@go-to-k/cdkd 0.8.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/cli.js +1015 -172
  2. package/dist/cli.js.map +3 -3
  3. package/dist/go-to-k-cdkd-0.9.0.tgz +0 -0
  4. package/dist/index.js +51 -7
  5. package/dist/index.js.map +3 -3
  6. package/package.json +1 -1
  7. package/dist/go-to-k-cdkd-0.8.0.tgz +0 -0
package/dist/cli.js CHANGED
@@ -6196,6 +6196,29 @@ var JsonPatchGenerator = class {
6196
6196
  }
6197
6197
  };
6198
6198
 
6199
+ // src/provisioning/region-check.ts
6200
+ function assertRegionMatch(clientRegion, expectedRegion, resourceType, logicalId, physicalId) {
6201
+ if (!expectedRegion) {
6202
+ return;
6203
+ }
6204
+ if (!clientRegion) {
6205
+ throw new ProvisioningError(
6206
+ `Refusing to treat NotFound as idempotent delete success for ${logicalId} (${resourceType}): AWS client region is unknown but stack state expects ${expectedRegion}. The resource may exist in ${expectedRegion} and would be silently removed from state if this NotFound were trusted.`,
6207
+ resourceType,
6208
+ logicalId,
6209
+ physicalId
6210
+ );
6211
+ }
6212
+ if (clientRegion !== expectedRegion) {
6213
+ throw new ProvisioningError(
6214
+ `Refusing to treat NotFound as idempotent delete success for ${logicalId} (${resourceType}): AWS client region ${clientRegion} does not match stack state region ${expectedRegion}. The resource likely still exists in ${expectedRegion}; rerun the destroy with the correct region (e.g. --region ${expectedRegion}).`,
6215
+ resourceType,
6216
+ logicalId,
6217
+ physicalId
6218
+ );
6219
+ }
6220
+ }
6221
+
6199
6222
  // src/provisioning/cloud-control-provider.ts
6200
6223
  var JSON_STRING_PROPERTIES = {
6201
6224
  "AWS::Events::Rule": /* @__PURE__ */ new Set(["EventPattern"])
@@ -6371,7 +6394,7 @@ var CloudControlProvider = class {
6371
6394
  /**
6372
6395
  * Delete a resource using Cloud Control API
6373
6396
  */
6374
- async delete(logicalId, physicalId, resourceType, _properties) {
6397
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
6375
6398
  this.logger.debug(
6376
6399
  `Deleting resource ${logicalId} (${resourceType}), physical ID: ${physicalId}`
6377
6400
  );
@@ -6398,6 +6421,14 @@ var CloudControlProvider = class {
6398
6421
  } catch (error) {
6399
6422
  const err = error;
6400
6423
  if (err.name === "ResourceNotFoundException" || err.message?.includes("does not exist") || err.message?.includes("not found") || err.message?.includes("NotFound")) {
6424
+ const clientRegion = await this.cloudControlClient.config.region();
6425
+ assertRegionMatch(
6426
+ clientRegion,
6427
+ context?.expectedRegion,
6428
+ resourceType,
6429
+ logicalId,
6430
+ physicalId
6431
+ );
6401
6432
  this.logger.debug(`Resource ${logicalId} already deleted (not found), treating as success`);
6402
6433
  return;
6403
6434
  }
@@ -6962,7 +6993,7 @@ var CustomResourceProvider = class _CustomResourceProvider {
6962
6993
  /**
6963
6994
  * Delete a custom resource by invoking its Lambda handler
6964
6995
  */
6965
- async delete(logicalId, physicalId, resourceType, properties) {
6996
+ async delete(logicalId, physicalId, resourceType, properties, _context) {
6966
6997
  this.logger.debug(`Deleting custom resource ${logicalId}: ${physicalId} (${resourceType})`);
6967
6998
  if (!properties) {
6968
6999
  this.logger.warn(
@@ -7784,13 +7815,21 @@ var IAMRoleProvider = class {
7784
7815
  * 3. Remove role from all instance profiles
7785
7816
  * 4. Delete the role itself
7786
7817
  */
7787
- async delete(logicalId, physicalId, resourceType, _properties) {
7818
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
7788
7819
  this.logger.debug(`Deleting IAM role ${logicalId}: ${physicalId}`);
7789
7820
  try {
7790
7821
  try {
7791
7822
  await this.iamClient.send(new GetRoleCommand({ RoleName: physicalId }));
7792
7823
  } catch (error) {
7793
7824
  if (error instanceof NoSuchEntityException) {
7825
+ const clientRegion = await this.iamClient.config.region();
7826
+ assertRegionMatch(
7827
+ clientRegion,
7828
+ context?.expectedRegion,
7829
+ resourceType,
7830
+ logicalId,
7831
+ physicalId
7832
+ );
7794
7833
  this.logger.debug(`Role ${physicalId} does not exist, skipping deletion`);
7795
7834
  return;
7796
7835
  }
@@ -8285,13 +8324,23 @@ var IAMPolicyProvider = class {
8285
8324
  /**
8286
8325
  * Delete an IAM inline policy
8287
8326
  */
8288
- async delete(logicalId, physicalId, resourceType, properties) {
8327
+ async delete(logicalId, physicalId, resourceType, properties, context) {
8289
8328
  this.logger.debug(`Deleting IAM policy ${logicalId}: ${physicalId}`);
8290
8329
  const policyName = physicalId.includes(":") ? physicalId.split(":")[0] : physicalId;
8291
8330
  if (!policyName) {
8292
8331
  this.logger.warn(`Invalid physical ID format: ${physicalId}, skipping deletion`);
8293
8332
  return;
8294
8333
  }
8334
+ const onNotFound = async (target) => {
8335
+ const clientRegion = await this.iamClient.config.region();
