Delete the backing Lambda function for a Lambda-backed custom resource

Question

I have an AWS CloudFormation template that creates an OpsWorks stack and deploys an application. To deploy the application, I am using a Lambda function and a custom resource which utilizes that function. My problem is: that Lambda function will only be executed one time during the creation of the stack, and then it will never be used again. Is there any way to delete the Lambda function by AWS CloudFormation at the end of the execution of the stack?

Answer 1

Some of your assumptions regarding custom resources are not true. In a Lambda backed custom resource, you implement your logic to support creation, update and deletion of the resource. These indications are sent from CloudFormation via the event and give you information about the stack process.

It’s important to understand the custom resource life cycle, to prevent your data from being deleted.

Create - that’s easy, when a resource is being created an event with request type Create is sent to your function.

Delete - this one is more tricky. When a resource is being deleted a Delete request type is sent. But there are more scenarios other than resource Delete. We will have to explain Update first.

Update - gets called if any of your custom resource properties were changed. For example, in our app we can modify the allowed callback urls, which will trigger the function with an Update request type

I welcome you to read more about best practices in creating custom resources in this blog post

Answer 2

First, I should say Aditya is right, you shouldn't delete the backing Lambda as it's used throughout the lifecycle.

However, if you really really want to do it, one way is to simply have the function delete itself (and related resources, eg, role) after running.

Answer 3

that Lambda function will only be executed one time during the creation of the stack, and then it will never be used again.

^^That's not the case. The backing Lambda function for a Lambda-backed custom resource will be invoked everytime the corresponding resource is touched (i.e. created, updated or deleted). AWS CloudFormation will pass RequestType parameter to that function everytime it sees that the resource is being touched, and pass it one of these values: Create, Update, Delete. Your Lambda function should perform the necessary action taking that param into account. Based on your question it appears that your Lambda function only caters to RequestType = Create?

Also, as per AWS docs, you won't be charged for creating a Lambda function, but only if you actually invoke it. So cost can't be deterring factor for keeping the function around. On the contrary, if your concern is that you don't want extra clutter, you can try creating a common CloudFormation stack who's job will be to create shared resources, and you can then define that Lambda function over there? I'll have to know about your entire workflow to say for sure if that approach will work or not.

For what it's worth, I'd recommend not deleting the backing function of the Lambda-backed custom resource because it'll be a pain when someone touches the corresponding resource in the future, or wants to create another instance of the same resource type.