https://serverless-stack.com/ logo
Join Slack
Powered by
Is there anyway to setup policies via SST/CDK to t...
# help
n
Is there anyway to setup policies via SST/CDK to tear down a stack after a certain amount of time? Or how are others handling making sure ephemeral stacks (feature branches) are not sitting out there forever?
t
I tie a CI action to the branch delete event and run an sst destroy
f
@Nick Laffey Or setup a cron job that keeps checking the time and calls CloudFormation delete stack if time has past X days.
I don’t know anyone that’s doing it this way lol… but theoretically possible
n
Thanks, yeah we currently have a deleted branch GH action but it occasionally fails. I need to remember why its failing though, it might make sense to just deal with that issue. Some other projects at our company uses a CRON job to seek out stacks with a tag and delete if they are past a threshold.
t
sst.SelfDestruct
n
One small issue I was running into with GH actions was that I’m not sure if there’s an easy way to know if a stack exists or not before I ask to destroy it. Our stacks try to get values from parameter store but if there’s no value found in the parameter store it throws an error.
So I’m sst removing even if the stack doesn’t exist and then it bombs and that was causing my GH action to fail.
I just found that GH actions have continue-on-error so at least it doesn’t report that it failed
Another option might be to wrap stuff in try/catches and provide a default value if its not available in the parameter store. But this seems like one reason why just having a CRON job disassociated with the SST that just searches for tags and deletes anything with a tag/expiration date might be better?
Maybe this is something that SST could do for us though? Tag stuff automatically and then provide a CLI command to tear stuff down everything based on expiration date. I’ll admit I’m CDK ignorant enough to not realize why this isn’t possible/a good idea.
Hmm this is kind of interesting. Even if I wrap the valueFromLookUp in a try catch SST still exits with the “There was an error synthesizing your app”
Copy code
try {
             userPoolExports = ssm.StringParameter.valueFromLookup(this, userPoolExportsName);
        } catch (e){
            console.error(`No user pool exports found for ${userPoolExportsName}`)
        }
Copy code
[Error at /foo-iridium-client-ClientStack] SSM parameter not available in account XXXXXXXXX, region us-east-1: foo-iridium-backend-userpool-exports
Found errors
There was an error synthesizing your app.
f
Hey @Nick Laffey, can you use the AWS CLI to check if the stack exists? https://docs.aws.amazon.com/cli/latest/reference/cloudformation/describe-stacks.html
n
Yeah seems like I could, one issue with that is I’d need to hardcode the stackname in there based on what SST is building it up to be.
and keep track of all the stacks that might be getting deployed in a single app
f
hmm.. btw, how are you using the 
userPoolExports
? I wonder if 
ssm.StringParameter.valueForStringParameter()
would work for you. That does not do a SSM lookup at build time, and should get around this problem.
n
👍 I’ll try that out when I get a chance, switched contexts for a bit.
RE: userPoolExports, we create those in another stack and then push them out to parameter store. We pass them onto the FE by getting them from the parameter store and then set them on the REACT_ENV variables. We use those for authenticating via amplify/cognito.
@Frank Unfortunately 
valueForStringParameter
didn’t work for me. I ended up getting back the token value instead of the actual value: 
${${Token[TOKEN.171]}
I need the value at build time so I can serialize it into the environment variables.
f
You can also try making a call to SSM using AWS SDK inside ur index.js to fetch the value, and then pass it to the stack.
Note that you cannot make the AWS SDK call inside the stack b/c async code not allowed in constructors
n
Noted, thanks Frank I’ll consider that
I’m still curious, is it expected that wrapping 
ssm.StringParameter.valueFromLookup
in a try/catch would not catch when there’s no value found (and subsequently cause SST to report a failure)?
Open in Slack
PreviousNext
Powered by