Introduction
Sceptre provides various commands that cater to different aspects of managing CloudFormation stacks and interacting with AWS resources. In this article, we’ll explore the various Sceptre commands and how they can streamline your cloud infrastructure management.
Sceptre CLI (Version 4.2.2)
Please consult the official Sceptre documentation or the documentation specific to version 4.2.2 for the most accurate and up-to-date information on commands and their usage.
Usage
Usage: sceptre [OPTIONS] COMMAND [ARGS]...
Sceptre serves as a command-line tool, and if you run it without a sub-command, it will display helpful information by showing a list of the available commands.
sceptre
sceptre --help
Various Sceptre Commands
1.) create
sceptre create --help
Usage: sceptre create [OPTIONS] PATH [CHANGE_SET_NAME]
Creates a stack for a given config PATH. Or if CHANGE_SET_NAME is specified
creates a change set for stack in PATH.
Options:
-y, --yes Assume yes to all questions.
--disable-rollback / --enable-rollback
Disable or enable the cloudformation
automatic rollback
--help Show this message and exit.
Create a stack
usage: sceptre create [options] PATH
sceptre create -y s3-bucket-config.yaml
Create a changeset
Using changesets is a best practice when managing CloudFormation stacks, especially in production and other controlled environments. It promotes a well-defined and cautious approach to making changes, reducing the risk of disruptions and ensuring the stability of your cloud infrastructure.
For additional details on changesets, please check this page.
usage: sceptre create [options] PATH [CHANGE_SET_NAME]
sceptre create -y --enable-rollback s3-bucket-config.yaml updatename
The command creates changeset called “updatename” stack based on the provided configuration file “s3-bucket-config.yaml.” The “-y” option skips confirmation prompts, and “ — enable-rollback” enables automatic rollback in case of stack creation failures.
2.) delete
sceptre delete --help
Usage: sceptre delete [OPTIONS] PATH [CHANGE_SET_NAME]
Deletes a stack for a given config PATH. Or if CHANGE_SET_NAME is specified
deletes a change set for stack in PATH.
Options:
-y, --yes Assume yes to all questions.
--help Show this message and exit.
Delete a stack
usage: sceptre delete [options] PATH
sceptre delete -y s3-bucket-config.yaml
Delete a changeset
usage: sceptre delete [options] PATH [CHANGE_SET_NAME]
sceptre delete -y s3-bucket-config.yaml updatename
3.) describe
sceptre describe --help
Usage: sceptre describe [OPTIONS] COMMAND [ARGS]...
Commands for describing attributes of stacks.
Options:
--help Show this message and exit.
Commands:
change-set Describes the change set.
policy Displays the stack policy used.
sceptre describe change-set s3-bucket-config.yaml updatename
The above output suggests that the change set “updatename” includes a modification to the existing AWS S3 bucket resource named “MyS3Bucket” within the “my-s3-bucket-stack” CloudFormation stack. The change involves updating the properties of the bucket. Additionally, the resource is marked for **replacement, indicating that a new physical resource will be created to apply the update.
Change sets can also be examined through the AWS CloudFormation console, providing a user-friendly graphical interface to visualize the alterations made to stack resources.
sceptre describe policy s3-bucket-config.yaml
4.) diff
sceptre diff --help
Usage: sceptre diff [OPTIONS] PATH
Indicates the difference between the currently DEPLOYED stacks in the
command path and the stacks configured in Sceptre right now. This command
will compare both the templates as well as the subset of stack
configurations that can be compared. By default, only stacks that would be
launched via the launch command will be diffed, but you can diff ALL stacks
relevant to the passed command path if you pass the --all flag.
Some settings (such as sceptre_user_data) are not available in a
CloudFormation stack description, so the diff will not be indicated.