8336
+ assertRegionMatch(
8337
+ clientRegion,
8338
+ context?.expectedRegion,
8339
+ resourceType,
8340
+ logicalId,
8341
+ `${physicalId} (${target})`
8342
+ );
8343
+ };
8295
8344
  try {
8296
8345
  const roles = properties?.["Roles"];
8297
8346
  const groups = properties?.["Groups"];
@@ -8308,7 +8357,9 @@ var IAMPolicyProvider = class {
8308
8357
  );
8309
8358
  this.logger.debug(`Deleted inline policy ${policyName} from role ${firstRole}`);
8310
8359
  } catch (error) {
8311
- if (!(error instanceof NoSuchEntityException2)) {
8360
+ if (error instanceof NoSuchEntityException2) {
8361
+ await onNotFound(`role ${firstRole}`);
8362
+ } else {
8312
8363
  throw error;
8313
8364
  }
8314
8365
  }
@@ -8325,7 +8376,9 @@ var IAMPolicyProvider = class {
8325
8376
  );
8326
8377
  this.logger.debug(`Deleted inline policy ${policyName} from role ${roleName}`);
8327
8378
  } catch (error) {
8328
- if (!(error instanceof NoSuchEntityException2)) {
8379
+ if (error instanceof NoSuchEntityException2) {
8380
+ await onNotFound(`role ${roleName}`);
8381
+ } else {
8329
8382
  throw error;
8330
8383
  }
8331
8384
  }
@@ -8342,7 +8395,9 @@ var IAMPolicyProvider = class {
8342
8395
  );
8343
8396
  this.logger.debug(`Deleted inline policy ${policyName} from group ${groupName}`);
8344
8397
  } catch (error) {
8345
- if (!(error instanceof NoSuchEntityException2)) {
8398
+ if (error instanceof NoSuchEntityException2) {
8399
+ await onNotFound(`group ${groupName}`);
8400
+ } else {
8346
8401
  throw error;
8347
8402
  }
8348
8403
  }
@@ -8359,7 +8414,9 @@ var IAMPolicyProvider = class {
8359
8414
  );
8360
8415
  this.logger.debug(`Deleted inline policy ${policyName} from user ${userName}`);
8361
8416
  } catch (error) {
8362
- if (!(error instanceof NoSuchEntityException2)) {
8417
+ if (error instanceof NoSuchEntityException2) {
8418
+ await onNotFound(`user ${userName}`);
8419
+ } else {
8363
8420
  throw error;
8364
8421
  }
8365
8422
  }
@@ -8517,7 +8574,7 @@ var IAMInstanceProfileProvider = class {
8517
8574
  *
8518
8575
  * Before deleting, removes all roles from the instance profile.
8519
8576
  */
8520
- async delete(logicalId, physicalId, resourceType, _properties) {
8577
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
8521
8578
  this.logger.debug(`Deleting IAM instance profile ${logicalId}: ${physicalId}`);
8522
8579
  try {
8523
8580
  let roles = [];
@@ -8530,6 +8587,14 @@ var IAMInstanceProfileProvider = class {
8530
8587
  ) || [];
8531
8588
  } catch (error) {
8532
8589
  if (error instanceof NoSuchEntityException3) {
8590
+ const clientRegion = await this.iamClient.config.region();
8591
+ assertRegionMatch(
8592
+ clientRegion,
8593
+ context?.expectedRegion,
8594
+ resourceType,
8595
+ logicalId,
8596
+ physicalId
8597
+ );
8533
8598
  this.logger.debug(`Instance profile ${physicalId} does not exist, skipping deletion`);
8534
8599
  return;
8535
8600
  }
@@ -8556,6 +8621,14 @@ var IAMInstanceProfileProvider = class {
8556
8621
  this.logger.debug(`Successfully deleted IAM instance profile ${logicalId}`);
8557
8622
  } catch (error) {
8558
8623
  if (error instanceof NoSuchEntityException3) {
8624
+ const clientRegion = await this.iamClient.config.region();
8625
+ assertRegionMatch(
8626
+ clientRegion,
8627
+ context?.expectedRegion,
8628
+ resourceType,
8629
+ logicalId,
8630
+ physicalId
8631
+ );
8559
8632
  this.logger.debug(`Instance profile ${physicalId} does not exist, skipping deletion`);
8560
8633
  return;
8561
8634
  }
@@ -8675,14 +8748,20 @@ var IAMUserGroupProvider = class {
8675
8748
  );
8676
8749
  }
8677
8750
  }
8678
- async delete(logicalId, physicalId, resourceType, properties) {
8751
+ async delete(logicalId, physicalId, resourceType, properties, context) {
8679
8752
  switch (resourceType) {
8680
8753
  case "AWS::IAM::User":
8681
- return this.deleteUser(logicalId, physicalId, resourceType);
8754
+ return this.deleteUser(logicalId, physicalId, resourceType, context);
8682
8755
  case "AWS::IAM::Group":
8683
- return this.deleteGroup(logicalId, physicalId, resourceType);
8756
+ return this.deleteGroup(logicalId, physicalId, resourceType, context);
8684
8757
  case "AWS::IAM::UserToGroupAddition":
8685
- return this.deleteUserToGroupAddition(logicalId, physicalId, resourceType, properties);
8758
+ return this.deleteUserToGroupAddition(
8759
+ logicalId,
8760
+ physicalId,
8761
+ resourceType,
8762
+ properties,
8763
+ context
8764
+ );
8686
8765
  default:
8687
8766
  throw new ProvisioningError(
8688
8767
  `Unsupported resource type: ${resourceType}`,
@@ -8885,13 +8964,21 @@ var IAMUserGroupProvider = class {
8885
8964
  );
8886
8965
  }
8887
8966
  }
8888
- async deleteUser(logicalId, physicalId, resourceType) {
8967
+ async deleteUser(logicalId, physicalId, resourceType, context) {
8889
8968
  this.logger.debug(`Deleting IAM user ${logicalId}: ${physicalId}`);
8890
8969
  try {
8891
8970
  try {
8892
