aws-cdk-lib/aws-certificatemanager : dns validation custom resource lambda runtime error

[awsshivs]

Describe the bug

When creating a new dns validated certificate, there is a custom resource lambda created. This lambda errors out with "aws sdk module not found".
This might be happening because the code running on the lambda is using javascript sdk v2, but since the lambda is using the node js 20 runtime, the code needs to be updated to use the javascript sdk v3.

Expected Behavior

I expected this cdk generated lambda to complete the dns validation.

Current Behavior

2024-02-26T20:38:49.671Z undefined ERROR Uncaught Exception {
"errorType": "Runtime.ImportModuleError",
"errorMessage": "Error: Cannot find module 'aws-sdk'\nRequire stack:\n- /var/task/index.js\n- /var/runtime/index.mjs",
"stack": [
"Runtime.ImportModuleError: Error: Cannot find module 'aws-sdk'",
"Require stack:",
"- /var/task/index.js",
"- /var/runtime/index.mjs",
" at _loadUserApp (file:///var/runtime/index.mjs:1087:17)",
" at async UserFunction.js.module.exports.load (file:///var/runtime/index.mjs:1119:21)",
" at async start (file:///var/runtime/index.mjs:1282:23)",
" at async file:///var/runtime/index.mjs:1288:1"
]
}

Reproduction Steps

Here is a code snippit im using to create the certificate :

import * as acm from "aws-cdk-lib/aws-certificatemanager";

    const appCertificate = new acm.Certificate(this, "appCertificate", {
      domainName: this.appDomain,
      validation: acm.CertificateValidation.fromDns(this.appHostedZone) 
    });

Possible Solution

Upgrading the code on this custom resource lambda to use the aws javascript sdk v3. This code is found under aws-certificatemanager/lambda-packages/dns_validated_certificate_hanlder/lib/index.js.

Additional Information/Context

No response

CDK CLI Version

2.130.0

Framework Version

No response

Node.js Version

v18.2.0

OS

Mac Sonoma 14.2.1

Language

TypeScript

Language Version

No response

Other information

No response

[pahud]

I am trying to reproduce your issue with

    const myHostedZone = new route53.HostedZone(this, 'HostedZone', {
      zoneName: 'example.com',
    });
    new acm.Certificate(this, 'Certificate', {
      domainName: 'hello.example.com',
      certificateName: 'Hello World Service', // Optionally provide an certificate name
      validation: acm.CertificateValidation.fromDns(route53.PublicHostedZone.fromHostedZoneId(this, 'Zone', myHostedZone.hostedZoneId)),
    });

But I didn't see any custom resource is being created. I do see HostedZone and Certificate will be created.

[+] AWS::Route53::HostedZone HostedZone HostedZoneDB99F866
[+] AWS::CertificateManager::Certificate Certificate Certificate4E7ABB08

Can you share more details about your code to help us reproduce?

[awsshivs]

My deepest apologies, with a clear set of eyes this morning it looks like i accidentally deployed an old stack with the deprecated version of the method that does create those lambdas. i'll close the issue.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.