Can we update the existing AWS Stack using post provision operation?

Gaurav39
Tera Contributor

Hi All,

I have a requirement where i would like to update the stack, for example when the IAM role gets created based on a servicenow request and then the user feels to add/remove certain s3/glue permissions on the existing IAM role, thats when UPDATE action is required. I can see we have start, stop and other stack operation and a lot other AWS Stack Orchestration API but none can be use to update the stack. Has anyone tried this before? Please do share your thoughts if this is possible or not?

 

I can see we have an UpdateStack AWS API in aws documention but nothing as such in AWS Stack Orchestration API. Your help and guidance is much appreciated.

 

Kind Regards,

Gaurav

2 REPLIES 2

AishwaryaS1
Kilo Sage

@Gaurav39 

have you resolved your issue?

I also need to update the provision product using that Request Update UI action which is already exists on that Aws service catalog product table.

Aishwarya Shelake

GauravC49981010
Tera Contributor

@AishwaryaS1 
Hi, I know this is late but still sharing my findings here in case it will be useful for others. 
Update functionality is not possible (at least when I was working on this). What we did was we changed the approach; we moved everything to terraform open source to automate the provisioning.

Why choose terraform open source and not enterprise? because when we deploy a stack in with terraform enterprise it is stored in a workspace and that workspace has a cost associated to it. Now the problem is that for each cloud catalog request you have to create a workspace and that would be too costly for an Org.

 

With terraform open source we can use workspaces which contains your deployed stack details and if I remember correctly this doesn't cost that much as this will be created on and will be storing the stack details in some s3 buckets in clients private AWS or whichever cloud they are using. You can select the same workspace while raising new cloud catalog request to update any configuration on the existing stack. Of course, there is a downside that you have to make sure that when you are raising the update request you are not updating anything which can destroy that particular resource in the stack.
There is a lot to take care of when using terraform approach and also there some limitation, but ServiceNow is always improving on those. Hope so we get an update functionality in future.