8971
  await this.iamClient.send(new GetUserCommand({ UserName: physicalId }));
8893
8972
  } catch (error) {
8894
8973
  if (error instanceof NoSuchEntityException4) {
8974
+ const clientRegion = await this.iamClient.config.region();
8975
+ assertRegionMatch(
8976
+ clientRegion,
8977
+ context?.expectedRegion,
8978
+ resourceType,
8979
+ logicalId,
8980
+ physicalId
8981
+ );
8895
8982
  this.logger.debug(`User ${physicalId} does not exist, skipping deletion`);
8896
8983
  return;
8897
8984
  }
@@ -9231,7 +9318,7 @@ var IAMUserGroupProvider = class {
9231
9318
  );
9232
9319
  }
9233
9320
  }
9234
- async deleteGroup(logicalId, physicalId, resourceType) {
9321
+ async deleteGroup(logicalId, physicalId, resourceType, context) {
9235
9322
  this.logger.debug(`Deleting IAM group ${logicalId}: ${physicalId}`);
9236
9323
  try {
9237
9324
  await this.detachAllGroupPolicies(physicalId);
@@ -9241,6 +9328,14 @@ var IAMUserGroupProvider = class {
9241
9328
  this.logger.debug(`Successfully deleted IAM group ${logicalId}`);
9242
9329
  } catch (error) {
9243
9330
  if (error instanceof NoSuchEntityException4) {
9331
+ const clientRegion = await this.iamClient.config.region();
9332
+ assertRegionMatch(
9333
+ clientRegion,
9334
+ context?.expectedRegion,
9335
+ resourceType,
9336
+ logicalId,
9337
+ physicalId
9338
+ );
9244
9339
  this.logger.debug(`Group ${physicalId} does not exist, skipping deletion`);
9245
9340
  return;
9246
9341
  }
@@ -9515,7 +9610,7 @@ var IAMUserGroupProvider = class {
9515
9610
  );
9516
9611
  }
9517
9612
  }
9518
- async deleteUserToGroupAddition(logicalId, physicalId, resourceType, properties) {
9613
+ async deleteUserToGroupAddition(logicalId, physicalId, resourceType, properties, _context) {
9519
9614
  this.logger.debug(`Deleting IAM UserToGroupAddition ${logicalId}`);
9520
9615
  if (!properties) {
9521
9616
  this.logger.debug(`No properties for UserToGroupAddition ${logicalId}, skipping deletion`);
@@ -10389,12 +10484,20 @@ var S3BucketProvider = class {
10389
10484
  *
10390
10485
  * Note: The bucket must be empty before deletion.
10391
10486
  */
10392
- async delete(logicalId, physicalId, resourceType, _properties) {
10487
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
10393
10488
  this.logger.debug(`Deleting S3 bucket ${logicalId}: ${physicalId}`);
10394
10489
  try {
10395
10490
  await this.deleteBucketWithEmptyRetry(logicalId, physicalId);
10396
10491
  } catch (error) {
10397
10492
  if (error instanceof NoSuchBucket) {
10493
+ const clientRegion = await this.s3Client.config.region();
10494
+ assertRegionMatch(
10495
+ clientRegion,
10496
+ context?.expectedRegion,
10497
+ resourceType,
10498
+ logicalId,
10499
+ physicalId
10500
+ );
10398
10501
  this.logger.debug(`Bucket ${physicalId} does not exist, skipping deletion`);
10399
10502
  return;
10400
10503
  }
@@ -10589,7 +10692,7 @@ var S3BucketPolicyProvider = class {
10589
10692
  /**
10590
10693
  * Delete an S3 bucket policy
10591
10694
  */
10592
- async delete(logicalId, physicalId, resourceType, _properties) {
10695
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
10593
10696
  this.logger.debug(`Deleting S3 bucket policy ${logicalId}: ${physicalId}`);
10594
10697
  try {
10595
10698
  try {
@@ -10601,10 +10704,26 @@ var S3BucketPolicyProvider = class {
10601
10704
  this.logger.debug(`Successfully deleted S3 bucket policy ${logicalId}`);
10602
10705
  } catch (error) {
10603
10706
  if (error instanceof NoSuchBucket2) {
10707
+ const clientRegion = await this.s3Client.config.region();
10708
+ assertRegionMatch(
10709
+ clientRegion,
10710
+ context?.expectedRegion,
10711
+ resourceType,
10712
+ logicalId,
10713
+ physicalId
10714
+ );
10604
10715
  this.logger.debug(`Bucket ${physicalId} does not exist, skipping policy deletion`);
10605
10716
  return;
10606
10717
  }
10607
10718
  if (error instanceof Error && (error.name === "NoSuchBucketPolicy" || error.message.includes("does not have"))) {
10719
+ const clientRegion = await this.s3Client.config.region();
10720
+ assertRegionMatch(
10721
+ clientRegion,
10722
+ context?.expectedRegion,
10723
+ resourceType,
10724
+ logicalId,
10725
+ physicalId
10726
+ );
10608
10727
  this.logger.debug(`Bucket policy for ${physicalId} does not exist, skipping`);
10609
10728
  return;
10610
10729
  }
@@ -10794,13 +10913,21 @@ var SQSQueueProvider = class {
10794
10913
  /**
10795
10914
  * Delete an SQS queue
10796
10915
  */
10797
- async delete(logicalId, physicalId, resourceType, _properties) {
10916
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
10798
10917
  this.logger.debug(`Deleting SQS queue ${logicalId}: ${physicalId}`);
10799
10918
  try {
10800
10919
  await this.sqsClient.send(new DeleteQueueCommand({ QueueUrl: physicalId }));
10801
10920
  this.logger.debug(`Successfully deleted SQS queue ${logicalId}`);
10802
10921
  } catch (error) {
10803
10922
  if (error instanceof QueueDoesNotExist) {
