The AWS::EC2::InstanceConnectEndpoint CloudFormation Construct can not successfully be deleted unless it has already completed deployment. In other words, issuing a DELETE of the resource while it is still in the "provisioning" state will fail.
The construct needs to be allowed to progress to a state (e.g. reach CREATE_COMPLETE) where it will accept a DELETE prior to having the DELETE issued to it.
This issue is 100% reproducible, and mostly shows up in rollbacks.
Expected Behavior
Delete of the AWS::EC2::InstanceConnectEndpoint should succeed in the case of needing to delete before provisioning has completed.
Observed Behavior
During rollbacks the AWS::EC2::InstanceConnectEndpoint will often fail to delete because it is still provisioning. If, after failing rollback, I wait until provisioning is complete and then issue destroy for the stack, it will succeed.
Test Cases
Here is some CDK code:
const vpc = new ec2.Vpc(this, 'my-vpc', {
vpcName: 'my-vpc',
availabilityZones: ['us-east-1a', 'us-east-1b'],
natGateways: 0,
ipAddresses: ec2.IpAddresses.cidr('172.31.0.0/16'),
});
const eiceSubnet = vpc.isolatedSubnets[0];
new ec2.CfnInstanceConnectEndpoint(this, 'my-instance-connect-endpoint', {
subnetId: eiceSubnet.subnetId,
securityGroupIds: [instanceConnectSecurityGroup.securityGroupId],
});
// TODO: insert some resource that fails at runtime.
// e.g. Lambda-backed CustomResource which is just `throw new Error()`
Name of the resource
AWS::EC2::InstanceConnectEndpoint
Issue Description
The
AWS::EC2::InstanceConnectEndpoint
CloudFormation Construct can not successfully be deleted unless it has already completed deployment. In other words, issuing a DELETE of the resource while it is still in the "provisioning" state will fail.The construct needs to be allowed to progress to a state (e.g. reach CREATE_COMPLETE) where it will accept a DELETE prior to having the DELETE issued to it.
This issue is 100% reproducible, and mostly shows up in rollbacks.
Expected Behavior
Delete of the
AWS::EC2::InstanceConnectEndpoint
should succeed in the case of needing to delete before provisioning has completed.Observed Behavior
During rollbacks the
AWS::EC2::InstanceConnectEndpoint
will often fail to delete because it is still provisioning. If, after failing rollback, I wait until provisioning is complete and then issuedestroy
for the stack, it will succeed.Test Cases
Here is some CDK code:
Other Details
No response