Currently compared stack configurations are:
* parameters
* notifications
* cloudformation_service_role
* stack_tags
Important: There are resolvers (notably !stack_output) that rely on other
stacks to be already deployed when they are resolved. When producing a diff
on Stack Configs that have such resolvers that point to non-deployed stacks,
this presents a challenge, since this means those resolvers cannot be
resolved. This particularly applies to stack parameters and when a stack's
template uses sceptre_user_data with resolvers in it. In order to continue
to be useful when producing a diff in these conditions, this command will do
the following:
1. If the resolver CAN be resolved, it will be resolved and the resolved
value will be in the diff results. 2. If the resolver CANNOT be resolved, it
will be replaced with a string that represents the resolver and its
arguments. For example: !stack_output my_stack.yaml::MyOutput will resolve
in the parameters to "{ !StackOutput(my_stack.yaml::MyOutput) }".
Particularly in cases where the replaced value doesn't work in the template
as the template logic requires and causes an error, there is nothing further
Sceptre can do and diffing will fail.
Options:
-t, --type [deepdiff|difflib] The type of differ to use. Use "deepdiff" for
recursive key/value comparison. "difflib"
produces a more traditional "diff" result.
Defaults to deepdiff.
-s, --show-no-echo If set, will display the unmasked values of
NoEcho parameters generated LOCALLY (NoEcho
parameters for deployed stacks will always be
masked when retrieved from CloudFormation.).
If not set (the default), parameters
identified as NoEcho on the local template
will be masked when presented in the diff.
-n, --no-placeholders If set, no placeholder values will be
supplied for resolvers that cannot be
resolved.
-a, --all If set, will perform diffing on ALL stacks,
including ignored and obsolete ones;
Otherwise, it will diff only stacks that
would be created or updated when running the
launch command.
--help Show this message and exit.
sceptre diff s3-bucket-config.yaml
The detected difference reveals that the “bucketname” parameter within the CloudFormation stack has been modified, changing from “first-secptre-bucket-20230728” to “first-secptre-bucket-20230729.” Notably, the CloudFormation template itself remains unchanged during this update.
5.) drift
A “drift” refers to a situation where the actual state of a stack’s resources deviates from the expected state defined in the CloudFormation template. In other words, a drift occurs when there are resource changes made directly in the AWS environment, outside of CloudFormation’s control(via Sceptre).
sceptre drift --help
Usage: sceptre drift [OPTIONS] COMMAND [ARGS]...
Commands for calling drift detection.
Options:
--help Show this message and exit.
Commands:
detect Run detect stack drift on running stacks.
show Shows stack drift on running stacks.
detect drift
sceptre drift detect s3-bucket-config.yaml
The above output indicates that the “my-s3-bucket-stack” CloudFormation stack is in good condition and does not have any drifted resources. The drift detection process has been completed, and all the resources in the stack are in sync with the defined CloudFormation template.
show drift
sceptre drift show s3-bucket-config.yaml
The output indicates that the specific AWS S3 Bucket resource with the logical ID “MyS3Bucket” within the “my-s3-bucket-stack” CloudFormation stack is in sync with the expected state defined in the template. There are no property differences, and the resource’s properties match those defined in the CloudFormation template, ensuring that it is in the desired state.
6.) dump
sceptre dump --help
Usage: sceptre dump [OPTIONS] COMMAND [ARGS]...
Commands for dumping attributes of stacks.
Options:
--help Show this message and exit.
Commands:
all Dumps both the rendered (post-Jinja) Stack Configs and the...
config Dump the rendered (post-Jinja) Stack Configs.
template Prints the template used for stack in PATH.
sceptre dump template s3-bucket-config.yaml
sceptre dump config s3-bucket-config.yaml
sceptre dump all s3-bucket-config.yaml
7.) estimate-cost
sceptre estimate-cost --help
Usage: sceptre estimate-cost [OPTIONS] PATH
Prints a URI to STOUT that provides an estimated cost based on the resources
in the stack. This command will also attempt to open a web browser with the
returned URI.
Options:
--help Show this message and exit.
sceptre estimate-cost s3-bucket-config.yaml
8.) execute
sceptre execute --help
Usage: sceptre execute [OPTIONS] PATH CHANGE_SET_NAME
Executes a Change Set.
Options:
-y, --yes Assume yes to all questions.
