# Update a network instance in AWS TNB
Update a network instance
After a network instance is instantiated, you might need to update the infrastructure or application. To do so, you update the network package and parameter values for the network instance and deploy the update operation to apply the changes.
## Considerations
+ You can update a network instance that is in the `Instantiated` or `Updated` state.
+ When you update a network instance, the `UpdateSolNetworkService` API uses the new network package and parameter values to update the topology of the network instance.
+ AWS TNB verifies that the number of NSD and VNFD parameters in the network instance does not exceed 200. This limit is enforced to protect from bad actors passing erroneous or huge payloads that affect the service.
## Parameters that you can update
You can update the following parameters when you update an instantiated network instance:
| Parameter | Description | Example: Before | Example: After |
| --- | --- | --- | --- |
| Amazon EKS cluster version | You can update the value for the Amazon EKS cluster control plane `version` parameter to the next minor version. You cannot downgrade the version. | EKSCluster:
type: tosca.nodes.AWS.Compute.EKS
properties:
version: "1.28"
| EKSCluster:
type: tosca.nodes.AWS.Compute.EKS
properties:
version: "1.29"
|
| Amazon EKS worker nodes | You can update the value for the `EKSManagedNode kubernetes_version` parameter to upgrade your node group to a newer Amazon EKS version, or you can update the `ami_id` parameter to upgrade your node group to the latest EKS-optimzed AMI. You can update the AMI ID for `EKSSelfManagedNode`. The Amazon EKS version of the AMI must be the same as or up to 2 versions lower than the Amazon EKS cluster version. For example if the Amazon EKS cluster version is 1.31, then the Amazon EKS AMI version must be 1.31, 1.30, or 1.29. | EKSManagedNodeGroup01:
...
properties:
kubernetes_version: "1.28"
EKSSelfManagedNode01:
compute:
compute:
properties:
ami_id: "ami-123123OLD"
| EKSManagedNodeGroup01:
...
properties:
kubernetes_version: "1.29"
EKSSelfManagedNode01:
compute:
compute:
properties:
ami_id: "ami-123123NEW"
|
| Amazon EKS node groups | You can add or remove node groups as per your compute needs. When deleting existing node groups and adding new ones, ensure that the new node groups have different IDs than the deleted node groups, otherwise the operation will be treated as a node group modification instead of a deletion and addition. Note that for existing node groups, only a limited set of parameters can be updated. Scroll through this table to see which parameters you can update. | Free5GCEKSNode01:
type: tosca.nodes.AWS.Compute.EKSManagedNode
...
scaling:
properties:
desired_size: 1
min_size: 1
max_size: 1
...
Free5GCEKSNode02: # Deleted Nodegroup
type: tosca.nodes.AWS.Compute.EKSManagedNode
...
scaling:
properties:
desired_size: 1
min_size: 1
max_size: 1
...
Free5GCEKSNode03: # Deleted Nodegroup
type: tosca.nodes.AWS.Compute.EKSSelfManagedNode
...
scaling:
properties:
desired_size: 1
min_size: 1
max_size: 1
...
| Free5GCEKSNode01:
type: tosca.nodes.AWS.Compute.EKSManagedNode
...
scaling:
properties:
desired_size: 1
min_size: 1
max_size: 1
...
Free5GCEKSNode04: # New Nodegroup
type: tosca.nodes.AWS.Compute.EKSSelfManagedNode
...
scaling:
properties:
desired_size: 1
min_size: 1
max_size: 1
...
