Skip to content

fix(s3-deployment): prevent log group deletion before Lambda execution #35643

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

fix(s3-deployment): prevent log group deletion before Lambda execution #35643

wants to merge 4 commits into from
+41 −5

Conversation

@cnaples79
Copy link

@cnaples79 cnaples79 commented Oct 1, 2025

Summary

  • Adds explicit dependency between Lambda handler and custom log group in BucketDeployment
  • Prevents log group from being deleted before Lambda completes during stack deletion
  • Resolves issue where deleted log groups were automatically recreated by Lambda

Rationale

When a custom logGroup is provided to BucketDeployment, CloudFormation may delete the log group before the Lambda function finishes executing during stack deletion. This causes AWS Lambda to automatically recreate the log group when it attempts to write logs, resulting in orphaned log groups that appear deleted in CloudFormation but still exist in AWS.

Changes

  • Added handler.node.addDependency(props.logGroup) when a custom log group is provided
  • Ensures the Lambda function is deleted before the log group during stack deletion
  • Follows the same pattern used for VPC dependencies in the construct

Fixes #35632

@cnaples79
fix(s3-deployment): prevent log group deletion before Lambda execution
619f6f7 
When a custom log group is passed to BucketDeployment, the log group
was not reliably deleted during stack deletion. This occurred because
there was no explicit dependency between the Lambda function and the
log group.

During stack deletion, CloudFormation could delete the log group before
the Lambda function completed execution. When the Lambda tried to write
logs after the log group was deleted, AWS Lambda automatically recreated
the log group, causing it to remain even after stack deletion.

This change adds an explicit dependency to ensure the Lambda function
is deleted before the log group, preventing the automatic recreation.

Fixes aws#35632
@github-actions github-actions bot added bug This issue is a bug. effort/small Small work item – less than a day of effort p2 beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK labels Oct 1, 2025
@aws-cdk-automation aws-cdk-automation requested a review from a team October 1, 2025 04:28
aws-cdk-automation
aws-cdk-automation previously requested changes Oct 1, 2025
View reviewed changes
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(This review is outdated)

@cnaples79
test(s3-deployment): verify Lambda has dependency on custom log group
9648d53 
Add test to ensure that when a custom log group is provided to
BucketDeployment, the Lambda function handler has an explicit
dependency on the log group. This prevents the log group from
being deleted before the Lambda during stack deletion.
@cnaples79
test(s3-deployment): update integration test snapshot for log group d…
009c24f 
…ependency

Update the integration test snapshot to reflect the new dependency
between the Lambda function and the custom log group.
@cnaples79
test(s3-deployment): update integration test for log group dependency
7f59efb 
Extract log group to a variable to demonstrate the dependency
relationship between the log group and BucketDeployment.
@aws-cdk-automation aws-cdk-automation dismissed their stale review October 1, 2025 05:01

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

@cnaples79
Copy link
Author

cnaples79 commented Oct 1, 2025

Updated PR to pass CI linter tests.

@github-actions github-actions bot mentioned this pull request Nov 1, 2025
Open
@aws-cdk-automation
Copy link
Collaborator

aws-cdk-automation commented Nov 6, 2025

This PR has been in the MERGE CONFLICTS state for 3 weeks, and looks abandoned. Note that PRs with failing linting check or builds are not reviewed, please ensure your build is passing

To prevent automatic closure:

  • Resume work on the PR
  • OR request an exemption by adding a comment containing 'Exemption Request' with justification e.x "Exemption Request: "
  • OR request clarification by adding a comment containing 'Clarification Request' with a question e.x "Clarification Request: "

This PR will automatically close in 14 days if no action is taken.

This was referenced Nov 11, 2025
Closed
Open
@pahud
Copy link
Contributor

pahud commented Nov 11, 2025

Hi,

This PR has conflicts that need to be resolved before it can be reviewed.

@aws-cdk-automation
Copy link
Collaborator

aws-cdk-automation commented Nov 12, 2025

This PR has been in the MERGE CONFLICTS state for 3 weeks, and looks abandoned. Note that PRs with failing linting check or builds are not reviewed, please ensure your build is passing

To prevent automatic closure:

  • Resume work on the PR
  • OR request an exemption by adding a comment containing 'Exemption Request' with justification e.x "Exemption Request: "
  • OR request clarification by adding a comment containing 'Clarification Request' with a question e.x "Clarification Request: "

This PR will automatically close in 14 days if no action is taken.

@aws-cdk-automation
Copy link
Collaborator

aws-cdk-automation commented Nov 27, 2025

This PR has been deemed to be abandoned, and will be automatically closed. Please create a new PR for these changes if you think this decision has been made in error.

@aws-cdk-automation aws-cdk-automation added the closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. label Nov 27, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Nov 27, 2025

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 27, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@aws-cdk-automation aws-cdk-automation aws-cdk-automation left review comments

Assignees

No one assigned

Labels

beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/small Small work item – less than a day of effort p2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

aws-s3-deployment: custom logGroup of BucketDeployment is prevented from deletion

3 participants

@cnaples79 @aws-cdk-automation @pahud