Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[aws-ec2] Accidental Log Group creation when creating a VPC #33025

Open
1 task
155martinmoreno opened this issue Jan 20, 2025 · 1 comment
Open
1 task

[aws-ec2] Accidental Log Group creation when creating a VPC #33025

155martinmoreno opened this issue Jan 20, 2025 · 1 comment
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Comments

@155martinmoreno
Copy link

Describe the bug

When adding a VPC with:
const vpc = new ec2.Vpc(this, 'SomeVpc');

a Lambda function is created with the description:
Lambda function for removing all inbound/outbound rules from the VPC default security group
and immediately deleted after the deployment is finished.

The main problem this generates is that as a consequence of the Lambda, a Log Group is also created, with retention set to never expire.
When the stack is deleted, the Log Group remains.

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

A way to configure log retention.

Current Behavior

When the stack is deleted, the Log Group remains.

Reproduction Steps

const vpc = new ec2.Vpc(this, 'SomeVpc');

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.156.0 (build 2966832)

Framework Version

No response

Node.js Version

v22.9.0

OS

OSX

Language

TypeScript

Language Version

No response

Other information

No response
@155martinmoreno 155martinmoreno added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jan 20, 2025
@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Jan 20, 2025
@pahud pahud self-assigned this Jan 21, 2025
@pahud
Copy link
Contributor

pahud commented Jan 21, 2025
edited
Loading

Hi,

This lambda function is a the custom resource provider. Just like other general lambda functions, it would create a default log group when publishing its initial log stream. The log group/stream won't be removed when the lambda func is destroyed. I understand your request, when destroy the stack, the log group of the custom resource provider should be cleaned up as well.

We can make it a feature request and I am requesting the team for a quick ack here.

   Type: AWS::Lambda::Function
    Properties:
      Code:
        S3Bucket: cdk-hnb659fds-assets-ACCOUNT_ID-us-east-1
        S3Key: 7fa1e366ee8a9ded01fc355f704cff92bfd179574e6f9cfee800a3541df1b200.zip
      Timeout: 900
      MemorySize: 128
      Handler: __entrypoint__.handler
      Role:
        Fn::GetAtt:
          - CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0
          - Arn
      Runtime: nodejs20.x
      Description: Lambda function for removing all inbound/outbound rules from the VPC default security group
    DependsOn:
      - CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0
      -

@pahud pahud added p2 feature-request A feature should be added or improved. and removed needs-triage This issue or PR still needs to be triaged. labels Jan 21, 2025
@pahud pahud removed their assignment Jan 21, 2025
@pahud pahud added the effort/medium Medium work item – several days of effort label Jan 21, 2025
This was referenced Jan 27, 2025
Open
Open
@samson-keung samson-keung removed their assignment Jan 29, 2025
@github-actions github-actions bot mentioned this issue Feb 1, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pahud @155martinmoreno @samson-keung