10923
+ const clientRegion = await this.sqsClient.config.region();
10924
+ assertRegionMatch(
10925
+ clientRegion,
10926
+ context?.expectedRegion,
10927
+ resourceType,
10928
+ logicalId,
10929
+ physicalId
10930
+ );
10804
10931
  this.logger.debug(`SQS queue ${physicalId} does not exist, skipping deletion`);
10805
10932
  return;
10806
10933
  }
@@ -10949,7 +11076,7 @@ var SQSQueuePolicyProvider = class {
10949
11076
  /**
10950
11077
  * Delete an SQS queue policy
10951
11078
  */
10952
- async delete(logicalId, physicalId, resourceType, _properties) {
11079
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
10953
11080
  this.logger.debug(`Deleting SQS queue policy ${logicalId}: ${physicalId}`);
10954
11081
  try {
10955
11082
  await this.sqsClient.send(
@@ -10963,6 +11090,14 @@ var SQSQueuePolicyProvider = class {
10963
11090
  this.logger.debug(`Successfully deleted SQS queue policy ${logicalId}`);
10964
11091
  } catch (error) {
10965
11092
  if (error instanceof Error && (error.name === "QueueDoesNotExist" || error.message.includes("does not exist"))) {
11093
+ const clientRegion = await this.sqsClient.config.region();
11094
+ assertRegionMatch(
11095
+ clientRegion,
11096
+ context?.expectedRegion,
11097
+ resourceType,
11098
+ logicalId,
11099
+ physicalId
11100
+ );
10966
11101
  this.logger.debug(`Queue ${physicalId} does not exist, skipping policy deletion`);
10967
11102
  return;
10968
11103
  }
@@ -11243,13 +11378,21 @@ var SNSTopicProvider = class {
11243
11378
  /**
11244
11379
  * Delete an SNS topic
11245
11380
  */
11246
- async delete(logicalId, physicalId, resourceType, _properties) {
11381
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
11247
11382
  this.logger.debug(`Deleting SNS topic ${logicalId}: ${physicalId}`);
11248
11383
  try {
11249
11384
  await this.snsClient.send(new DeleteTopicCommand({ TopicArn: physicalId }));
11250
11385
  this.logger.debug(`Successfully deleted SNS topic ${logicalId}`);
11251
11386
  } catch (error) {
11252
11387
  if (error instanceof NotFoundException) {
11388
+ const clientRegion = await this.snsClient.config.region();
11389
+ assertRegionMatch(
11390
+ clientRegion,
11391
+ context?.expectedRegion,
11392
+ resourceType,
11393
+ logicalId,
11394
+ physicalId
11395
+ );
11253
11396
  this.logger.debug(`SNS topic ${physicalId} does not exist, skipping deletion`);
11254
11397
  return;
11255
11398
  }
@@ -11368,7 +11511,7 @@ var SNSSubscriptionProvider = class {
11368
11511
  /**
11369
11512
  * Delete an SNS subscription
11370
11513
  */
11371
- async delete(logicalId, physicalId, resourceType, _properties) {
11514
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
11372
11515
  this.logger.debug(`Deleting SNS subscription ${logicalId}: ${physicalId}`);
11373
11516
  try {
11374
11517
  await this.snsClient.send(
@@ -11379,6 +11522,14 @@ var SNSSubscriptionProvider = class {
11379
11522
  this.logger.debug(`Successfully deleted SNS subscription ${logicalId}`);
11380
11523
  } catch (error) {
11381
11524
  if (error instanceof NotFoundException2) {
11525
+ const clientRegion = await this.snsClient.config.region();
11526
+ assertRegionMatch(
11527
+ clientRegion,
11528
+ context?.expectedRegion,
11529
+ resourceType,
11530
+ logicalId,
11531
+ physicalId
11532
+ );
11382
11533
  this.logger.debug(`Subscription ${physicalId} does not exist, skipping deletion`);
11383
11534
  return;
11384
11535
  }
@@ -11499,7 +11650,7 @@ var SNSTopicPolicyProvider = class {
11499
11650
  *
11500
11651
  * Removes the policy from each topic by setting an empty policy.
11501
11652
  */
11502
- async delete(logicalId, physicalId, resourceType, _properties) {
11653
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
11503
11654
  this.logger.debug(`Deleting SNS topic policy ${logicalId}: ${physicalId}`);
11504
11655
  const topicArns = physicalId.split(",");
11505
11656
  for (const topicArn of topicArns) {
@@ -11508,6 +11659,14 @@ var SNSTopicPolicyProvider = class {
11508
11659
  this.logger.debug(`Removed policy from topic ${topicArn}`);
11509
11660
  } catch (error) {
11510
11661
  if (error instanceof Error && (error.name === "NotFoundException" || error.name === "NotFound" || error.message.includes("not found") || error.message.includes("does not exist") || error.message.includes("Invalid parameter"))) {
11662
+ const clientRegion = await getAwsClients().sns.config.region();
11663
+ assertRegionMatch(
11664
+ clientRegion,
11665
+ context?.expectedRegion,
11666
+ resourceType,
11667
+ logicalId,
11668
+ topicArn
11669
+ );
11511
11670
  this.logger.debug(`Topic ${topicArn} not found or policy already removed, skipping`);
11512
11671
  continue;
11513
11672
  }
@@ -11772,7 +11931,7 @@ var LambdaFunctionProvider = class {
11772
11931
  * security groups, we poll DescribeNetworkInterfaces for the function's
11773
11932
  * managed ENIs and only return once they are gone (or the timeout elapses).
