General Discussion: CFN Stack Updater - Architecture & Usage #1

New issue

Open

opened 2026-05-29 15:08:29 -04:00 by vmanne · 1 comment

vmanne commented 2026-05-29 15:08:29 -04:00

Owner

Copy link

CFN Stack Updater - General Discussion Thread

This thread is for general discussion about the One-Click CloudFormation Stack Updater project.

Project Overview

A Python CLI tool that automates rolling updates of CL-AppPipe-* and CL-SvcPipe-* CloudFormation stacks in an AWS audit account. When a new version of the Centralized Logging with OpenSearch nested templates becomes available, this tool triggers a rolling update across every matching stack with a single command.

Key Features

• One-click update: Single command to update 22+ CloudFormation stacks
• Multi-prefix support: CL-AppPipe-* (SO8025-s3b) and CL-SvcPipe-* (SO8025-s3)
• Async concurrency: Configurable parallelism via asyncio.Semaphore (default: 5)
• Dry-run mode: Safe preview before committing changes
• Resilient: Exponential backoff retry, fault isolation
• Permission validation: Verifies IAM permissions before starting
• 80 tests: 11 property-based (Hypothesis) + 69 unit tests

Architecture

Permission Validation → Stack Discovery → Stack Update Engine → Report Generator

Quick Start

# Install
pip install boto3 botocore pytest hypothesis

# Preview (dry-run)
py -m cfn_updater.cli --profile audit --dry-run

# Update all stacks
py -m cfn_updater.cli --profile audit

# Update specific prefix
py -m cfn_updater.cli --profile audit --prefix "CL-SvcPipe-"

Documentation

• Nextcloud: Documents/cfn-stack-updater/ (README, requirements, design summary, chat history)
• Spec files: .kiro/specs/one-click-cfn-stack-updater/ in this repo

Topics for Discussion

• Deployment strategy (Lambda vs EC2 vs local CLI)
• CI/CD pipeline setup
• Notification integration (SNS/Slack on completion)
• Scheduling (EventBridge for periodic checks)
• Multi-account support
• Rollback strategy if updates fail

---

Feel free to comment with questions, suggestions, or feature requests!

## CFN Stack Updater - General Discussion Thread This thread is for general discussion about the **One-Click CloudFormation Stack Updater** project. ### Project Overview A Python CLI tool that automates rolling updates of `CL-AppPipe-*` and `CL-SvcPipe-*` CloudFormation stacks in an AWS audit account. When a new version of the Centralized Logging with OpenSearch nested templates becomes available, this tool triggers a rolling update across every matching stack with a single command. ### Key Features - **One-click update**: Single command to update 22+ CloudFormation stacks - **Multi-prefix support**: CL-AppPipe-* (SO8025-s3b) and CL-SvcPipe-* (SO8025-s3) - **Async concurrency**: Configurable parallelism via asyncio.Semaphore (default: 5) - **Dry-run mode**: Safe preview before committing changes - **Resilient**: Exponential backoff retry, fault isolation - **Permission validation**: Verifies IAM permissions before starting - **80 tests**: 11 property-based (Hypothesis) + 69 unit tests ### Architecture ``` Permission Validation → Stack Discovery → Stack Update Engine → Report Generator ``` ### Quick Start ```bash # Install pip install boto3 botocore pytest hypothesis # Preview (dry-run) py -m cfn_updater.cli --profile audit --dry-run # Update all stacks py -m cfn_updater.cli --profile audit # Update specific prefix py -m cfn_updater.cli --profile audit --prefix "CL-SvcPipe-" ``` ### Documentation - **Nextcloud**: Documents/cfn-stack-updater/ (README, requirements, design summary, chat history) - **Spec files**: `.kiro/specs/one-click-cfn-stack-updater/` in this repo ### Topics for Discussion - [ ] Deployment strategy (Lambda vs EC2 vs local CLI) - [ ] CI/CD pipeline setup - [ ] Notification integration (SNS/Slack on completion) - [ ] Scheduling (EventBridge for periodic checks) - [ ] Multi-account support - [ ] Rollback strategy if updates fail --- *Feel free to comment with questions, suggestions, or feature requests!*

vmanne commented 2026-05-29 15:08:50 -04:00

Author

Owner

Copy link

Development Chat History - Session 1 (May 29, 2026)

What was accomplished:

1. Repository created under AWS/cfn-stack-updater org
2. Initial commit pushed with full project code (24 files, 3363 lines)
3. Documentation uploaded to Nextcloud at Documents/cfn-stack-updater/:
   • README.md - Project overview and usage
   • requirements.md - Requirements summary
   • design-summary.md - Architecture and correctness properties
   • chat-history.md - Full development timeline

Project Structure

cfn_updater/
├── __init__.py        # Package exports
├── cli.py             # CLI entry point and pipeline orchestration
├── config.py          # Configuration constants
├── discovery.py       # Stack discovery (prefix filtering, pagination)
├── models.py          # Data models (DiscoveredStack, StackUpdateResult, UpdateRunReport)
├── permissions.py     # IAM permission validation
├── report.py          # Report generation and formatting
└── updater.py         # Stack update engine (async, concurrency, retry)

tests/
├── conftest.py        # Shared fixtures
├── test_cli.py        # CLI argument parsing and pipeline tests
├── test_discovery.py  # Stack discovery property + unit tests
├── test_dry_run.py    # Dry-run property + unit tests
├── test_permissions.py # Permission validation property + unit tests
├── test_report.py     # Report aggregation property + unit tests
└── test_updater.py    # Update engine property + unit tests

Test Results

• 80 tests total: 11 property-based (Hypothesis) + 69 unit tests
• All passing, all AWS API calls mocked

Next Steps

• Set up CI/CD pipeline
• Consider deployment options (Lambda wrapper, scheduled execution)
• Add notification support (SNS/Slack)

## Development Chat History - Session 1 (May 29, 2026) ### What was accomplished: 1. **Repository created** under `AWS/cfn-stack-updater` org 2. **Initial commit pushed** with full project code (24 files, 3363 lines) 3. **Documentation uploaded to Nextcloud** at `Documents/cfn-stack-updater/`: - `README.md` - Project overview and usage - `requirements.md` - Requirements summary - `design-summary.md` - Architecture and correctness properties - `chat-history.md` - Full development timeline ### Project Structure ``` cfn_updater/ ├── __init__.py # Package exports ├── cli.py # CLI entry point and pipeline orchestration ├── config.py # Configuration constants ├── discovery.py # Stack discovery (prefix filtering, pagination) ├── models.py # Data models (DiscoveredStack, StackUpdateResult, UpdateRunReport) ├── permissions.py # IAM permission validation ├── report.py # Report generation and formatting └── updater.py # Stack update engine (async, concurrency, retry) tests/ ├── conftest.py # Shared fixtures ├── test_cli.py # CLI argument parsing and pipeline tests ├── test_discovery.py # Stack discovery property + unit tests ├── test_dry_run.py # Dry-run property + unit tests ├── test_permissions.py # Permission validation property + unit tests ├── test_report.py # Report aggregation property + unit tests └── test_updater.py # Update engine property + unit tests ``` ### Test Results - **80 tests total**: 11 property-based (Hypothesis) + 69 unit tests - All passing, all AWS API calls mocked ### Next Steps - Set up CI/CD pipeline - Consider deployment options (Lambda wrapper, scheduled execution) - Add notification support (SNS/Slack)

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

No results found.

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: AWS/cfn-stack-updater#1

No description provided.