I have two CDK/Cfn stacks which instantiate application load balancers with SSL certificates. I’m using DNS validation which the CDK manages by creating a Lambda function which requests and validates the certificates.
Unfortunately, those Lambda functions were manually deleted and now when I try to update my CDK resources, CloudFormation attempts to replace these Lambdas but fails because they no longer exist.
I wish that CloudFormation would behave like Terraform and just say "oh that thing I need to replace isn’t there, nbd I needed to replace it anyway, so let’s carry on" but it does not.
Not sure how to get out of this jam. Any help is appreciated.
2
Answers
You have to import them back to CloudFormation. In TF it is same, and you also import resources into TF.
The easiest fix to this drift is redeploying your CDK app with the deleted resource temporarily removed (e.g. commented out). CloudFormation will "delete" the already deleted resource, bringing the template back into sync with the deployed configuration. Then add back the resource to your app and deploy again. Problem solved.
There’s a complication in your case. The missing Lambda function is being constructed indirectly by a higher-level CDK construct. Removing the L2/L3 parent will destroy more resources than just the Lambda. If you want to avoid this collateral damage, you can use escape hatch syntax and the node.tryRemoveChild method to surgically remove the missing Lambda only.