11774
11933
  */
11775
- async delete(logicalId, physicalId, resourceType, properties) {
11934
+ async delete(logicalId, physicalId, resourceType, properties, context) {
11776
11935
  this.logger.debug(`Deleting Lambda function ${logicalId}: ${physicalId}`);
11777
11936
  const hasVpcConfig = this.hasVpcConfig(properties?.["VpcConfig"]);
11778
11937
  if (hasVpcConfig) {
@@ -11786,6 +11945,14 @@ var LambdaFunctionProvider = class {
11786
11945
  this.logger.debug(`Detached VPC config from Lambda ${physicalId} before deletion`);
11787
11946
  } catch (error) {
11788
11947
  if (error instanceof ResourceNotFoundException) {
11948
+ const clientRegion = await this.lambdaClient.config.region();
11949
+ assertRegionMatch(
11950
+ clientRegion,
11951
+ context?.expectedRegion,
11952
+ resourceType,
11953
+ logicalId,
11954
+ physicalId
11955
+ );
11789
11956
  return;
11790
11957
  }
11791
11958
  this.logger.warn(
@@ -11799,6 +11966,14 @@ var LambdaFunctionProvider = class {
11799
11966
  this.logger.debug(`Successfully deleted Lambda function ${logicalId}`);
11800
11967
  } catch (error) {
11801
11968
  if (error instanceof ResourceNotFoundException) {
11969
+ const clientRegion = await this.lambdaClient.config.region();
11970
+ assertRegionMatch(
11971
+ clientRegion,
11972
+ context?.expectedRegion,
11973
+ resourceType,
11974
+ logicalId,
11975
+ physicalId
11976
+ );
11802
11977
  this.logger.debug(`Lambda function ${physicalId} does not exist, skipping deletion`);
11803
11978
  return;
11804
11979
  }
@@ -12265,7 +12440,7 @@ var LambdaPermissionProvider = class {
12265
12440
  /**
12266
12441
  * Delete a Lambda permission
12267
12442
  */
12268
- async delete(logicalId, physicalId, resourceType, properties) {
12443
+ async delete(logicalId, physicalId, resourceType, properties, context) {
12269
12444
  this.logger.debug(`Deleting Lambda permission ${logicalId}: ${physicalId}`);
12270
12445
  const functionName = properties?.["FunctionName"];
12271
12446
  if (!functionName) {
@@ -12288,6 +12463,14 @@ var LambdaPermissionProvider = class {
12288
12463
  this.logger.debug(`Successfully deleted Lambda permission ${logicalId}`);
12289
12464
  } catch (error) {
12290
12465
  if (error instanceof ResourceNotFoundException2) {
12466
+ const clientRegion = await this.lambdaClient.config.region();
12467
+ assertRegionMatch(
12468
+ clientRegion,
12469
+ context?.expectedRegion,
12470
+ resourceType,
12471
+ logicalId,
12472
+ physicalId
12473
+ );
12291
12474
  this.logger.debug(`Lambda permission ${physicalId} does not exist, skipping deletion`);
12292
12475
  return;
12293
12476
  }
@@ -12404,7 +12587,7 @@ var LambdaUrlProvider = class {
12404
12587
  /**
12405
12588
  * Delete a Lambda Function URL
12406
12589
  */
12407
- async delete(logicalId, physicalId, resourceType, _properties) {
12590
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
12408
12591
  this.logger.debug(`Deleting Lambda URL ${logicalId}: ${physicalId}`);
12409
12592
  try {
12410
12593
  await this.lambdaClient.send(
@@ -12413,6 +12596,14 @@ var LambdaUrlProvider = class {
12413
12596
  this.logger.debug(`Successfully deleted Lambda URL ${logicalId}`);
12414
12597
  } catch (error) {
12415
12598
  if (error instanceof ResourceNotFoundException3) {
12599
+ const clientRegion = await this.lambdaClient.config.region();
12600
+ assertRegionMatch(
12601
+ clientRegion,
12602
+ context?.expectedRegion,
12603
+ resourceType,
12604
+ logicalId,
12605
+ physicalId
12606
+ );
12416
12607
  this.logger.debug(`Lambda URL ${physicalId} does not exist, skipping deletion`);
12417
12608
  return;
12418
12609
  }
@@ -12623,13 +12814,21 @@ var LambdaEventSourceMappingProvider = class {
12623
12814
  /**
12624
12815
  * Delete a Lambda Event Source Mapping
12625
12816
  */
12626
- async delete(logicalId, physicalId, resourceType, _properties) {
12817
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
12627
12818
  this.logger.debug(`Deleting event source mapping ${logicalId}: ${physicalId}`);
12628
12819
  try {
12629
12820
  try {
12630
12821
  await this.lambdaClient.send(new GetEventSourceMappingCommand({ UUID: physicalId }));
12631
12822
  } catch (error) {
12632
12823
  if (error instanceof ResourceNotFoundException4) {
12824
+ const clientRegion = await this.lambdaClient.config.region();
12825
+ assertRegionMatch(
12826
+ clientRegion,
12827
+ context?.expectedRegion,
12828
+ resourceType,
12829
+ logicalId,
12830
+ physicalId
12831
+ );
12633
12832
  this.logger.debug(`Event source mapping ${physicalId} does not exist, skipping deletion`);
12634
12833
  return;
12635
12834
  }
@@ -12639,6 +12838,14 @@ var LambdaEventSourceMappingProvider = class {
12639
12838
  this.logger.debug(`Successfully deleted event source mapping ${logicalId}`);
12640
12839
  } catch (error) {
12641
12840
  if (error instanceof ResourceNotFoundException4) {
12841
+ const clientRegion = await this.lambdaClient.config.region();
12842
+ assertRegionMatch(
12843
+ clientRegion,
12844
+ context?.expectedRegion,
12845
+ resourceType,
12846
+ logicalId,
12847
+ physicalId
12848
+ );
12642
12849
  this.logger.debug(`Event source mapping ${physicalId} does not exist, skipping deletion`);
12643
12850
  return;
12644
12851
  }
@@ -12752,7 +12959,7 @@ var LambdaLayerVersionProvider = class {
12752
12959
  /**
12753
12960
  * Delete a Lambda layer version
12754
12961
  */
12755
- async delete(logicalId, physicalId, resourceType, _properties) {
12962
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
12756
12963
  this.logger.debug(`Deleting Lambda layer version ${logicalId}: ${physicalId}`);
12757
12964
  const arnParts = physicalId.split(":");
12758
12965
  if (arnParts.length < 8) {
@@ -12775,6 +12982,14 @@ var LambdaLayerVersionProvider = class {
12775
12982
