s3|ecr: auto-delete-[objects|images] breaks on cloudformation rollback (suspected) #27199
Assignees
Labels
@aws-cdk/aws-ecr
Related to Amazon Elastic Container Registry
@aws-cdk/aws-s3
Related to Amazon S3
@aws-cdk/custom-resources
Related to AWS CDK Custom Resources
bug
This issue is a bug.
effort/small
Small work item – less than a day of effort
p1
Comments
kaizencc
changed the title
kaizencc
added
p1
@aws-cdk/aws-s3
pahud
added
@aws-cdk/custom-resources
|
I can confirm that this is a reproducible issue. Here's the cdk code I used Once the deployment is successful, add some random content to the bucket, then update the code so that the first bucket's The stack is rolled back, but the content is the bucket is now deleted. |
Merged
1 task
GavinZZ
added a commit
that referenced
this issue
Apr 19, 2024
…cloudformation rollback (#29581) ### Issue # (if applicable) Closes #27199 ### Reason for this change Based on the way the custom resource is implemented, it is likely that unexpected behavior happens on Cloudformation rollback, i.e. the custom resource will prematurely delete the objects. Consider the following scenario: ``` UPDATE target resource (replacement, creates a new resource) UPDATE custom resource (old -> new, objects in old bucket are deleted) (...stuff happens...) ERROR, triggers a rollback UPDATE custom resource (new -> old) DELETE target resource (deletes the new resource, remembers the existing one) ``` We will have deleted objects in the bucket that has been rolled back to in this scenario, but the content is now gone. ### Description of changes Instead of deleting it right during update, we send back `PhysicalResourceId` in the event handler which if the id changes, it will let CFN to empty and delete the bucket at the end of the deployment. ### Description of how you validated changes New & updated tests. Also manually tested with deploying a template ``` const bucket = new s3.Bucket(this, 'Bucket', { removalPolicy: cdk.RemovalPolicy.DESTROY, bucketName: <a bucket name that's not used>, autoDeleteObjects: true, }); // Intentionally failure since `mybucket-1` exists const bucket2 = new s3.Bucket(this, 'Bucket2', { removalPolicy: cdk.RemovalPolicy.DESTROY, bucketName: <a bucket name that's not used>, }); bucket2.node.addDependency(bucket); ``` Once the deployment is successful, add some random content to the bucket, then update the code so that the first bucket's bucketName is updated to another valid name. Update the second bucket's bucketName to be an existing bucket name, which will trigger a deployment failure hence roll back. After the change, the content will stay there if a deployment failure happens. The content & bucket will be deleted if deployment is successful. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Based on the way the custom resource is implemented, it is likely that unexpected behavior happens on Cloudformation rollback, i.e. the custom resource will prematurely delete the objects.
Consider the following scenario:
We will have deleted objects in the bucket that has been rolled back to in this scenario.
The correct way to handle this is what was done in synthetics:
aws-cdk/packages/@aws-cdk/custom-resource-handlers/lib/aws-synthetics-alpha/auto-delete-underlying-resources-handler/index.ts
Lines 26 to 36 in 3d6d042
As opposed to
aws-cdk/packages/@aws-cdk/custom-resource-handlers/lib/aws-s3/auto-delete-objects-handler/index.ts
Lines 23 to 35 in 3d6d042
The text was updated successfully, but these errors were encountered: