aws_s3_notifications : CDK destroy deletes existing S3 event notifications #29004
Description
Describe the bug
cdk destroy removes all event notifications configured on an existing S3 bucket instead of only CDK managed event notifications. This occurs whenever a stack that creates an event notification for an existing bucket is deleted or rolled back.
Expected Behavior
cdk destroy or a rollback from a failed stack should only delete S3 event notifications created by the stack
Current Behavior
cdk destroy or a rollback from a failed stack removes all S3 event notifications on the bucket
Reproduction Steps
- Create S3 bucket manually through the console
- Create SNS topic manually through the console
- Add event notification on the S3 bucket to the SNS topic through the console
- Create CDK stack that references an existing bucket and creates a new event notification:
bucket = s3.Bucket.from_bucket_arn(self, id="mybucket", bucket_arn="arn:aws:s3:::mybucket")
topic = sns.Topic(self, id="mytopic")
bucket.add_event_notification(s3.EventType.OBJECT_CREATED, s3_notifications.SnsDestination(topic), s3.NotificationKeyFilter(suffix=".1"))
cdk deploythe stackcdk destroythe stack- Observe that all event notifications are now removed from the bucket, including the manually created event notification from step 3.
Possible Solution
The BucketNotificationHandler Lambda function described in #2004 appears to include handling for unmanaged event notifications. Modifying this function to support this scenario should resolve the issue.
Additional Information/Context
No response
CDK CLI Version
2.126.0 (build fb74c41)
Framework Version
No response
Node.js Version
v20.11.0
OS
macOS Ventura 13.6.4
Language
Python
Language Version
Python (3.9.7)
Other information
No response