeletionPolicy": "Retain",
      "Metadata": {
        "aws:cdk:path": "ExampleServerlessPythonApiStack/Table/Resource"
      }
    },
 ...
Enter fullscreen mode Exit fullscreen mode

Note: I am using Cloud 9

The CloudFormation UpdateReplacePolicy and DeletionPolicy attributes being Retain will cause CloudFormation to leave the resource intact when deleting the stack.

DynamoDB not deleted

3. RemovalPolicy Solution

Let's update /example-serverless-python-api/lib/example-serverless-python-api-stack.ts with removalPolicy: RemovalPolicy.DESTROY

const table = new Table(this, 'Table', {
      partitionKey: { type: AttributeType.STRING, name: 'id' },
      removalPolicy: RemovalPolicy.DESTROY,
    })
Enter fullscreen mode Exit fullscreen mode

πŸ‘‰ To have the resource deleted when we run cdk destroy, we need to specify a RemovalPolicy of DESTROY or SNAPSHOT in the code.

The synthesised template under /home/ec2-user/environment/example-serverless-python-api/cdk.out/ExampleServerlessPythonApiStack.template.json will contain the following:

"Resources": {
    "TableCD117FA1": {
      "Type": "AWS::DynamoDB::Table",
      "Properties": {
        ...
      },
      "UpdateReplacePolicy": "Delete",
      "DeletionPolicy": "Delete",
      "Metadata": {
        "aws:cdk:path": "ExampleServerlessPythonApiStack/Table/Resource"
      }
    },
 ...
Enter fullscreen mode Exit fullscreen mode

DynamoDB deleted

4. Summary

πŸ‘‰ Remember to add RemovalPolicy when using CDK for databases to avoid unexpected costs.

removalPolicy: RemovalPolicy.DESTROY,
Enter fullscreen mode Exit fullscreen mode

5. Reference

CDK destroy is not deleting DynamoDB table created by CDK

Top comments (0)

Read next

segoja7 profile image

Self-Service : Building and Enabling APIs with Crossplane and AWS

Javier SepΓΊlveda -

franckpachot profile image

AWS re:Invent 2024 - Which sessions I'll try to attend.

Franck Pachot -

kirbyaguilar profile image

Deploying a Rails 7 + React app to AWS via Dokku

Kirby Aguilar -

noorscript profile image

πŸ” Unlocking the Secrets of Data Security: Cryptography, Encryption, and Hashing Made Simple πŸ›‘οΈ

Noor Fatima -