From 96c132f7fdd658b2740e2801e9e6516d776feecb Mon Sep 17 00:00:00 2001
From: Ryan Jaeger <rjjaeger@amazon.com>
Date: Fri, 9 May 2025 09:12:13 -0700
Subject: [PATCH] add error handling logic to ignore if rule no longer exists

---
 .../runtime/src/index.ts                      | 42 ++++++++++++-------
 1 file changed, 27 insertions(+), 15 deletions(-)

diff --git a/src/lib/custom-resources/cdk-vpc-default-security-group/runtime/src/index.ts b/src/lib/custom-resources/cdk-vpc-default-security-group/runtime/src/index.ts
index bad81ad75..921a0a9db 100644
--- a/src/lib/custom-resources/cdk-vpc-default-security-group/runtime/src/index.ts
+++ b/src/lib/custom-resources/cdk-vpc-default-security-group/runtime/src/index.ts
@@ -56,27 +56,39 @@ async function onCreate(event: CloudFormationCustomResourceEvent) {
 
   if (groupId) {
     if (securityGroupIngress && securityGroupIngress.length > 0) {
-      // Deleting VPC default security group inbound rule
-      await throttlingBackOff(() => ec2.revokeSecurityGroupIngress(buildDeleteIngressRequest({ groupId })).promise());
+      try {
+        // Deleting VPC default security group inbound rule
+        await throttlingBackOff(() => ec2.revokeSecurityGroupIngress(buildDeleteIngressRequest({ groupId })).promise());
+      } catch (error: any) {
+        console.log('Error trying to remove default security group Ingress rule');
+      }
     }
 
     if (securityGroupEgress && securityGroupEgress.length > 0) {
-      // Deleting VPC default security group outbound rule
-      await throttlingBackOff(() => ec2.revokeSecurityGroupEgress(buildDeleteEgressRequest({ groupId })).promise());
+      try {
+        // Deleting VPC default security group outbound rule
+        await throttlingBackOff(() => ec2.revokeSecurityGroupEgress(buildDeleteEgressRequest({ groupId })).promise());
+      } catch (error: any) {
+        console.log('Error trying to remove default security group Egress rule');
+      }
     }
 
     if (tags && tags.length === 0) {
-      // Attaching tags to the VPC default security group
-      await throttlingBackOff(() =>
-        ec2
-          .createTags(
-            buildCreateTagsRequest({
-              groupId,
-              acceleratorName: event.ResourceProperties.acceleratorName,
-            }),
-          )
-          .promise(),
-      );
+      try {
+        // Attaching tags to the VPC default security group
+        await throttlingBackOff(() =>
+          ec2
+            .createTags(
+              buildCreateTagsRequest({
+                groupId,
+                acceleratorName: event.ResourceProperties.acceleratorName,
+              }),
+            )
+            .promise(),
+        );
+      } catch (error: any) {
+        console.log('Error trying to add tags to default security group');
+      }
     }
   }