forecast

package
v1.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 31, 2024 License: Apache-2.0 Imports: 33 Imported by: 0

README

Rain Forecast

The experimental rain forecast command makes API calls into your account to try to predict things that might fail during stack create, update, and delete operations. This command is not meant to be a substitute for the CloudFormation Linter (cfn-lint), which ideally is already an integral part of your development process.

In order to use this command, supply the -x argument to recognize the fact that this feature is currently experimental could change with minor version upgrades.

rain forecast -x --skip-iam my-template.yaml my-stack-name

You can also supply a CLI profile with the --profile argument to assume a different role for the checks you make against the template.

Generic checks

This command currently makes a few generic checks for a wide range of resources:

  • FG001: The resource already exists (for stack creation with hard coded resource names)
  • FG002: IAM permissions to interact with the resource. Keep in mind that this is a slow operation and is disabled by default. You can enable it with the --include-iam argument. It is also not guaranteed to be 100% accurate, due to the difficulty with predicting the exact ARNs for all possible resources that are involved with the resource provider.

Specific checks

These can be ignored with the --ignore argument.

Code Description
F0001 For a delete operation, the S3 bucket is not empty
F0002 S3 bucket policy has an invalid principal
F0003 RDS cluster configuration is correct for the chosen engine
F0004 RDS monitoring role arn is correct
F0005 RDS cluster quota is not at limit
F0006 RDS instance configuration is correct for the chosen engine
F0007 EC2 instance and launch template KeyName exists
F0008 EC2 instance and launch template InstanceType exists
F0009 EC2 instance and launch template instance type and AMI match
F0010 Within the same template, are all security groups pointing to the same network
F0011 If there is no default VPC, does each security group have a vpc configured?
F0012 Certificate not found for elastic load balancer
F0013 SNS Topic Key is valid
F0014 ELB target group Port and Protocol match
F0015 ELB target groups must be of type instance if they are used by an ASG
F0016 Lambda function role exists
F0017 Lambda function role can be assumed

Estimates

The forecast command also tries to estimate how long it thinks your stack will take to deploy.

Roadmap

You can view the issues list for the forecast command here.

Please feel free to create an issue here whenever you get a stack failure that you think could have been prevented by one of these checks.

Checks we plan to implement:

  • DynamoDB global table replica region requirements
  • Prefix list does not exist
  • Flow Log format errors
  • SES identity not verified
  • SES sending pool does not exist
  • EIP limit
  • Function version does not exist
  • Warn on resource replacements for active traffic
  • API gateway account trust permission

Documentation

Overview

Package forecast looks at your account and tries to predict things that will go wrong when you attempt to CREATE, UPDATE, or DELETE a stack

Index

Constants

View Source 
const (
	FG001 = "FG001"
	FG002 = "FG002"
	F0001 = "F0001"
	F0002 = "F0002"
	F0003 = "F0003"
	F0004 = "F0004"
	F0005 = "F0005"
	F0006 = "F0006"
	F0007 = "F0007"
	F0008 = "F0008"
	F0009 = "F0009"
	F0010 = "F0010"
	F0011 = "F0011"
	F0012 = "F0012"
	F0013 = "F0013"
	F0014 = "F0014"
	F0015 = "F0015"
	F0016 = "F0016"
	F0017 = "F0017"
	F0018 = "F0018"
	F0019 = "F0019"
	F0020 = "F0020"
	F0021 = "F0021"
	F0022 = "F0022"
)
View Source 
const (
	ALL    = "all"
	CREATE = "create"
	UPDATE = "update"
	DELETE = "delete"
)

Variables

View Source 
var Cmd = &cobra.Command{
	Use:   "forecast --experimental <template> [stackName]",
	Short: "Predict deployment failures",
	Long: `Outputs warnings about potential deployment failures due to constraints in 
the account or misconfigurations in the template related to dependencies in 
the account.

NOTE: This is an experimental feature!

To use this command, add --experimental or -x as an argument.

This command is not a linter! Use cfn-lint for that. The forecast command 
is concerned with things that could go wrong during deployment, after the 
template has been checked to make sure it has a valid syntax.

