-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
s3|ecr: auto-delete-[objects|images] breaks on cloudformation rollback (suspected) #27199
Comments
I can confirm that this is a reproducible issue. Here's the cdk code I used
Once the deployment is successful, add some random content to the bucket, then update the code so that the first bucket's The stack is rolled back, but the content is the bucket is now deleted. |
…cloudformation rollback (#29581) ### Issue # (if applicable) Closes #27199 ### Reason for this change Based on the way the custom resource is implemented, it is likely that unexpected behavior happens on Cloudformation rollback, i.e. the custom resource will prematurely delete the objects. Consider the following scenario: ``` UPDATE target resource (replacement, creates a new resource) UPDATE custom resource (old -> new, objects in old bucket are deleted) (...stuff happens...) ERROR, triggers a rollback UPDATE custom resource (new -> old) DELETE target resource (deletes the new resource, remembers the existing one) ``` We will have deleted objects in the bucket that has been rolled back to in this scenario, but the content is now gone. ### Description of changes Instead of deleting it right during update, we send back `PhysicalResourceId` in the event handler which if the id changes, it will let CFN to empty and delete the bucket at the end of the deployment. ### Description of how you validated changes New & updated tests. Also manually tested with deploying a template ``` const bucket = new s3.Bucket(this, 'Bucket', { removalPolicy: cdk.RemovalPolicy.DESTROY, bucketName: <a bucket name that's not used>, autoDeleteObjects: true, }); // Intentionally failure since `mybucket-1` exists const bucket2 = new s3.Bucket(this, 'Bucket2', { removalPolicy: cdk.RemovalPolicy.DESTROY, bucketName: <a bucket name that's not used>, }); bucket2.node.addDependency(bucket); ``` Once the deployment is successful, add some random content to the bucket, then update the code so that the first bucket's bucketName is updated to another valid name. Update the second bucket's bucketName to be an existing bucket name, which will trigger a deployment failure hence roll back. After the change, the content will stay there if a deployment failure happens. The content & bucket will be deleted if deployment is successful. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
Based on the way the custom resource is implemented, it is likely that unexpected behavior happens on Cloudformation rollback, i.e. the custom resource will prematurely delete the objects.
Consider the following scenario:
We will have deleted objects in the bucket that has been rolled back to in this scenario.
The correct way to handle this is what was done in synthetics:
aws-cdk/packages/@aws-cdk/custom-resource-handlers/lib/aws-synthetics-alpha/auto-delete-underlying-resources-handler/index.ts
Lines 26 to 36 in 3d6d042
As opposed to
aws-cdk/packages/@aws-cdk/custom-resource-handlers/lib/aws-s3/auto-delete-objects-handler/index.ts
Lines 23 to 35 in 3d6d042
The text was updated successfully, but these errors were encountered: