aws-cdk: CdkJsonStringify and AWSCDKCfnUtilsProviderCustomResourceProvider are not available in node children

[marcininfra]

Describe the bug

I've educated myself that CDK supports passing only simple types, when I execute the code below a new custom resource is created just for handling an array returned by vpc_endpoint.vpc_endpoint_network_interface_ids.

This is the code that I use.

        vpc_endpoint = vpc.add_interface_endpoint(
            'api-gateway-vpce', service=ec2.InterfaceVpcEndpointAwsService.APIGATEWAY
        )

        custom_resources.AwsCustomResource(
            self, 'endpoint-ips',
            on_update=custom_resources.AwsSdkCall(
                action='describeNetworkInterfaces',
                service='EC2',
                parameters={
                    'NetworkInterfaceIds':vpc_endpoint.vpc_endpoint_network_interface_ids
                },
                physical_resource_id=custom_resources.PhysicalResourceId.of(get_resource_prefix('endpoint-nics')),
            ),
            policy=custom_resources.AwsCustomResourcePolicy.from_sdk_calls(
                resources=custom_resources.AwsCustomResourcePolicy.ANY_RESOURCE
            )
        )

This is an additional custom resource that is produced by cdk and doesn't exist in the children structure:

    "AWSCDKCfnUtilsProviderCustomResourceProviderHandlerCF82AA57": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Code": {
          "S3Bucket": "***",
          "S3Key": "***"
        },
        "Timeout": 900,
        "MemorySize": 128,
        "Handler": "__entrypoint__.handler",
        "Role": {
          "Fn::GetAtt": [
            "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867",
            "Arn"
          ]
        },
        "Runtime": "nodejs18.x"
      },
      "DependsOn": [
        "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867"
      ],
      "Metadata": {
        "aws:cdk:path": "***",
        "aws:asset:path": "***",
        "aws:asset:property": "Code"
      }
    },
    "CdkJsonStringify2": {
      "Type": "Custom::AWSCDKCfnJsonStringify",
      "Properties": {
        "ServiceToken": {
          "Fn::GetAtt": [
            "AWSCDKCfnUtilsProviderCustomResourceProviderHandlerCF82AA57",
            "Arn"
          ]
        },
        "Value": {
          "Fn::GetAtt": [
            "essvpcessapigatewayvpce16FC46B0",
            "NetworkInterfaceIds"
          ]
        }
      },
      "UpdateReplacePolicy": "Delete",
      "DeletionPolicy": "Delete",
      "Metadata": {
        "aws:cdk:path": "***"
      }
    }
  }

Expected Behavior

I expected Custom::AWSCDKCfnJsonStringify to be found in the node structure.

Current Behavior

The problem I have is Custom::AWSCDKCfnJsonStringify cannot be found in node children. It looks like it is added when python execution ends. What I want to do is to add a condition to Custom::AWSCDKCfnJsonStringify as I create essvpcessapigatewayvpce16FC46B0 conditionally based on input parameters. As follows:

vpc_endpoint.node.default_child.cfn_options.condition = my_condition

How can I access Custom::AWSCDKCfnJsonStringify in python to add my modifications?

Reproduction Steps

''

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.111.0

Framework Version

No response

Node.js Version

v18.18.2

OS

Mac OS

Language

Python

Language Version

No response

Other information

No response

[pahud]

Why do you need to access the Custom::AWSCDKCfnJsonStringify custom resource? Can you explain more about that?

[marcininfra]

I create a vpc endpoint only when the installation_type input parameter is private. Otherwise, when public installation type is chosen is fails as it cannot find essvpcessapigatewayvpce16FC46B0. I need to add there a cloudformation condition that creates that custom resource only when the input parameter is private.

[FarrOut]

one use-case is being able to define a custom name for the handler's role i.e. AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867

Update:
got around this particular use-case with iam.Role.customize_roles

[pahud]

Closing this issue now. Feel free to reopen if it's still relevant.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.