The docs you link to specify : “Using the existing config will add an additional Lambda function and IAM Role to your stack. The Lambda function backs-up the Custom S3 Resource which is used to support existing S3 buckets.”
This is all because of limitations in place by AWS on the CloudFormation which is what we use to deploy your resources into AWS as well as maintain state. Unfortunately the ability to connect to existing S3 buckets doesn’t exist in CloudFormation (strange, I know) so the only way left for us to add that feature is to support it via a feature provided by AWS know as Custom CloudFormation Resources.
We know this isn’t perfect, but those are some of the limits we work under
Ideally we won’t need to drop the cloudformation stack. If at all one need to delete the stack it will FAIL since the Lambda can’t be deleted unless the s3 event notification added manually isn’t removed.
Is there a way to set a trigger likethis directly in cloudformation so we don’t have the additional lambda costs? Or even a way to define what this IAM role name is?
We need to change the automatically created lambda function name, IAM role an most importantly the VPC configurations. Is there a way or a workaround to do that ?
As I understand this, the extra function <stack-name>-custom-resource-existing-s3 is used only for creating and managing Event Notifications on the S3 bucket and not later on for the events themselves. If you look at it in the AWS Console, you’ll see it doesn’t list any triggers, so it shouldn’t get called. Serverless should probably remove it together with the extra Role on deployment finish.