Open claabs opened 4 years ago
Thanks for reporting this @charlocharlie and providing a potential solution.
what is the equivalent cloudformation template change to get around this? I have been banging my head against wall for this :(
Is there any update on this issue? I tried the CDK fix with the fixVpcDeletion defined above, but still get the dependent error on the SG as described above
Another useful tidbit, add the following at the top of the function, if you are applying this en masse to your functions:
// Only VPC-associated Lambda Functions have security groups to manage.
if (!handler.isBoundToVpc) {
return
}
Deleting a Cloudformation stack containing a VPC Lambda will fail with a dependency error on each Lambda's security group.
This is similar to this issue: https://aws.amazon.com/blogs/compute/update-issue-affecting-hashicorp-terraform-resource-deletions-after-the-vpc-improvements-to-aws-lambda/
Reproduction Steps
Error Log
resource sg-<id> has a dependent object (Service: AmazonEC2; Status Code: 400; Error Code: DependencyViolation; ...)
Environment
Other
I was able to solve this using the recommended solution in the AWS blog post. The fix for CDK was tricky, so here's my solution:
Edit: updated the function since
instanceof
didn't always seem to work.This is :bug: Bug Report