Describe the bug
Hi,
We are using 'aws_certificatemanager' to create a new cloud front certificate.
Deploying works perfectly and the creation of the SSM parameter works a treat using cross-region-ssm-writer-handler custom resource.
Today we had a case where we needed to delete the certificate, but this has left behind the ssm parameter, so when creating it again it has resulted in an error saying the SSM parameter already exist.
CDK printed the following information:
CloudfrontCertificateStack-prod | 2 | 9:09:50 AM | DELETE_FAILED | AWS::CloudFormation::CustomResource | ExportsWritereuwest142AF533A3E3B99E4 Received response status [FAILED] from custom resource. Message returned: Error: Exports cannot be updated:
at throwIfAnyInUse (/var/task/index.js:4:10)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async handler (/var/task/index.js:3:407)
at async Runtime.handler (/var/task/__entrypoint__.js:1:932) (RequestId: e60def4b-3ea0-43e9-ab13-65a192131aee)
From looking at the source I can see that we are expecting a reason for each tag why it failed to delete, but as you can see it is not present and using the CLI to see the tags on the SSM param there is none.
This has resulted in the resource being left behind and the cloudformation to be out of sync.
To resolve this I will be manually deleting the resource, but thought it would be worth highlighting it as an issue.
Expected Behavior
I expected the SSM parameter to be removed.
Current Behavior
The parameter was left behind but the resource was removed from cloud formation.
CDK printed the following information:
CloudfrontCertificateStack-prod | 2 | 9:09:50 AM | DELETE_FAILED | AWS::CloudFormation::CustomResource | ExportsWritereuwest142AF533A3E3B99E4 Received response status [FAILED] from custom resource. Message returned: Error: Exports cannot be updated:
at throwIfAnyInUse (/var/task/index.js:4:10)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async handler (/var/task/index.js:3:407)
at async Runtime.handler (/var/task/__entrypoint__.js:1:932) (RequestId: e60def4b-3ea0-43e9-ab13-65a192131aee)
Reproduction Steps
I do not have clear reproduction steps.
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
aws-cdk-lib==2.94.0
Framework Version
No response
Node.js Version
16.20.2/x64
OS
Ubuntu 22.04.3 LTS
Language
Python
Language Version
Python 3.11.5
Other information
No response
Describe the bug
Hi,
We are using 'aws_certificatemanager' to create a new cloud front certificate.
Deploying works perfectly and the creation of the SSM parameter works a treat using cross-region-ssm-writer-handler custom resource.
Today we had a case where we needed to delete the certificate, but this has left behind the ssm parameter, so when creating it again it has resulted in an error saying the SSM parameter already exist.
CDK printed the following information:
From looking at the source I can see that we are expecting a reason for each tag why it failed to delete, but as you can see it is not present and using the CLI to see the tags on the SSM param there is none.
This has resulted in the resource being left behind and the cloudformation to be out of sync.
To resolve this I will be manually deleting the resource, but thought it would be worth highlighting it as an issue.
Expected Behavior
I expected the SSM parameter to be removed.
Current Behavior
The parameter was left behind but the resource was removed from cloud formation.
CDK printed the following information:
Reproduction Steps
I do not have clear reproduction steps.
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
aws-cdk-lib==2.94.0
Framework Version
No response
Node.js Version
16.20.2/x64
OS
Ubuntu 22.04.3 LTS
Language
Python
Language Version
Python 3.11.5
Other information
No response