Free5GCEKSNode05: # New Nodegroup
type: tosca.nodes.AWS.Compute.EKSManagedNode
...
scaling:
properties:
desired_size: 1
min_size: 1
max_size: 1
...
|
| Scaling properties | You can update the scaling properties of the `EKSManagedNode` and `EKSSelfManagedNode` TOSCA nodes. | EKSNodeGroup01:
...
scaling:
properties:
desired_size: 1
min_size: 1
max_size: 1
| EKSNodeGroup01:
...
scaling:
properties:
desired_size: 2
min_size: 0
max_size: 2
|
| Amazon EBS CSI plugin properties | You can enable or disable the Amazon EBS CSI plugin on your Amazon EKS clusters. You can also change the plugin version. | EKSCluster:
capabilities:
...
ebs_csi:
properties:
enabled: false
| EKSCluster:
capabilities:
...
ebs_csi:
properties:
enabled: true
version: "v1.30.0-eksbuild.1"
|
| Root volume size | You can add, remove, or update the root volume size property of the EKSManagedNode and EKSSelfManagedNode TOSCA nodes. | Free5GCEKSNode01:
...
capabilities:
compute:
properties:
root_volume_size: 50
| Free5GCEKSNode01:
...
capabilities:
compute:
properties:
root_volume_size: 100
|
| VNF | You can reference the VNFs in the NSD and deploy them to the cluster created in NSD using VNFDeployment TOSCA node. As part of the update, you will be able to add, update, and delete VNFs to the network. | vnfds:
- descriptor_id: "43c012fa-2616-41a8-a833-0dfd4c5a049e"
namespace: "vnf1"
- descriptor_id: "64222f98-ecd6-4871-bf94-7354b53f3ee5"
namespace: "vnf2" // Deleted VNF
...
SampleVNF1HelmDeploy:
type: tosca.nodes.AWS.Deployment.VNFDeployment
requirements:
cluster: EKSCluster
vnfs:
- vnf1.SampleVNF1
- vnf2.SampleVNF2
| vnfds:
- descriptor_id: "59f77222-79e9-4dc1-be53-5712ad06e31b"
namespace: "vnf1" // Updated VNF
- descriptor_id: "b7e072dc-839d-4fac-916c-561a166da1fc"
namespace: "vnf3" // Added VNFn
....
SampleVNF1HelmDeploy:
type: tosca.nodes.AWS.Deployment.VNFDeployment
requirements:
cluster: EKSCluster
vnfs:
- vnf1.SampleVNF1
- vnf3.SampleVNF3
|
| Hooks | To run life cycle operations before and after you create a network function, add the `pre_create` and `post_create` hooks to the `VNFDeployment` node. In this example, the `PreCreateHook` hook will run before `vnf3.SampleVNF3` is instantiated and the `PostCreateHook` hook will run after `vnf3.SampleVNF3` is instantiated. | vnfds:
- descriptor_id: "43c012fa-2616-41a8-a833-0dfd4c5a049e"
namespace: "vnf1"
- descriptor_id: "64222f98-ecd6-4871-bf94-7354b53f3ee5"
namespace: "vnf2"
...
SampleVNF1HelmDeploy:
type: tosca.nodes.AWS.Deployment.VNFDeployment
requirements:
cluster: EKSCluster
vnfs:
- vnf1.SampleVNF1
- vnf2.SampleVNF2 // Removed during update
| vnfds:
- descriptor_id: "43c012fa-2616-41a8-a833-0dfd4c5a049e"
namespace: "vnf1"
- descriptor_id: "b7e072dc-839d-4fac-916c-561a166da1fc"
namespace: "vnf3"
....
SampleVNF1HelmDeploy:
type: tosca.nodes.AWS.Deployment.VNFDeployment
requirements:
cluster: EKSCluster
vnfs:
- vnf1.SampleVNF1 // No change to this function, as the namespace and uuid remain the same
- vnf3.SampleVNF3 // New VNF as the namespace, vnf3, was not previously present
interfaces:
Hook:
post_create: PostCreateHook
pre_create: PreCreateHook
|
| Hooks | To run life cycle operations before and after you update a network function, you can add the `pre_update` hook and the `post_update` hook to the `VNFDeployment` node. In this example, `PreUpdateHook` will run before `vnf1.SampleVNF1` is updated and `PostUpdateHook` will run after `vnf1.SampleVNF1` is updated to the `vnf` package indicated by the updated `uuid` for the namespace vnf1. | vnfds:
- descriptor_id: "43c012fa-2616-41a8-a833-0dfd4c5a049e"
namespace: "vnf1"
- descriptor_id: "64222f98-ecd6-4871-bf94-7354b53f3ee5"
namespace: "vnf2"
...