  this.logger.debug(`Successfully deleted Lambda layer version ${logicalId}`);
12776
12983
  } catch (error) {
12777
12984
  if (error instanceof ResourceNotFoundException5) {
12985
+ const clientRegion = await this.lambdaClient.config.region();
12986
+ assertRegionMatch(
12987
+ clientRegion,
12988
+ context?.expectedRegion,
12989
+ resourceType,
12990
+ logicalId,
12991
+ physicalId
12992
+ );
12778
12993
  this.logger.debug(`Lambda layer version ${physicalId} does not exist, skipping deletion`);
12779
12994
  return;
12780
12995
  }
@@ -12951,13 +13166,21 @@ var DynamoDBTableProvider = class {
12951
13166
  /**
12952
13167
  * Delete a DynamoDB table
12953
13168
  */
12954
- async delete(logicalId, physicalId, resourceType, _properties) {
13169
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
12955
13170
  this.logger.debug(`Deleting DynamoDB table ${logicalId}: ${physicalId}`);
12956
13171
  try {
12957
13172
  await this.dynamoDBClient.send(new DeleteTableCommand({ TableName: physicalId }));
12958
13173
  this.logger.debug(`Successfully deleted DynamoDB table ${logicalId}`);
12959
13174
  } catch (error) {
12960
13175
  if (error instanceof ResourceNotFoundException6) {
13176
+ const clientRegion = await this.dynamoDBClient.config.region();
13177
+ assertRegionMatch(
13178
+ clientRegion,
13179
+ context?.expectedRegion,
13180
+ resourceType,
13181
+ logicalId,
13182
+ physicalId
13183
+ );
12961
13184
  this.logger.debug(`DynamoDB table ${physicalId} does not exist, skipping deletion`);
12962
13185
  return;
12963
13186
  }
@@ -13186,13 +13409,21 @@ var LogsLogGroupProvider = class {
13186
13409
  /**
13187
13410
  * Delete a CloudWatch Logs log group
13188
13411
  */
13189
- async delete(logicalId, physicalId, resourceType, _properties) {
13412
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
13190
13413
  this.logger.debug(`Deleting log group ${logicalId}: ${physicalId}`);
13191
13414
  try {
13192
13415
  await this.logsClient.send(new DeleteLogGroupCommand({ logGroupName: physicalId }));
13193
13416
  this.logger.debug(`Successfully deleted log group ${logicalId}`);
13194
13417
  } catch (error) {
13195
13418
  if (error instanceof ResourceNotFoundException7) {
13419
+ const clientRegion = await this.logsClient.config.region();
13420
+ assertRegionMatch(
13421
+ clientRegion,
13422
+ context?.expectedRegion,
13423
+ resourceType,
13424
+ logicalId,
13425
+ physicalId
13426
+ );
13196
13427
  this.logger.debug(`Log group ${physicalId} does not exist, skipping deletion`);
13197
13428
  return;
13198
13429
  }
@@ -13323,7 +13554,7 @@ var CloudWatchAlarmProvider = class {
13323
13554
  /**
13324
13555
  * Delete a CloudWatch alarm
13325
13556
  */
13326
- async delete(logicalId, physicalId, resourceType, _properties) {
13557
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
13327
13558
  this.logger.debug(`Deleting CloudWatch alarm ${logicalId}: ${physicalId}`);
13328
13559
  try {
13329
13560
  await this.cloudWatchClient.send(
@@ -13334,6 +13565,14 @@ var CloudWatchAlarmProvider = class {
13334
13565
  this.logger.debug(`Successfully deleted CloudWatch alarm ${logicalId}`);
13335
13566
  } catch (error) {
13336
13567
  if (error instanceof Error && error.name === "ResourceNotFound") {
13568
+ const clientRegion = await this.cloudWatchClient.config.region();
13569
+ assertRegionMatch(
13570
+ clientRegion,
13571
+ context?.expectedRegion,
13572
+ resourceType,
13573
+ logicalId,
13574
+ physicalId
13575
+ );
13337
13576
  this.logger.debug(`Alarm ${physicalId} does not exist, skipping deletion`);
13338
13577
  return;
13339
13578
  }
@@ -13627,7 +13866,7 @@ var SecretsManagerSecretProvider = class {
13627
13866
  /**
13628
13867
  * Delete a Secrets Manager secret
13629
13868
  */
13630
- async delete(logicalId, physicalId, resourceType, _properties) {
13869
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
13631
13870
  this.logger.debug(`Deleting secret ${logicalId}: ${physicalId}`);
13632
13871
  try {
13633
13872
  await this.smClient.send(
@@ -13639,6 +13878,14 @@ var SecretsManagerSecretProvider = class {
13639
13878
  this.logger.debug(`Successfully deleted secret ${logicalId}`);
13640
13879
  } catch (error) {
13641
13880
  if (error instanceof ResourceNotFoundException8) {
13881
+ const clientRegion = await this.smClient.config.region();
13882
+ assertRegionMatch(
13883
+ clientRegion,
13884
+ context?.expectedRegion,
13885
+ resourceType,
13886
+ logicalId,
13887
+ physicalId
13888
+ );
13642
13889
  this.logger.debug(`Secret ${physicalId} does not exist, skipping deletion`);
13643
13890
  return;
13644
13891
  }
@@ -13883,7 +14130,7 @@ var SSMParameterProvider = class {
13883
14130
  /**
13884
14131
  * Delete an SSM parameter
13885
14132
  */
13886
- async delete(logicalId, physicalId, resourceType, _properties) {
14133
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
13887
14134
  this.logger.debug(`Deleting SSM parameter ${logicalId}: ${physicalId}`);
13888
14135
  try {
13889
14136
  await this.ssmClient.send(
@@ -13894,6 +14141,14 @@ var SSMParameterProvider = class {
13894
14141
  this.logger.debug(`Successfully deleted SSM parameter ${logicalId}`);
13895
14142
  } catch (error) {
13896
14143
  if (error instanceof ParameterNotFound) {
14144
+ const clientRegion = await this.ssmClient.config.region();
14145
+ assertRegionMatch(
14146
+ clientRegion,
14147
+ context?.expectedRegion,
14148
+ resourceType,
14149
+ logicalId,
14150
+ physicalId
14151
+ );
13897
14152
  this.logger.debug(`Parameter ${physicalId} does not exist, skipping deletion`);
13898
14153
  return;
13899
14154
  }
@@ -14112,7 +14367,7 @@ var EventBridgeRuleProvider = class {
14112
14367
  *
14113
14368
  * Before deleting, removes all targets (required by EventBridge API).
