cloudformation-cli-java-plugin icon indicating copy to clipboard operation
cloudformation-cli-java-plugin copied to clipboard
verified publisher icon aws-cloudformation

Ensure that re-invocations are time/count limited

Open rjlohan opened this issue 6 years ago • 2 comments

Currently, although CloudFormation will eventually timeout on waiting for a resource provisioning action, there is no constraint on the duration or number of re-invocations that can be scheduled, leading to essentially unbounded Lambda compute.

Wrapper should auto-inject a net runtime into the callback context and use this to compute a restriction and eventual timeout at https://github.com/aws-cloudformation/aws-cloudformation-rpdk-java-plugin/blob/master/src/main/java/com/aws/cfn/LambdaWrapper.java#L262

This timeout should probably be slightly less than the CloudFormation timeout to ensure that stack events reflect actual progress and termination of handler occurs before CloudFormation abandons the request.

rjlohan avatar Jun 02 '19 18:06 rjlohan

Related to #15 which lists additional requirements.

rjlohan avatar Jun 03 '19 15:06 rjlohan

Partially implemented with #112

rjlohan avatar Jun 27 '19 04:06 rjlohan