I have an AWS CloudFormation template that creates an OpsWorks stack and deploys an application. To deploy the application, I am using a Lambda function and a custom resource which utilizes that function. My problem is: that Lambda function will only be executed one time during the creation of the stack, and then it will never be used again. Is there any way to delete the Lambda function by AWS CloudFormation at the end of the execution of the stack?
1
votes
It will also be called again if you delete the stack, or update the custom resource, so deleting it is probably not ideal. You might consider creating the lambda in a separate stack, and export its ARN and use that, instead of inlining the custom resource; then at least you wont have an extra function for each stack you create that uses the custom resource.
– Paulo Schreiner
Understood. but for our usecase, we have already a lot of lambda functions and having more usless ones is not preferable. the lambda will be created again any way if we create another stack so we don't really need to have it after that it has done its job
– Souad
You could delete the function from inside the function itself, immediately after it runs. But you're really setting yourself up for trouble. When you delete your stack CF will try to call the lambda, if you update it it might also get called, depending on parameters. CustomResources are not supposed to be throwaway scripts. Another option would be to wrap the call to cloudformation a script, and have that call the deploy. Good luck!
– Paulo Schreiner
Do you have the aws documentation that says that while deleting a cloudformation stack, the lambda function are being called again?
– Souad
docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/… - first line: "Custom resource provider requests with RequestType set to "Delete" are sent when the template developer deletes a stack that contains a custom resource. To successfully delete a stack with a custom resource, the custom resource provider must respond successfully to a delete request."
– Paulo Schreiner
3 Answers
2
votes
1
votes
that Lambda function will only be executed one time during the creation of the stack, and then it will never be used again.
^^That's not the case. The backing Lambda function for a Lambda-backed custom resource will be invoked everytime the corresponding resource is touched (i.e. created, updated or deleted). AWS CloudFormation will pass RequestType parameter to that function everytime it sees that the resource is being touched, and pass it one of these values: Create, Update, Delete. Your Lambda function should perform the necessary action taking that param into account. Based on your question it appears that your Lambda function only caters to RequestType = Create?
Also, as per AWS docs, you won't be charged for creating a Lambda function, but only if you actually invoke it. So cost can't be deterring factor for keeping the function around. On the contrary, if your concern is that you don't want extra clutter, you can try creating a common CloudFormation stack who's job will be to create shared resources, and you can then define that Lambda function over there? I'll have to know about your entire workflow to say for sure if that approach will work or not.
For what it's worth, I'd recommend not deleting the backing function of the Lambda-backed custom resource because it'll be a pain when someone touches the corresponding resource in the future, or wants to create another instance of the same resource type.
0
votes
Some of your assumptions regarding custom resources are not true. In a Lambda backed custom resource, you implement your logic to support creation, update and deletion of the resource. These indications are sent from CloudFormation via the event and give you information about the stack process.
It’s important to understand the custom resource life cycle, to prevent your data from being deleted.
Create - that’s easy, when a resource is being created an event with request type Create is sent to your function.
Delete - this one is more tricky. When a resource is being deleted a Delete request type is sent. But there are more scenarios other than resource Delete. We will have to explain Update first.
Update - gets called if any of your custom resource properties were changed. For example, in our app we can modify the allowed callback urls, which will trigger the function with an Update request type
I welcome you to read more about best practices in creating custom resources in this blog post
