fix(s3-deployment): prevent log group deletion before Lambda execution #35643
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When a custom log group is passed to BucketDeployment, the log group was not reliably deleted during stack deletion. This occurred because there was no explicit dependency between the Lambda function and the log group. During stack deletion, CloudFormation could delete the log group before the Lambda function completed execution. When the Lambda tried to write logs after the log group was deleted, AWS Lambda automatically recreated the log group, causing it to remain even after stack deletion. This change adds an explicit dependency to ensure the Lambda function is deleted before the log group, preventing the automatic recreation. Fixes aws#35632
github-actions
bot
added
bug
aws-cdk-automation
previously requested changes
Oct 1, 2025
Add test to ensure that when a custom log group is provided to BucketDeployment, the Lambda function handler has an explicit dependency on the log group. This prevents the log group from being deleted before the Lambda during stack deletion.
…ependency Update the integration test snapshot to reflect the new dependency between the Lambda function and the custom log group.
Extract log group to a variable to demonstrate the dependency relationship between the log group and BucketDeployment.
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
|
Updated PR to pass CI linter tests. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Rationale
When a custom
logGroupis provided toBucketDeployment, CloudFormation may delete the log group before the Lambda function finishes executing during stack deletion. This causes AWS Lambda to automatically recreate the log group when it attempts to write logs, resulting in orphaned log groups that appear deleted in CloudFormation but still exist in AWS.Changes
handler.node.addDependency(props.logGroup)when a custom log group is providedFixes #35632