CustomResourceConfig: Logging retention not set for CR when "autoDeleteObjects: true" is added to S3 Bucket

[eodeyemi14]

Describe the bug

When "autoDeleteObjects: true" is added to an S3 bucket, CDK creates a Custom Resource to delete objects from the S3 Bucket. However, retention policy is not set on the created CloudWatch log group even with the CustomResourceConfig module is used. I suspect there may be other construct types that this configuration does not currently work for either.

Here's a sample of the code

import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import * as s3 from 'aws-cdk-lib/aws-s3';
import * as lambda from 'aws-cdk-lib/aws-lambda';
import * as logs from 'aws-cdk-lib/aws-logs';
import { App } from 'aws-cdk-lib';
import { CustomResourceConfig } from 'aws-cdk-lib/custom-resources';


export class CdkStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

   CustomResourceConfig.of(this).addLogRetentionLifetime(logs.RetentionDays.TWO_WEEKS);

   const bucket = new s3.Bucket(this, 'testBucket', {
     versioned: true,
     autoDeleteObjects: true,
     removalPolicy: cdk.RemovalPolicy.DESTROY,
   });
 }
}

Regression Issue

• Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

The CloudWatch log group created by the custom resource should have retention policy set.

Current Behavior

CloudWatch log group created by the custom resource does not have retention policy set.

Reproduction Steps

• Create an S3 bucket with "autoDeleteObjects: true" property set
• Add CustomResourceConfig module to set log retention policy on log group

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.176.0

Framework Version

No response

Node.js Version

v20.17.0

OS

MacOS

Language

TypeScript

Language Version

No response

Other information

No response

[pahud]

related to #33025 (comment)

I think we a custom resource is implicitly created, which user can't disable that, we still should allow user to have a freedom to customize the log retention period for the custom resource provider lambda function logs.

Making this a feature request and I will bring this to the team for visibility.

[pahud]

Hi @eodeyemi14 I just created #33196 to capture similar requests and include this issue there.

Can you take a look on #33196 and let me know if you have different thoughts?