--disable-rollback / --enable-rollback
Disable or enable the cloudformation
automatic rollback
--help Show this message and exit.
sceptre execute -y --enable-rollback s3-bucket-config.yaml updatename
Prior to executing the changeset, it’s advisable to thoroughly review its contents. As demonstrated in the ‘describe changeset’ command above, taking this precaution is essential because the changes applied by the changeset can be irreversible and may not have a straightforward rollback mechanism.
As per the above output;
The AWS S3 bucket “MyS3Bucket” within the “s3-bucket-config” stack is being updated.
Since the bucket update requires the creation of a new physical resource(as the bucket name has been modified) , it indicates that CloudFormation is replacing the existing bucket with a new one. This suggests that the “Delete” deletion policy is applied to the bucket and the new bucket is created, and the old one is deleted.
9.) fetch-remote-template
sceptre fetch-remote-template --help
Usage: sceptre fetch-remote-template [OPTIONS] PATH
Prints the remote template used for stack in PATH.
Options:
--help Show this message and exit.
sceptre fetch-remote-template s3-bucket-config.yaml
10.) generate
sceptre generate --help
Usage: sceptre generate [OPTIONS] PATH
Prints the template used for stack in PATH.
This command is aliased to the dump template command for legacy support
reasons. It's the same as running `sceptre dump template`.
Options:
-n, --no-placeholders If True, no placeholder values will be supplied for
resolvers that cannot be resolved.
--help Show this message and exit.
sceptre generate s3-bucket-config.yaml
11.) launch
sceptre launch --help
Usage: sceptre launch [OPTIONS] PATH
Launch a Stack or StackGroup for a given config PATH. This command is
intended as a catch-all command that will apply any changes from Stack
Configs indicated via the path.
* Any Stacks that do not exist will be created
* Any stacks that already exist will be updated (if there are any changes)
* If any stacks are marked with "ignore: True", those stacks will neither be created nor updated
* If any stacks are marked with "obsolete: True", those stacks will neither be created nor updated.
* Furthermore, if the "-p"/"--prune" flag is used, these stacks will be deleted prior to any
other launch commands
Options:
-y, --yes Assume yes to all questions.
-p, --prune If set, will delete all stacks in the
command path marked as obsolete.
--disable-rollback / --enable-rollback
Disable or enable the cloudformation
automatic rollback
--help Show this message and exit.\
sceptre launch -y s3-bucket-config.yaml
According to the provided output, since the stack is already present, the “launch” procedure has brought about modifications to the resources (specifically, the S3 bucket) within the stack. These alterations align with the adjustments introduced in the CloudFormation template or the configuration of the stack (in our case, the stack configuration has been modified to update the bucket name).
12.) list
sceptre list --help
Usage: sceptre list [OPTIONS] COMMAND [ARGS]...
Commands for listing attributes of stacks.
Options:
--help Show this message and exit.
Commands:
change-sets List change sets for stack.
outputs List outputs for stack.
resources List resources for stack or stack_group.
stacks List sceptre stack config attributes,
sceptre list change-sets s3-bucket-config.yaml
sceptre list outputs s3-bucket-config.yaml
sceptre list resources s3-bucket-config.yaml
sceptre list stacks s3-bucket-config.yaml
13.) new
sceptre new --help
Usage: sceptre new [OPTIONS] COMMAND [ARGS]...
Commands for initialising Sceptre projects.
Options:
--help Show this message and exit.
Commands:
group Creates a new Stack Group directory in a project.
project Creates a new project.
sceptre new command has been comprehensively explained with an example in a previous article within the section titled “Setting Up the Directory Structure for a New Sceptre Project.”
14.). prune
sceptre prune --help
Usage: sceptre prune [OPTIONS] [PATH]
This command deletes all obsolete stacks in the project. Only obsolete
stacks can be deleted via prune; If any non-obsolete stacks depend on
obsolete stacks, an error will be raised and this command will fail.
Options:
-y, --yes Assume yes to all questions.