14114
14369
  */
14115
- async delete(logicalId, physicalId, resourceType, _properties) {
14370
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
14116
14371
  this.logger.debug(`Deleting EventBridge rule ${logicalId}: ${physicalId}`);
14117
14372
  const ruleName = this.extractRuleNameFromArn(physicalId);
14118
14373
  try {
@@ -14124,6 +14379,14 @@ var EventBridgeRuleProvider = class {
14124
14379
  targetIds = (targetsResponse.Targets || []).map((t) => t.Id).filter((id) => id !== void 0);
14125
14380
  } catch (error) {
14126
14381
  if (error instanceof ResourceNotFoundException9) {
14382
+ const clientRegion = await this.eventBridgeClient.config.region();
14383
+ assertRegionMatch(
14384
+ clientRegion,
14385
+ context?.expectedRegion,
14386
+ resourceType,
14387
+ logicalId,
14388
+ physicalId
14389
+ );
14127
14390
  this.logger.debug(`Rule ${ruleName} does not exist, skipping deletion`);
14128
14391
  return;
14129
14392
  }
@@ -14142,6 +14405,14 @@ var EventBridgeRuleProvider = class {
14142
14405
  this.logger.debug(`Successfully deleted EventBridge rule ${logicalId}`);
14143
14406
  } catch (error) {
14144
14407
  if (error instanceof ResourceNotFoundException9) {
14408
+ const clientRegion = await this.eventBridgeClient.config.region();
14409
+ assertRegionMatch(
14410
+ clientRegion,
14411
+ context?.expectedRegion,
14412
+ resourceType,
14413
+ logicalId,
14414
+ physicalId
14415
+ );
14145
14416
  this.logger.debug(`Rule ${ruleName} does not exist, skipping deletion`);
14146
14417
  return;
14147
14418
  }
@@ -14327,7 +14598,7 @@ var EventBridgeBusProvider = class {
14327
14598
  }
14328
14599
  return { physicalId, wasReplaced: false, attributes: {} };
14329
14600
  }
14330
- async delete(logicalId, physicalId, resourceType) {
14601
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
14331
14602
  this.logger.debug(`Deleting EventBus ${logicalId}: ${physicalId}`);
14332
14603
  try {
14333
14604
  await this.cleanupRulesOnBus(physicalId);
@@ -14335,11 +14606,27 @@ var EventBridgeBusProvider = class {
14335
14606
  this.logger.debug(`Successfully deleted EventBus ${logicalId}`);
14336
14607
  } catch (error) {
14337
14608
  if (error instanceof ResourceNotFoundException10) {
14609
+ const clientRegion = await this.eventBridgeClient.config.region();
14610
+ assertRegionMatch(
14611
+ clientRegion,
14612
+ context?.expectedRegion,
14613
+ resourceType,
14614
+ logicalId,
14615
+ physicalId
14616
+ );
14338
14617
  this.logger.debug(`EventBus ${physicalId} does not exist, skipping`);
14339
14618
  return;
14340
14619
  }
14341
14620
  const msg = error instanceof Error ? error.message : String(error);
14342
14621
  if (msg.includes("does not exist")) {
14622
+ const clientRegion = await this.eventBridgeClient.config.region();
14623
+ assertRegionMatch(
14624
+ clientRegion,
14625
+ context?.expectedRegion,
14626
+ resourceType,
14627
+ logicalId,
14628
+ physicalId
14629
+ );
14343
14630
  this.logger.debug(`EventBus ${physicalId} does not exist, skipping`);
14344
14631
  return;
14345
14632
  }
@@ -14639,32 +14926,38 @@ var EC2Provider = class {
14639
14926
  );
14640
14927
  }
14641
14928
  }
14642
- async delete(logicalId, physicalId, resourceType, properties) {
14929
+ async delete(logicalId, physicalId, resourceType, properties, context) {
14643
14930
  switch (resourceType) {
14644
14931
  case "AWS::EC2::VPC":
14645
- return this.deleteVpc(logicalId, physicalId, resourceType);
14932
+ return this.deleteVpc(logicalId, physicalId, resourceType, context);
14646
14933
  case "AWS::EC2::Subnet":
14647
- return this.deleteSubnet(logicalId, physicalId, resourceType);
14934
+ return this.deleteSubnet(logicalId, physicalId, resourceType, context);
14648
14935
  case "AWS::EC2::InternetGateway":
14649
- return this.deleteInternetGateway(logicalId, physicalId, resourceType);
14936
+ return this.deleteInternetGateway(logicalId, physicalId, resourceType, context);
14650
14937
  case "AWS::EC2::VPCGatewayAttachment":
14651
- return this.deleteVpcGatewayAttachment(logicalId, physicalId, resourceType);
14938
+ return this.deleteVpcGatewayAttachment(logicalId, physicalId, resourceType, context);
14652
14939
  case "AWS::EC2::RouteTable":
14653
- return this.deleteRouteTable(logicalId, physicalId, resourceType);
14940
+ return this.deleteRouteTable(logicalId, physicalId, resourceType, context);
14654
14941
  case "AWS::EC2::Route":
14655
- return this.deleteRoute(logicalId, physicalId, resourceType);
14942
+ return this.deleteRoute(logicalId, physicalId, resourceType, context);
14656
14943
  case "AWS::EC2::SubnetRouteTableAssociation":
14657
- return this.deleteSubnetRouteTableAssociation(logicalId, physicalId, resourceType);
14944
+ return this.deleteSubnetRouteTableAssociation(logicalId, physicalId, resourceType, context);
14658
14945
  case "AWS::EC2::SecurityGroup":
14659
- return this.deleteSecurityGroup(logicalId, physicalId, resourceType);
14946
+ return this.deleteSecurityGroup(logicalId, physicalId, resourceType, context);
14660
14947
  case "AWS::EC2::SecurityGroupIngress":
14661
- return this.deleteSecurityGroupIngress(logicalId, physicalId, resourceType, properties);
14948
+ return this.deleteSecurityGroupIngress(
14949
+ logicalId,
14950
+ physicalId,
14951
+ resourceType,
14952
+ properties,
14953
+ context
14954
+ );
14662
14955
  case "AWS::EC2::Instance":
14663
- return this.deleteInstance(logicalId, physicalId, resourceType);
14956
+ return this.deleteInstance(logicalId, physicalId, resourceType, context);
14664
14957
  case "AWS::EC2::NetworkAcl":
14665
- return this.deleteNetworkAcl(logicalId, physicalId, resourceType);
14958