This command checks for some common issues across all resources, and 
resource-specific checks. See the README for more details.
`,
	Args:                  cobra.RangeArgs(1, 2),
	DisableFlagsInUseLine: true,
	Run: func(cmd *cobra.Command, args []string) {
		fn := args[0]
		base := filepath.Base(fn)
		var suppliedStackName string

		if len(args) == 2 {
			suppliedStackName = args[1]
		} else {
			suppliedStackName = ""
		}

		if !Experimental {
			panic("Please add the --experimental arg to use this feature")
		}
		pkg.Experimental = Experimental

		config.Debugf("Generating forecast for %v", fn)

		source, err := pkg.File(fn)
		if err != nil {
			panic(err)
		}

		content := format.CftToYaml(source)
		source, err = parse.String(content)
		if err != nil {
			panic(err)
		}

		stackName := dc.GetStackName(suppliedStackName, base)

		spinner.Push(fmt.Sprintf("Checking current status of stack '%s'", stackName))
		stack, stackExists := deploy.CheckStack(stackName)
		spinner.Pop()

		msg := ""
		if stackExists {
			msg = "exists"
		} else {
			msg = "does not exist"
		}
		config.Debugf("Stack %v %v", stackName, msg)

		if action == DELETE || action == UPDATE && !stackExists {
			panic(fmt.Sprintf("stack %v does not exist, action %s is not valid", stackName, action))
		}

		if action == CREATE && stackExists {
			panic(fmt.Sprintf("stack %v already exists, action %s is not valid", stackName, action))
		}

		dc, err := dc.GetDeployConfig(tags, params, configFilePath, base,
			source, stack, stackExists, true, false)
		if err != nil {
			panic(err)
		}

		if !predict(source, stackName, stack, stackExists, dc) {
			os.Exit(1)
		}

	},
}

Cmd is the forecast command's entrypoint

View Source 
var Estimates map[string]ResourceEstimate

Estimates is a map of resource type name to ResourceEstimates, which are based on historical averages

View Source 
var Experimental bool

Experimental indicates that this is an experimental feature that might break between minor releases

View Source 
var IncludeIAM bool

IncludeIAM indicates if we should perform permissions checks or not, to save time

View Source 
var LineNumber int

LineNumber is the current line number in the template

View Source 
var ResourceType string

ResourceType is the resource type to check (optional --type to limit checks to one type)

View Source 
var RoleArn string

RoleArn is the role name to use for the IAM policy simulator (optional --role)

Functions

func FormatEstimate added in v1.7.0 

func FormatEstimate(total int) string

FormatEstimate returns a string in human readable format to represent the number of seconds. For example, 61 would return "0h, 1m, 1s"

func GetResourceEstimate added in v1.7.0 

func GetResourceEstimate(resourceType string, action StackAction) (int, error)

GetResourceEstimate returns the estimated time an action will take for the given resource type

func InitEstimates added in v1.7.0 

func InitEstimates()

init initializes the Estimates map for all AWS resource types

func PredictTotalEstimate added in v1.7.0 

func PredictTotalEstimate(t cft.Template, stackExists bool) int

PredictTotalEstimate returns the total number of seconds expected to deploy the stack. This function takes into account resources that will be deployed in parallel.

Types

type Check added in v1.9.0 

type Check struct {
	Pass    bool
	Code    string
	Message string
}

Check is a specific check with a code that can be suppressed

func (*Check) String added in v1.9.0 

func (c *Check) String() string

type Env added in v1.4.4 

type Env struct {
	// contains filtered or unexported fields
}

type Forecast 

type Forecast struct {
	TypeName  string
	LogicalId string
	Passed    []Check
	Failed    []Check
}

Forecast represents predictions for a single resource in the template

func (*Forecast) Add 

func (f *Forecast) Add(code string, passed bool, message string)

Add adds a pass or fail message, formatting it to include the type name and logical id

func (*Forecast) Append 

func (f *Forecast) Append(forecast Forecast)

func (*Forecast) GetNumChecked 

func (f *Forecast) GetNumChecked() int

func (*Forecast) GetNumFailed 

func (f *Forecast) GetNumFailed() int

func (*Forecast) GetNumPassed 

func (f *Forecast) GetNumPassed() int

type PredictionInput 

type PredictionInput struct {
	// contains filtered or unexported fields
}

PredictionInput is the input to forecast prediction functions

func (*PredictionInput) GetPropertyNode added in v1.9.0 

func (input *PredictionInput) GetPropertyNode(name string) *yaml.Node

GetPropertyNode returns the node for the given property name

type ResourceEstimate added in v1.7.0 

type ResourceEstimate struct {
	Name   string
	Create int
	Update int
	Delete int
}

ResourceEstimate stores the estimated time, in seconds, to create, update, or delete a specific resource type. The Name is something like "AWS::S3::Bucket"

func NewResourceEstimate added in v1.7.0 

func NewResourceEstimate(name string, create int, update int, del int) ResourceEstimate

NewResourceEstimate creates a new instance of ResourceEstimate

type StackAction added in v1.7.0 

type StackAction string
const (
	Create StackAction = "create"
	Update StackAction = "update"
	Delete StackAction = "delete"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.