crossRegionReferences: Allow Export Value Changes

[savagete2860]

Describe the feature

When using crossRegionReferences, allow the values to change.

Use Case

I am building a CDK project to test a cross-region disaster recovery strategy for an application that relies on an RDS instance in Stack A and a read replica of the RDS in Stack B. The stacks are in different regions. Stack A's RDS is created from a snapshot. Stack A exports the created RDS, which is then passed into Stack B via the crossRegionReferences feature. It is used as the sourceDatabaseInstance value in the DatabaseInstanceReadReplica in Stack B.

In a DR event, the read replica is promoted and becomes a primary instance rather than a read replica outside of CDK (this is also something I wish CDK could do). When the DR event is over, Stack A's RDS will need to be recreated from a snapshot of the RDS in Stack B so that any data changes during the DR event are retained when migrating back to the original region. When I update Stack A with a new snapshot ID, the value of the RDS changes, creating a new RDS instance. This ends up causing an UPDATE_ROLLBACK_FAILED error with the message Received response status [FAILED] from custom resource. Message returned: Error: Some exports have changed!.

In my use case, this is expected and desirable. I want to be able to change my export and then re-run a cdk deploy on Stack B so it creates a new read replica and the infrastructure ends up in the same state it was before the DR event.

Proposed Solution

add an option like crossRegionReferences: {enabled: true/false, allow_changes: true/false}

Other Information

I know this is also an issue for things like ACM certificates where they are referenced cross region. I imagine there are other use cases as well.

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

2.146.0

Environment details (OS name and version, etc.)

macOS

[pahud]

Thank you for the sharing of your use case.

crossRegionReference is an experimental feature that supports strong reference only, which means if the output of the producer stack is being used by the consumer stack, that output value would not be allowed to be changed. Read the doc for more details.

In your case, I guess you probably have some options to explore:

1. Instead of updating the existing resource from Stack A, which has exported its value for Stack B, define a new RDS instance resource in stack A from the snapshot as a new source of the replica from Stack B and eventually remove the previous resource definition of the RDS instance from Stack A. This might unblock the strong reference.

2. update the tag of ssm parameter and remove something like aws-cdk:strong-ref=stack2 which implies that this parameter is no longer referenced by stack2. This is not well-tested but base on the design doc it could unblock the reference.

Please note: I have not verified the options above in my account and you need to test it very carefully in your own testing environment. Everything that intends to unblock the strong reference could be risky. Also please bear in mind crossRegionReference is an experimental feature which is subject to API changes and generally not recommended for production.

Let me know if it works for you.

[github-actions]

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

[aws-cdk-automation]

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.