peterwoodworth
commented
2 years ago Could you provide reproduction code please @ynyany? You're using our L2 Canary construct or a CfnCanary?
Closed ynyany closed 2 years ago
peterwoodworth
commented
2 years ago Could you provide reproduction code please @ynyany? You're using our L2 Canary construct or a CfnCanary?
ynyany
commented
2 years ago I am using L1 canary, but looked into L2 canary, it should be the same.
gitst of the canary code
const allowLambdaSg = new cdk.aws_ec2.SecurityGroup(this, "SecurityGroup", {
vpc: vpc,
description: "Security group allowing lambda SG to access OPA ",
allowAllOutbound: true,
});
const vpcConfig = {
vpcId: vpc.vpcId,
subnetIds: vpc.privateSubnets.map((subnet) => subnet.subnetId),
securityGroupIds: [allowLambdaSg.securityGroupId],
};
new synthetics.CfnCanary(this, "Canary", {
artifactS3Location: artifactsBucket.bucket.s3UrlForObject(prefix),
executionRoleArn: this.canaryRole.roleArn,
runtimeVersion: props.runtime.name,
name: props.canaryName,
schedule: {
expression: scheduleExpressString,
},
startCanaryAfterCreation: props.startAfterCreation ?? true,
code: this.createCode(props.test),
runConfig: {
activeTracing: true,
timeoutInSeconds: props.timeoutInSeconds ?? 15,
environmentVariables: props.environmentVariables,
},
vpcConfig,
});where VPC is just a new vpc created by
const subnets = [
{
cidrMask: 24,
name: "PrivateSubnetA",
subnetType: cdk.aws_ec2.SubnetType.PRIVATE_ISOLATED,
},
{
cidrMask: 24,
name: "PublicSubnetA",
subnetType: cdk.aws_ec2.SubnetType.PUBLIC,
},
];
const vpc = new cdk.aws_ec2.Vpc(this, "object-extension-Vpc", {
gatewayEndpoints: {
S3: { service: cdk.aws_ec2.GatewayVpcEndpointAwsService.S3 },
},
maxAzs: 2,
natGatewayProvider: cdk.aws_ec2.NatProvider.gateway(),
natGateways: 2,
subnetConfiguration: subnets,
});nothing special, the CFN provided did not delete the lambda associated with the lambda, therefore the ENI. because of those behavious the whole stack can not be deleted.
ynyany
commented
2 years ago Furthermore, there's an AWS blog to similar issue (outside vpc) https://aws.amazon.com/blogs/mt/delete-amazon-cloudwatch-synthetics-dependent-resources-when-you-delete-a-cloudformation-stack/ this is blocking customer from properly delete our aws solution.
kaizencc
commented
2 years ago Hi @ynyany, this is not a CDK bug. The behavior you describe is how Canaries work -- when you delete the canary, you must manually delete the underlying resources on your own. There is an issue we're tracking for supporting this as a feature request: https://github.com/aws/aws-cdk/issues/18448 but we're not likely to take that up soon.
If you need an automated way to delete resources that come with your canary, my only suggestion is to follow the blog post you've linked and/or +1 the issue I've linked.
github-actions[bot]
commented
2 years ago Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.
Describe the bug
cwyn-xx) and the ENI it createdif I manually remove the lambda and its ENI then the stack can be deleted.
Expected Behavior
Stack delete automatically including the lambda (behind the canary and its ENI created)
Current Behavior
can not delete the lambda (behind the canary and its ENI created) automatically
Reproduction Steps
cwyn-xx) and the ENI it createdPossible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.42.1
Framework Version
No response
Node.js Version
14
OS
macos
Language
Typescript
Language Version
No response
Other information
No response