Dang, I just discovered that AWS CDK creates a role for a REST API with the
AmazonAPIGatewayPushToCloudWatchLogs policy, but it never cleans it up when the
stack is destroyed. That's why today I could not created new stacks on the CI
account.
3 replies
Replying to @coderbyheart
Here is the problem: the deletion of the role is skipped.
Replying to @coderbyheart
That's in line with the stack template, however this is automatically created by
CDK, so not controlled by the author.
Replying to @coderbyheart
And here is the reason: it's a bug-feature in AWS API Gateway:
https://github.com/aws/aws-cdk/commit/78c858f26fe9b688dc0260d7e8a59004b57c388d