CloudFormation needs physicalResourceId for custom-resources.AwsSdkCall when used in custom-resources.AwsCustomResource as onDelete property

[JKCT]

It appears that any custom-resources.AwsSdkCall without a physicalResourceId property used as the onDelete property of a custom-resources.AwsCustomResource object will cause a CloudFormation failure on stack deletion.

Currently physicalResourceId is not a required property for AwsSdkCall objects used as onDelete, but it is for onCreate and onUpdate.

AwsSdkCall: https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_custom-resources.AwsSdkCall.html
AwsCustomResource: https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_custom-resources.AwsCustomResource.html

Reproduction Steps

Basic python3 example stack:

from aws_cdk import core, custom_resources

app = core.App()

stack = core.Stack(app, 'CustomResourceStack')
name = 'testParameter'
ssm_set_parameter = custom_resources.AwsSdkCall(
    action='putParameter',
    service='SSM',
    parameters={
        'Name': name,
        'Type': 'SecureString',
        'Value': 'testValue',
        'Overwrite': True,
    },
    physical_resource_id=name
)
ssm_delete_parameter = custom_resources.AwsSdkCall(
    action='deleteParameter',
    service='SSM',
    parameters={
        'Name': name,
    },
)
custom_resources.AwsCustomResource(
    stack, 'SSMParameterCustomResource',
    on_create=ssm_set_parameter,
    on_delete=ssm_delete_parameter,
)

app.synth()

Then run cdk deploy CustomResourceStack and cdk destroy CustomResourceStack
Destroy operation will fail with CloudFormation error.

Adding physical_resource_id=name to the ssm_delete_parameter constructor resolves this issue.

Error Log

When deleting a stack with a AwsCustomResource resource that has an onDelete property that does not specify physicalResourceId the resource will fail to delete fully. To clarify, the onDelete will run and the underlying resource will be deleted but CloudFormation will fail at this step. It appears that without a physicalResourceId it cannot confirm that the resource was removed and fails.

CloudFormation error:
'Invalid PhysicalResourceId'

   2 | 11:41:02 AM | DELETE_FAILED        | Custom::AWS           | SSMParameterCustomResource/Resource/Default (SSMParameterCustomResource8525D78F) Invalid PhysicalResourceId

Screenshot: http://screenshots.mt-cloudtech.com/JK2020-01-14-sz5r2xe5s5.png

Environment

• CLI Version : aws-cli/1.17.0
• Framework Version: aws-cdk@1.20.0
• OS : macOS Mojave version 10.14.6
• Language : Python/3.8.1

Other

IMHO basic recommendation would be to simply update the documentation which currently specifies that physicalResourceId is required for onCreate and onUpdate to also include onDelete:

physicalResourceId?🔹

Type: string (optional, default: no physical resource id)

The physical resource id of the custom resource for this call.

Either physicalResourceId or physicalResourceIdPath must be specified for onCreate or onUpdate calls.

In order to block this issue from occurring it may also be necessary to update the AwsCustomResource object to require physicalResourceId or physicalResourceIdPath for AwsSdkCall objects used for the onDelete property - similar to how it already does with an error for onCreate and onUpdate without physicalResourceId or physicalResourceIdPath.

This would need to be vetted since it's possible AwsSdkCall is used in other parts of the SDK that this could be a breaking change for.

---

This is 🐛 Bug Report

[eladb]

@jogold can you take a look?