(custom_resources): AwsCustomResource does not allow proper function configuration and overall seems overly complex / outdated in resources it needs

[bdoyle0182]

Describe the bug

Across the cdk exists custom resource implementations that allows on construct instantiation passing in FunctionProps. This isn't the case in AwsCustomResource and only allows configuration of a few function properties directly on its props. This is problematic for organizations that have compliance requirements for lambda configuration to leverage the solution without re-building their own custom resource to do aws sdk calls.

On top of this, there are several bugs with the dependency resources generated tied to the custom resource lambda handler. One example is a secondary lambda is created to configure LogRetention on the custom resource lambda (which seems unnecessary now since configuring log retention is directly available on the lambda CF api?), but if you configure AwsCustomResource to use a vpc; it will only set up the core lambda with the vpc and the log retention lambda does not get the vpc config making the construct unusable for us.

Regression Issue

• Select this option if this issue appears to be a regression.

Last Known Working CDK Version

N/A

Expected Behavior

A simplified AwsCustomResourceV2 that doesn't have the baggage of the original AwsCustomResource with a much more simplified set of dependency resources and allows full function configuration of the handler. Since this is such a common custom resource pattern to make Aws Sdk calls to cover CloudFormation gaps.

We are finding multiple use cases where we need a custom resource Aws calls for our org so it will be a common pattern for us and will need to build our own to meet our requirements. Though this seems with how standard of a feature that Aws would want to own this or build the functionality into the cloud formation service as an available resource option without.

For now, I'm planning to build a custom resource for aws sdk calls and deploy it to my organization through a stack set so our app developers have it available to them which is a lot of leg work when this type of functionality could probably be built into an aws service.

Current Behavior

see bug description

Reproduction Steps

for my specific example, instantiate AWSCustomResource with vpc and logRetention fields specified.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.178.0

Framework Version

No response

Node.js Version

22

OS

MacOS

Language

TypeScript

Language Version

No response

Other information

No response

[pahud]

Thank you for your report. The team is actively reviewing the custom resource. I'll bring it up to the team for further inputs here. Meanwhile, feel free to drop more details here about your desired design and we welcome other inputs from community as well.