aws-cdk icon indicating copy to clipboard operation
aws-cdk copied to clipboard

Published 20 hours ago verified publisher icon aws

custom-resources: aws-custom-resource to fail based on AWS SDK call response payload

Open eputtone opened this issue 2 years ago • 2 comments

Describe the feature

Enable configuring aws-custom-resource provider to fail based on the AWS SDK response payload.

Use Case

Currently aws-custom-resource provider will fail, if the AWS SDK call fails technically (e.g. the called resource does not exist). But there is no way to fail the provider, if the called resource returned an error in the AWS SDK call response payload.

For instance, we have a lambda as custom resource that applies DB changes during the deployment, and we need the deployment to stop/fail if the DB changes fail. But from aws-custom-resource provider point of view, the AWS SDK call is considered a success, although the response payload contains FunctionError field.

Proposed Solution

Add property to AwsCustomResourceProps, and pass it to custom resource provider function the same way as AWS SDK call properties.

/**
 * The AWS SDK call response payload key that will make the custom resource
 * fail, if the value is set
 * 
 * @default - error keys in the AWS SDK call response payload are ignored
 */
readonly responseFailureKey?: string;

In the end of aws-custom-resource provider function, make it fail if the response contains the defined key.

export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent, context: AWSLambda.Context) {
 ...
  const responseFailureKey = event.ResourceProperties.ResponseFailureKey
  if (responseFailureKey && data[responseFailureKey]) {
    await respond('FAILED', responseFailureKey, physicalResourceId, data)
  } else {
    await respond('SUCCESS', 'OK', physicalResourceId, data)
  }
} catch (e) {
  console.log(e);
  await respond('FAILED', e.message || 'Internal Error', context.logStreamName, {});
}

We've used this solution successfully multiple times, though instead of the responseFailureKey we've just hard-coded FunctionError as the expected failure indicator key in the provider implementation, but the key is generally dependent on the called resource type.

Other Information

No response

Acknowledgements

  • [X] I may be able to implement this feature request
  • [ ] This feature might incur a breaking change

CDK version used

2.22.0

Environment details (OS name and version, etc.)

Linux

eputtone avatar Jun 10 '22 12:06 eputtone

Sounds useful. Would accept a PR to this effect.

rix0rrr avatar Jul 07 '22 13:07 rix0rrr

@eputtone when you say you've used the solution successfully in the past, did you basically fork your own custom source provider?

jcchen2 avatar Aug 08 '22 21:08 jcchen2