(aws-docdb): cannot delete a stack with DatabaseCluster removal_policy set to 'Retain'

[jadamariano]

Describe the bug

After creating a DocumentDB DatabaseCluster with a removal_policy set to Retain, the CloudFormation stack can not be deleted. The stack can not be deleted because the associated subnet group can not be removed if it points to an existing cluster.

Sample error from CloudFormation:
Got InvalidDBInstanceStateException with error: Cannot delete the subnet group '{subnet_group_name}' because at least one database instance: {instance_name} is still using it.

Expected Behavior

The CloudFormation stack should be able to successfully delete.

Current Behavior

After creating a DocumentDB DatabaseCluster with a removal_policy set to Retain, the CloudFormation stack can not be deleted. The stack can not be deleted because the associated subnet group can not be removed if it points to an existing cluster.

Sample error from CloudFormation:
Got InvalidDBInstanceStateException with error: Cannot delete the subnet group '{subnet_group_name}' because at least one database instance: {instance_name} is still using it.

Reproduction Steps

1. Create a database cluster using a default configuration (default configuration has removal_policy set to Retain)

const database = new rds.DatabaseCluster(this, 'DatabaseCluster', {
    defaultDatabaseName: 'test',
    masterUser: {
        username: 'test',
    },
    instances: 1,
    engine: rds.DatabaseClusterEngine.AURORA,
    instanceProps: {
        instanceType: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.SMALL),
        vpc: vpc,
        vpcSubnets: {
            subnetType: ec2.SubnetType.PRIVATE,
        }
    }
});

2. Deploy the cluster
3. Delete the CloudFormation stack
4. The CloudFormation stack will fail to delete

Possible Solution

This same bug was happening for the aws-rds DatabaseCluster (issue attached here), until this fix came around. I suggest to make the same fix for the aws-docdb DatabaseCluster, where it sets the retention policy of DbSubnetGroup to 'Retain' if it is 'Retain' on the DatabaseCluster.

I plan on creating a PR using this solution to resolve this issue.

if (props.removalPolicy === RemovalPolicy.RETAIN) {
  subnetGroup.applyRemovalPolicy(RemovalPolicy.RETAIN);
}

Additional Information/Context

No response

CDK CLI Version

2.126.0

Framework Version

No response

Node.js Version

v20.11.0

OS

macOS Sonoma 14.3

Language

Python

Language Version

No response

Other information

No response

[pahud]

if (props.removalPolicy === RemovalPolicy.RETAIN) {
  subnetGroup.applyRemovalPolicy(RemovalPolicy.RETAIN);
}

Looks like it could be a possible fix. Thank you for your PR.

[jadamariano]

if (props.removalPolicy === RemovalPolicy.RETAIN) {
  subnetGroup.applyRemovalPolicy(RemovalPolicy.RETAIN);
}

Looks like it could be a possible fix. Thank you for your PR.

@pahud Thank you! I'm working on getting all of the PR checks to pass but am having some trouble. Are you able to provide some guidance? Here are the issues I'm having:

1. request-cli-integ-test / cli-changes (pull_request_target) is failing due to it not being able to find the changed files. I took a look at the Workflow file and am wondering if it is because I don't have any files changed under these directories: packages/aws-cdk/bin/**, packages/aws-cdk/lib/**, packages/aws-cdk/test/**.
2. AWS CodeBuild us-east-1 is failing due to my newly added integration test failing. I think it is failing because there is currently no snapshot for the test in the main branch, and as the error message suggests, integ-runner --update-on-failed should be run. I'm not quite sure how to resolve this or if that is even the cause of the error.

[pahud]

@jadamariano please reach out to me on cdk.dev if you are still working on the PR. Thanks.