Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

(aws-lambda-nodejs): NodejsFunction cannot remove VPC configuration from a function - UPDATE_COMPLETE_CLEANUP_IN_PROGRESS

See original GitHub issue

I created a project that adds a Lambda function to a VPC, so I set the VPC property of the configuration and deployed the function.

I then decided to stop the function from being part of the VPC, because the function’s use case changed. I removed the vpc property, and re-deployed.

On this change, the CloudFormation template dropped into UPDATE_COMPLETE_CLEANUP_IN_PROGRESS and I couldn’t make any more deployments. On looking in the event history, I could see the following:

resource sg-04ea2fedd8b4ff23a has a dependent object (Service: AmazonEC2; Status Code: 400; Error Code: 
DependencyViolation; Request ID: 38b9789c-12a6-4642-8100-6d03fcdf40a8; Proxy: null)

To resolve it, I had to manually delete the network interfaces related to the security group within the VPC. On this deletion, the CloudFormation stack became unstuck.

Reproduction Steps

    const vpc = new ec2.Vpc(this, "shared-vpc", {
      cidr: "",
      subnetConfiguration: [
          cidrMask: 24,
          name: "public",
          subnetType: ec2.SubnetType.PUBLIC,
          cidrMask: 24,
          name: "private",
          subnetType: ec2.SubnetType.PRIVATE,

    const wildcardHandler = new lambdaNode.NodejsFunction(
        runtime: lambda.Runtime.NODEJS_12_X,
        entry: path.join(__dirname, "../handlers/http/wildcard.ts"),
        handler: "handler",
        memorySize: 1024,
        vpc: vpc, //TODO: First set it, then remove it.

What did you expect to happen?

For the function deployment to succeed completely.

What actually happened?

Subsequent deployments failed to complete with:

BackendStack failed: Error [ValidationError]: Stack:arn:aws:cloudformation:eu-west-2:xxxxxxxxxxxxxxxx:stack/BackendStack/3091e410-653d-11eb-adbd-0297c9045a12 is 
in UPDATE_COMPLETE_CLEANUP_IN_PROGRESS state and can not be updated.


  • CDK CLI Version : 1.87.1 (build 9eeaa93)
  • Node.js Version: v14.15.1
  • OS : MacOS Bug Sur
  • Language (Version): TypeScript 3.9.7


I think the solution is to ensure that those network interfaces are deleted before the security group.

This is 🐛 Bug Report

Issue Analytics

  • State:open
  • Created 3 years ago
  • Comments:5 (4 by maintainers)

github_iconTop GitHub Comments

corymhallcommented, Jan 27, 2022

@a-h it looks like this issue is partially fixed. When I tested today I still go the error message about the SecurityGroup failing to get deleted, but the stack did not get stuck in UPDATE_COMPLETE_CLEANUP_IN_PROGRESS. I was able to make more updates the the stack successfully.

I think the remaining issue is with CloudFormation (it needs to successfully delete the SecurityGroup). I’ll keep this issue open for tracking purposes.

rubfergorcommented, Feb 3, 2021

I’m experiencing the same bug when trying to remove the VPC. The only solution to make the stack usable again is searching for the security group and remove it associated ENIs.

Read more comments on GitHub >

github_iconTop Results From Across the Web

class NodejsFunction (construct) · AWS CDK
Use environment variables to apply configuration changes, such as test and production environment configurations, without changing your Lambda function source ...
Read more >
Create Lambda Functions in a VPC in AWS CDK | bobbyhadz
In this article, we are going to provision a lambda function in a VPC and enable it ... subnetConfiguration: [ { name: 'private-subnet-1',...
Read more >
Configuring a Lambda function to access resources in a VPC
Learn how to configure a Lambda function to access Amazon VPC resources. ... Lambda functions can't connect directly to a VPC with dedicated...
Read more >
Some modules can be used with NodejsFunction(AWS CDK ...
I installed the modules I want to use in my lambda function in node_modules of CDK. When I execute sam local invoke, some...
Read more >
How do I configure AWS Lambda functions in a VPC?
Amazon VPCs and Lambda functions are important elements when building and using an AWS architecture, but users sometimes have trouble ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found