--help Show this message and exit.
sceptre prune s3-bucket-config.yaml
How to make a stack “obselete” ? By setting the obsolete parameter to True, you are indicating that this stack is no longer actively managed and is considered obsolete. This helps communicate the status of the stack to the team, making it clear that this stack is not intended for further updates or maintenance.
template:
path: s3-bucket-template.yaml
type: file
stack_name: my-s3-bucket-stack
obsolete: True
parameters:
bucketname: first-secptre-bucket-20230730
deletionpolicy: Delete
What will be the outcome if you execute the prune command at this moment? The stack will be deleted as it is marked as “obselete”
15.) set-policy
sceptre set-policy --help
Usage: sceptre set-policy [OPTIONS] PATH [POLICY_FILE]
Sets a specific Stack policy for either a file or using a built-in policy.
Options:
-b, --built-in [deny-all|allow-all]
Specify a built in stack policy.
--help Show this message and exit.Specifies the resources you wish to safeguard against accidental modifications during a stack update
sceptre set-policy -b allow-all s3-bucket-config.yaml
The purpose of using this command is to establish a standardized policy that governs what types of changes can be made to the stack resources. The “allow-all” policy, as implied by its name, allows all possible updates to the stack. This can be useful in scenarios where you want to enable unrestricted updates to the stack resources.
Let’s run the describe policy command and see the output now;
Let’s define a custom stack policy in JSON format that you can use to deny updates to all resources within a CloudFormation stack:
config/policies/deny-policy.json
{
"Statement" : [
{
"Effect" : "Deny",
"Action" : "Update:*",
"Principal": "*",
"Resource" : "*"
}
]
}
sceptre set-policy s3-bucket-config.yaml config/policies/deny-policy.json
Let’s evaluate the impact of the “deny” stack policy on the stack by trying to perform a stack update.
As anticipated, the update operation failed due to the stack policy that prohibits any updates on all resources.
Remember that creating and applying policies should be done carefully, as they significantly impact the actions that can be performed on your stack resources. Always test policies in a controlled environment before applying them to production stacks
16.) update
sceptre update --help
Usage: sceptre update [OPTIONS] PATH
Updates a stack for a given config PATH. Or perform an update via change-set
when the change-set flag is set.
Options:
-c, --change-set Create a change set before updating.
-v, --verbose Display verbose output.
-y, --yes Assume yes to all questions.
--disable-rollback / --enable-rollback
Disable or enable the cloudformation
automatic rollback
--help Show this message and exit.
sceptre update s3-bucket-config.yaml
Updating stack with a changeset
sceptre update --change-set s3-bucket-config.yaml
It’s worth observing that while “Update Change Set” and “Create Change Set” might appear similar, they actually serve distinct purposes. Despite their eventual outcomes being similar, these two operations are applied in different scenarios. “Create Change Set” is typically used when making significant changes to an existing stack, while “Update Change Set” is used for incremental changes to an existing stack. Both operations provide a safety net by allowing you to review changes before they are applied, reducing the risk of unintended consequences.
17.) validate
sceptre validate --help
Usage: sceptre validate [OPTIONS] PATH
Validates the template used for stack in PATH.
Options:
-n, --no-placeholders If True, no placeholder values will be supplied for
resolvers that cannot be resolved.
--help Show this message and exit.
sceptre validate s3-bucket-config.yaml
Conclusion
As we explored various Sceptre commands, we learned how they help create, update, and manage cloud infrastructure effortlessly. With its command-line toolkit, Sceptre becomes a dependable companion for modern cloud enthusiasts, making cloud deployment efficient and automated.
Whether you’re experienced in cloud engineering or new to Infrastructure as Code, learning Sceptre commands will surely boost your cloud management skills and speed up your path to cloud expertise. Embrace Sceptre’s capabilities and enter a new phase of managing cloud infrastructure.
By understanding and utilizing these Sceptre commands, you’ll be well-equipped to optimize your cloud infrastructure and ensure the scalability, reliability, and security of your applications.
(Note: This article offers a broad look at Sceptre commands and what they can do. For more detailed and up-to-date information, readers are advised to consult the official Sceptre documentation and additional resources.)
Top comments (0)