SampleVNF1HelmDeploy:
type: tosca.nodes.AWS.Deployment.VNFDeployment
requirements:
cluster: EKSCluster
vnfs:
- vnf1.SampleVNF1
- vnf2.SampleVNF2
| vnfds:
- descriptor_id: "0ebe4e95-bd87-44bd-b8a1-918466606a14"
namespace: "vnf1"
- descriptor_id: "64222f98-ecd6-4871-bf94-7354b53f3ee5"
namespace: "vnf2"
...
SampleVNF1HelmDeploy:
type: tosca.nodes.AWS.Deployment.VNFDeployment
requirements:
cluster: EKSCluster
vnfs:
- vnf1.SampleVNF1 // A VNF update as the uuid changed for namespace "vnf1"
- vnf2.SampleVNF2 // No change to this function as namespace and uuid remain the same
interfaces:
Hook:
pre_update: PreUpdateHook
post_update: PostUpdateHook
|
| Subnets | You can add and delete subnets from the network. Before deleting a subnet, verify that the subnet is not used by any resources in the network. | Free5GCSubnet01: #Deleted Subnet
type: tosca.nodes.AWS.Networking.Subnet
properties:
type: "PUBLIC"
availability_zone: { get_input: subnet_01_az }
cidr_block: { get_input: subnet_01_cidr_block }
requirements:
route_table: Free5GCRouteTable
vpc: Free5GCVPC
| Free5GCSubnet02: #New Subnet
type: tosca.nodes.AWS.Networking.Subnet
properties:
type: "PUBLIC"
availability_zone: { get_input: subnet_02_az }
cidr_block: { get_input: subnet_02_cidr_block }
requirements:
route_table: Free5GCRouteTable
vpc: Free5GCVPC
|
| Security groups | You can add and delete security groups from the network. Before deleting a security group, verify that the security group is not used by any resources in the network. | Free5GCSecurityGroup01: #Deleted Security Group
type: tosca.nodes.AWS.Networking.SecurityGroup
properties:
description: "SecurityGroup for Free5GC cluster"
name: "Free5GCSecurityGroup01"
tags:
- "Name=Free5GCEKSAdditionalSecurityGroup"
requirements:
vpc: Free5GCVPC
Free5GCSecurityGroupEgressRule01: #Deleted Security Group Egress Node
type: tosca.nodes.AWS.Networking.SecurityGroupEgressRule
properties:
ip_protocol: "tcp"
from_port: 8000
to_port: 9000
description: "Egress Rule for free5GC cluster"
cidr_ip : "172.10.10.1/24"
requirements:
security_group: Free5GCSecurityGroup01
Free5GCSecurityGroupIngressRule01: #Deleted Security Group Ingress Node
type: tosca.nodes.AWS.Networking.SecurityGroupIngressRule
properties:
ip_protocol: "tcp"
from_port: 8000
to_port: 9000
description: "Ingress Rule for free5GC cluster"
cidr_ip: "172.10.10.1/24"
requirements:
security_group: Free5GCSecurityGroup01
| Free5GCSecurityGroup02: #New Security Group
type: tosca.nodes.AWS.Networking.SecurityGroup
properties:
description: "SecurityGroup for Free5GC cluster"
name: "Free5GCSecurityGroup02"
tags:
- "Name=Free5GCEKSAdditionalSecurityGroup"
requirements:
vpc: Free5GCVPC
Free5GCSecurityGroupEgressRule02: #New Security Group Egress Node
type: tosca.nodes.AWS.Networking.SecurityGroupEgressRule
properties:
ip_protocol: "tcp"
from_port: 8000
to_port: 9000
description: "Egress Rule for free5GC cluster"
cidr_ip: "172.10.10.1/24"
requirements:
security_group: Free5GCSecurityGroup02
Free5GCSecurityGroupIngressRule02: #New Security Group Ingress Node
type: tosca.nodes.AWS.Networking.SecurityGroupIngressRule
properties:
ip_protocol: "tcp"
from_port: 8000
to_port: 9000
description: "Ingress Rule for free5GC cluster"
cidr_ip: "172.10.10.1/24"
