StaticSite's CloudFront Access Logs Bucket Fails to Delete

[bestickley]

When I do gboost create, select minimal template, then deploy, everything works as expected. But when I destroy the stack pnpm destroy:local in infra/ then I get this error:

myminapp-stickb/ui (myminapp-stickb-ui): destroying... [1/1]
11:32:17 AM | DELETE_FAILED        | AWS::S3::Bucket                                 | StaticSiteCloudFro...LogsBucketB96F921B
The bucket you tried to delete is not empty (Service: Amazon S3; Status Code: 409; Error Code: BucketNotEmpty; Request ID: MB8Y91910YGN2BVQ; S3 Extended Request ID: O/QsWv6WqwMPpQEIdMbfKZePKPq8Mmvg2K7xFW3vQpeIFBx2WeISpQmZR4qBfb2ooCJecV/Kv+s=; Proxy: n
ull)


 ❌  myminapp-stickb/ui (myminapp-stickb-ui): destroy failed Error: The stack named myminapp-stickb-ui is in a failed state. You may need to delete it from the AWS console : DELETE_FAILED (The following resource(s) failed to delete: [StaticSiteCloudFrontAccessLogsBucketB96F921B]. ): The bucket you tried to delete is not empty (Service: Amazon S3; Status Code: 409; Error Code: BucketNotEmpty; Request ID: MB8Y91910YGN2BVQ; S3 Extended Request ID: O/QsWv6WqwMPpQEIdMbfKZePKPq8Mmvg2K7xFW3vQpeIFBx2WeISpQmZR4qBfb2ooCJecV/Kv+s=; Proxy: null)
    at destroyStack (/Users/stickb/Code/scratch/minimal/node_modules/.pnpm/aws-cdk@2.72.1/node_modules/aws-cdk/lib/index.js:380:1796)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async CdkToolkit.destroy (/Users/stickb/Code/scratch/minimal/node_modules/.pnpm/aws-cdk@2.72.1/node_modules/aws-cdk/lib/index.js:383:152942)
    at async exec4 (/Users/stickb/Code/scratch/minimal/node_modules/.pnpm/aws-cdk@2.72.1/node_modules/aws-cdk/lib/index.js:438:51799)

The stack named myminapp-stickb-ui is in a failed state. You may need to delete it from the AWS console : DELETE_FAILED (The following resource(s) failed to delete: [StaticSiteCloudFrontAccessLogsBucketB96F921B]. ): The bucket you tried to delete is not empty (Service: Amazon S3; Status Code: 409; Error Code: BucketNotEmpty; Request ID: MB8Y91910YGN2BVQ; S3 Extended Request ID: O/QsWv6WqwMPpQEIdMbfKZePKPq8Mmvg2K7xFW3vQpeIFBx2WeISpQmZR4qBfb2ooCJecV/Kv+s=; Proxy: null)
 ELIFECYCLE  Command failed with exit code 1.

The issue is the StaticSite's CloudFront access logs bucket is not able to be deleted because it's not being emptied. It SHOULD be emptied though because look at the tags of the CloudFormation resource:

{
"StaticSiteCloudFrontAccessLogsBucketB96F921B": {
   "Type": "AWS::S3::Bucket",
   "Properties": {
    "BucketEncryption": {
     "ServerSideEncryptionConfiguration": [
      {
       "ServerSideEncryptionByDefault": {
        "SSEAlgorithm": "AES256"
       }
      }
     ]
    },
    "PublicAccessBlockConfiguration": {
     "BlockPublicAcls": true,
     "BlockPublicPolicy": true,
     "IgnorePublicAcls": true,
     "RestrictPublicBuckets": true
    },
    "Tags": [
     {
      "Key": "appId",
      "Value": "myminapp"
     },
     {
      "Key": "aws-cdk:auto-delete-objects",
      "Value": "true"
     }
    ]
   },
   "UpdateReplacePolicy": "Delete",
   "DeletionPolicy": "Delete",
   "Metadata": {
    "aws:cdk:path": "myminapp-stickb/ui/StaticSite/CloudFrontAccessLogsBucket/Resource",
    "cdk_nag": {
     "rules_to_suppress": [
      {
       "reason": "Server Access Logs Bucket doesn't need a Server Access Logs Bucket",
       "id": "AwsSolutions-S1"
      }
     ]
    }
   }
  },
}

Note the tag, "aws-cdk:auto-delete-objects". The CDK's S3 Bucket construct has a convenience CloudFormation resource that should be deleting the resources inside it but it's not working :/

[bestickley]

This is an important issue because in order to complete #205, we need destroying a stack to not fail.
EASY SOLUTION: would be to not create access logs bucket for cloudfront for Stage.Local, but why does auto-delete-objects work for React assets bucket? Or does it? Maybe this one fails first?