fix(cfn): preserve S3 bucket physical resource ID on stack update#560
Merged
Nahuel990 merged 4 commits intoministackorg:mainfrom May 4, 2026
Conversation
When a CloudFormation stack is updated, resources without an explicit
update handler fall through to _provision_resource, which calls the
create handler. For AWS::S3::Bucket resources without an explicit
BucketName (e.g. ServerlessDeploymentBucket created by Serverless
Framework), this generated a new random bucket name on every update.
This caused Lambda functions referencing the bucket via {Ref:
ServerlessDeploymentBucket} to resolve to the new empty bucket instead
of the one where the deployment zip was actually uploaded, resulting in
Lambda functions with no code (NaN undefined code size).
Changes:
- Add _s3_update handler that preserves the existing physical resource
ID (bucket name) when updating an auto-named bucket in place
- Register the update handler in _RESOURCE_HANDLERS
- Make _s3_create use setdefault to avoid wiping existing bucket data
if called for an already-existing bucket name
Co-authored-by: Cursor <[email protected]>
|
Docker image for this PR has been published: |
…a CloudFormation The CF provisioner _lambda_create was missing CodeSize in the config dict and hardcoding CodeSha256 to "cfn-deployed". This caused UIs (like StackPort) to display "NaN undefined" for code size, even though the code was correctly loaded from S3. Now computes both fields from the actual zip bytes when available. Co-authored-by: Cursor <[email protected]>
Two tests covering the bugs fixed in this PR:
1. test_cfn_auto_named_s3_bucket_stable_across_updates:
Verifies that an auto-named S3 bucket (no explicit BucketName)
preserves its physical resource ID and objects across stack updates.
Before the fix, each update generated a new random bucket name.
2. test_cfn_lambda_s3_ref_bucket_has_code_size:
Verifies that a Lambda deployed via CFN with Code.S3Bucket using
{Ref: DeployBucket} reports correct CodeSize and CodeSha256, and
the code is downloadable. Before the fix, CodeSize was missing
(shown as NaN) and CodeSha256 was hardcoded to 'cfn-deployed'.
Co-authored-by: Cursor <[email protected]>
|
Docker image for this PR has been published: |
1 similar comment
|
Docker image for this PR has been published: |
Nahuel990
approved these changes
May 4, 2026
|
Docker image for this PR has been published: |
Collaborator
|
Thanks for this fix @erick-reis-gran ! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes two bugs in the CloudFormation provisioner that broke Serverless Framework deployments.
Bug 1: Auto-named S3 bucket gets a new name on every stack update
When a CloudFormation stack is updated,
AWS::S3::Bucketresources without an explicitBucketName(such as theServerlessDeploymentBucketcreated by Serverless Framework) were incorrectly getting a new random bucket name on every update instead of preserving the existing one.This caused Lambda functions referencing the bucket via
{"Ref": "ServerlessDeploymentBucket"}to resolve to the new empty bucket instead of the one where the deployment zip was actually uploaded, resulting in Lambda functions created with no code.Root cause:
_RESOURCE_HANDLERShad no"update"entry forAWS::S3::Bucket. On stack update,_update_resourcefell back to_provision_resource(type, physical_id, props, stack_name), passing the old physical resource ID where_s3_createexpected a logical ID._s3_createcalled_physical_name()which always generates a new random suffix, creating a brand new empty bucket.Fix: Add
_s3_updatehandler that preserves the existing physical resource ID (bucket name) when the bucket is updated in place (matching real AWS CloudFormation behavior). Also make_s3_createusesetdefaultto avoid wiping existing bucket data.Bug 2: Lambda functions deployed via CFN missing
CodeSizeand properCodeSha256The CF provisioner
_lambda_createnever setCodeSizein the config dict and hardcodedCodeSha256to"cfn-deployed". This caused UIs (like StackPort) to display "NaN undefined" for code size, even when the code was correctly loaded from S3.Fix: Compute
CodeSizeandCodeSha256from the actual zip bytes when available.Reproduction
serverless-localstackTest plan
test_cfn_auto_named_s3_bucket_stable_across_updates— auto-named bucket keeps same name and objects across stack updatestest_cfn_lambda_s3_ref_bucket_has_code_size— Lambda withCode.S3Bucket: {Ref: Bucket}reports correctCodeSize, realCodeSha256, and code is downloadableBucketNamestill pass (no regression)