requirements:
security_group: Free5GCSecurityGroup02
|
| Network interfaces | You can add, modify, and delete ENIs from the network. | Free5GCENI01: #Modified ENI
type: tosca.nodes.AWS.Networking.ENI
properties:
device_index: 2
requirements:
subnet: Free5GCENISubnet01
security_groups:
- Free5GCSecurityGroup01
Free5GCENI02: #Modified ENI
type: tosca.nodes.AWS.Networking.ENI
properties:
device_index: 3
source_dest_check: true
requirements:
subnet: Free5GCENISubnet01
Free5GCENI04: #Deleted ENI
type: tosca.nodes.AWS.Networking.ENI
properties:
device_index: 4
source_dest_check: true
requirements:
subnet: Free5GCENISubnet01
| Free5GCENI01: #Modified ENI
type: tosca.nodes.AWS.Networking.ENI
properties:
device_index: 2
requirements:
subnet: Free5GCENISubnet02
security_groups:
- Free5GCSecurityGroup01
Free5GCENI02: #Modified ENI
type: tosca.nodes.AWS.Networking.ENI
properties:
device_index: 3
source_dest_check: true
requirements:
subnet: Free5GCENISubnet01
security_groups:
- Free5GCSecurityGroup01
Free5GCENI03: #New ENI
type: tosca.nodes.AWS.Networking.ENI
properties:
device_index: 3
requirements:
subnet: Free5GCSubnet01
security_groups:
- Free5GCSecurityGroup01
|
## Updating a network instance
------
#### [ Console ]
**To update a network instance using the console**
1. Open the AWS TNB console at [https://console.aws.amazon.com/tnb/](https://console.aws.amazon.com/tnb/).
1. In the navigation pane, choose **Networks**.
1. Select the network instance. You can update a network instance only if its state is `Instantiated` or `Updated`.
1. Choose **Actions** and **Update**.
The **Update instance** page appears with the network details and a list of parameters in the current infrastructure.
1. Choose a new network package.
The parameters in the new network package appear in the **Updated parameters** section.
1. Optionally, update parameter values in the **Updated parameters** section. For the list of parameter values you can update, see [Parameters that you can update](#update-parameters).
1. Choose **Update network**.
AWS TNB validates the request and starts the deployment. The **Deployment status** page appears.
1. Use the **Refresh** icon to track the deployment status of your network instance. You can also enable **Auto refresh** in the **Deployment tasks** section to track the progress of each task.
When the deployment status changes to `Completed`, the network instance is updated.
1.
+ If validation fails, the network instance remains in the same state as it was before you requested the update - either `Instantiated` or `Updated`.
+ If the update fails, the network instance state shows `Update failed`. Choose the link for each failed task to determine the reason.
+ If the update succeeds, the network instance state shows `Updated`.
------
#### [ AWS CLI ]
**Use the CLI to update a network instance**
Use the [update-sol-network-instance](https://docs.aws.amazon.com/cli/latest/reference/tnb/update-sol-network-instance.html) command with the `UPDATE_NS` update type to update a network instance.
```
aws tnb update-sol-network-instance --ns-instance-id ^ni-[a-f0-9]{17}$ --update-type UPDATE_NS --update-ns "{\"nsdInfoId\":\"^np-[a-f0-9]{17}$\", \"additionalParamsForNs\": {\"param1\": \"value1\"}}"
```
------