fix(globalaccelerator): changing installLatestAwsSdk breaks Security Group reference

[jingwy]

Issue # (if applicable)

Closes #23796

Reason for this change

In #23591 installLatestAwsSdk. This results in a resource update for custom resources. The custom resource that fetches the security groups does not have an onUpdate handler (https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-globalaccelerator/lib/_accelerator-security-group.ts#L32).

When the empty object is returned, this results in an update failure in
CloudFormation because the specific property isn't available and so it will fail with error below:

CustomResource attribute error: Vendor response doesn't contain SecurityGroups.0.GroupId key in object

When the update occurs, the response object does not have a SecurityGroups.0.GroupId field, resulting in failures when SecurityGroups is referenced.

Description of changes

Update the onCreate to onUpdate for custom resources to mitigate the CloudFormation update failure. Documentations: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.custom_resources.AwsCustomResource.html#oncreate.
Similar fix for Cognito: #23798

Description of how you validated changes

The integration test is updated with the latest assets.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.

A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.

[jingwy]

The pull request linter fails with the following errors:

❌ The title of this pull request does not follow the Conventional Commits format, see https://www.conventionalcommits.org/.

PRs must pass status checks before we can provide a meaningful review.

If you would like to request an exemption from the status checks or clarification on feedback, please leave a comment on this PR containing Exemption Request and/or Clarification Request.

Hi, this is already fixed, and I saw the check was passed under action, not sure why it is not updated in the pr.

[jingwy]

AWS CodeBuild CI Report

* CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv

* Commit ID: [508a6f6](https://github.com/aws/aws-cdk/commit/508a6f6e61f261707b6aa959fbe74afcbee0a1b5)

* Result: FAILED

* [Build Logs](https://2cl995f30a.execute-api.us-east-1.amazonaws.com/Prod/buildlogs?key=0978f4af-15ef-4258-96cb-71cb2c04f133%2Fbuild.log) (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

Hi, I have run the integ test locally and it passed with the udpated snapshot, not sure why the build was failing here due to integ test failure.

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

[paulhcsun]

Hi @jingwy, thank you for the fix.

I'm good with the code change because it appears to be the correct fix as per #23798 but just need a couple additional things before I'd like to merge this in.

1. Could you add a new integration test which tests the specific case that was failing for you?

2. Could you update the title of the PR to reflect the bug that you're fixing rather than the change that you're making?

Pull request has been modified.

[paulhcsun]

Nice work @jingwy!

Approving as the new onUpdate behaviour is being covered already within the integ.globalaccelerator.ts.

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: e98047d
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.