‼️ s3: toggling off auto_delete_objects for Bucket empties the bucket

[rittneje]

If a stack is deployed with an S3 bucket with auto_delete_objects=True, and then re-deployed with auto_delete_objects=False, all the objects in the bucket will be deleted.

Reproduction Steps

1. Deploy a stack with an S3 bucket created with auto_delete_objects=True.
2. Upload files into the bucket.
3. Deploy the stack again with auto_delete_objects=False.
4. Observe that the bucket is now empty.

What did you expect to happen?

The bucket should not have been emptied.

What actually happened?

Since the custom resource was deleted, the bucket was emptied.

Environment

• CDK CLI Version : 1.118.0
• Framework Version:
• Node.js Version: 14.17.5
• OS : debian bullseye (running inside a container)
• Language (Version): Python 3.9.6

---

This is 🐛 Bug Report

[ryparker]

Hey @rittneje thanks for letting us know about this.

I confirmed that the S3 is emptied when toggling autoDeleteObjects from true to false. Even with removalPolicy set to RemovalPolicy.RETAIN.

Repro code

import { App, Stack, RemovalPolicy } from '@aws-cdk/core';
import { Bucket, BlockPublicAccess } from '@aws-cdk/aws-s3'

const app = new App();
const stack = new Stack(app, 'issue-16603');

const bucket = new Bucket(stack, 'Issue16603TestBucket', {
  bucketName: 'issue-16603-test-bucket',
  blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
  removalPolicy: RemovalPolicy.DESTROY, // change to `.RETAIN` on 2nd deploy
  autoDeleteObjects: true // change to `false` on 2nd deploy
});

Labeling this as p1 which means it has been prioritized as important, although please keep in mind that we do have a large number of issues at the moment. It may be some time before we are able to solve this particular issue. We use +1s to help us prioritize our work, and as always we are happy to take contributions if anyone is interested to pick this up and submit a PR.

[kellertk]

Upgrading to p0 based on the potential to lose data without warning.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

[ryparker]

Fix released in v1.126.0

If you have deployed a bucket with autoDeleteObjects: true, switching this to false in a CDK version before 1.126.0 will lead to all objects in the bucket being deleted. Be sure to deploy your CDK application using version 1.126.0 or later before switching this value to false.

[rittneje]

@ryparker To be clear, I think you have to actually deploy the stack in question with 1.126.0+ at least once before switching the value to false. If the deployment that switches it is also the first to use 1.126.0+, then I believe the older version of the custom resource would still be invoked.

[ryparker]

@ryparker To be clear, I think you have to actually deploy the stack in question with 1.126.0+ at least once before switching the value to false. If the deployment that switches it is also the first to use 1.126.0+, then I believe the older version of the custom resource would still be invoked.

Good clarification. I'll update that in our docs as well.

[pfried]

Thanks for the mailing!

[piotrekwitkowski]

@ryparker what about CDK v2? Do you know what is the min version I can safely redeploy with?

[benm5678]

Can anyone say if we need to update all package references, or if it's enough to just have the latest CDK cli?
We use some of the aws-solution-constructs & max version there is still 1.125 (and all CDK pkg versions need to match to avoid errors)

[otaviomacedo]

@benm5678 You need to update all the references.