During the migration to CloudFormation we needed to add resources on the host account in order to setup VPC peering. Those resources were added as CloudFormation stacks, there's more than one because some components are required before the guest stack is created (cross-account access role) and others can only be created once the guest stack is in place (VPC routes).

Currently, the cloudformation operatorkit resource only takes into account the guest stack in order to determine if something needs to be created/updated/deleted, but it creates the host stacks too. So the question is, do we need to include the host stack in the resource state management?

Given that the cross-account access role and the VPC routes created on the host account are not meant to be modified on guest stack changes, maybe we could keep them out of the resource state management.

Thoughts?

For the host stacks I think we only need to do something if they need to be updated. So the pre-stack with the role is fine.

For the route tables I think there is an update case. The host cluster routes tables are in the custom object and we might add more or change the names. This isn't likely to happen soon so I think its fine to have an issue and come back to it later.

I think this will be covered in https://github.com/giantswarm/giantswarm/issues/3783.
Can be closed?