+ return this.deleteNetworkAcl(logicalId, physicalId, resourceType, context);
14666
14959
  case "AWS::EC2::NetworkAclEntry":
14667
- return this.deleteNetworkAclEntry(logicalId, physicalId, resourceType);
14960
+ return this.deleteNetworkAclEntry(logicalId, physicalId, resourceType, context);
14668
14961
  case "AWS::EC2::SubnetNetworkAclAssociation":
14669
14962
  this.logger.debug(`SubnetNetworkAclAssociation ${logicalId} delete is a no-op`);
14670
14963
  return;
@@ -14805,7 +15098,7 @@ var EC2Provider = class {
14805
15098
  );
14806
15099
  }
14807
15100
  }
14808
- async deleteVpc(logicalId, physicalId, resourceType) {
15101
+ async deleteVpc(logicalId, physicalId, resourceType, context) {
14809
15102
  this.logger.debug(`Deleting VPC ${logicalId}: ${physicalId}`);
14810
15103
  const maxAttempts = 10;
14811
15104
  for (let attempt = 1; attempt <= maxAttempts; attempt++) {
@@ -14815,6 +15108,14 @@ var EC2Provider = class {
14815
15108
  return;
14816
15109
  } catch (error) {
14817
15110
  if (this.isNotFoundError(error)) {
15111
+ const clientRegion = await this.ec2Client.config.region();
15112
+ assertRegionMatch(
15113
+ clientRegion,
15114
+ context?.expectedRegion,
15115
+ resourceType,
15116
+ logicalId,
15117
+ physicalId
15118
+ );
14818
15119
  this.logger.debug(`VPC ${physicalId} does not exist, skipping deletion`);
14819
15120
  return;
14820
15121
  }
@@ -14920,7 +15221,7 @@ var EC2Provider = class {
14920
15221
  this.logger.debug(`Updating Subnet ${logicalId}: ${physicalId} (no-op, immutable properties)`);
14921
15222
  return Promise.resolve({ physicalId, wasReplaced: false });
14922
15223
  }
14923
- async deleteSubnet(logicalId, physicalId, resourceType) {
15224
+ async deleteSubnet(logicalId, physicalId, resourceType, context) {
14924
15225
  this.logger.debug(`Deleting Subnet ${logicalId}: ${physicalId}`);
14925
15226
  const maxAttempts = 10;
14926
15227
  for (let attempt = 1; attempt <= maxAttempts; attempt++) {
@@ -14930,6 +15231,14 @@ var EC2Provider = class {
14930
15231
  return;
14931
15232
  } catch (error) {
14932
15233
  if (this.isNotFoundError(error)) {
15234
+ const clientRegion = await this.ec2Client.config.region();
15235
+ assertRegionMatch(
15236
+ clientRegion,
15237
+ context?.expectedRegion,
15238
+ resourceType,
15239
+ logicalId,
15240
+ physicalId
15241
+ );
14933
15242
  this.logger.debug(`Subnet ${physicalId} does not exist, skipping deletion`);
14934
15243
  return;
14935
15244
  }
@@ -15048,7 +15357,7 @@ var EC2Provider = class {
15048
15357
  this.logger.debug(`Updating InternetGateway ${logicalId}: ${physicalId} (no-op)`);
15049
15358
  return Promise.resolve({ physicalId, wasReplaced: false });
15050
15359
  }
15051
- async deleteInternetGateway(logicalId, physicalId, resourceType) {
15360
+ async deleteInternetGateway(logicalId, physicalId, resourceType, context) {
15052
15361
  this.logger.debug(`Deleting InternetGateway ${logicalId}: ${physicalId}`);
15053
15362
  try {
15054
15363
  await this.ec2Client.send(
@@ -15057,6 +15366,14 @@ var EC2Provider = class {
15057
15366
  this.logger.debug(`Successfully deleted InternetGateway ${logicalId}`);
15058
15367
  } catch (error) {
15059
15368
  if (this.isNotFoundError(error)) {
15369
+ const clientRegion = await this.ec2Client.config.region();
15370
+ assertRegionMatch(
15371
+ clientRegion,
15372
+ context?.expectedRegion,
15373
+ resourceType,
15374
+ logicalId,
15375
+ physicalId
15376
+ );
15060
15377
  this.logger.debug(`InternetGateway ${physicalId} does not exist, skipping deletion`);
15061
15378
  return;
15062
15379
  }
@@ -15110,7 +15427,7 @@ var EC2Provider = class {
15110
15427
  this.logger.debug(`Updating VPCGatewayAttachment ${logicalId}: ${physicalId} (no-op)`);
15111
15428
  return Promise.resolve({ physicalId, wasReplaced: false });
15112
15429
  }
15113
- async deleteVpcGatewayAttachment(logicalId, physicalId, resourceType) {
15430
+ async deleteVpcGatewayAttachment(logicalId, physicalId, resourceType, context) {
15114
15431
  this.logger.debug(`Deleting VPCGatewayAttachment ${logicalId}: ${physicalId}`);
15115
15432
  const parts = physicalId.split("|");
15116
15433
  if (parts.length !== 2) {
@@ -15132,6 +15449,14 @@ var EC2Provider = class {
15132
15449
  this.logger.debug(`Successfully deleted VPCGatewayAttachment ${logicalId}`);
15133
15450
  } catch (error) {
15134
15451
  if (this.isNotFoundError(error)) {
15452
+ const clientRegion = await this.ec2Client.config.region();
15453
+ assertRegionMatch(
15454
+ clientRegion,
15455
+ context?.expectedRegion,
15456
+ resourceType,
15457
+ logicalId,
15458
+ physicalId
15459
+ );
15135
15460
  this.logger.debug(`VPCGatewayAttachment ${physicalId} does not exist, skipping deletion`);
15136
15461
  return;
15137
15462
  }
@@ -15182,13 +15507,21 @@ var EC2Provider = class {
15182
15507
  this.logger.debug(`Updating RouteTable ${logicalId}: ${physicalId} (no-op)`);
15183
15508
  return Promise.resolve({ physicalId, wasReplaced: false });
15184
15509
  }
15185
- async deleteRouteTable(logicalId, physicalId, resourceType) {
15510
+ async deleteRouteTable(logicalId, physicalId, resourceType, context) {
15186
15511
  this.logger.debug(`Deleting RouteTable ${logicalId}: ${physicalId}`);
15187
15512
  try {
15188
15513
  await this.ec2Client.send(new DeleteRouteTableCommand({ RouteTableId: physicalId }));
15189
15514
  this.logger.debug(`Successfully deleted RouteTable ${logicalId}`);
15190
15515
  } catch (error) {
15191
15516
  if (this.isNotFoundError(error)) {
15517
+ const clientRegion = await this.ec2Client.config.region();
15518
+ assertRegionMatch(
15519
+ clientRegion,
15520
+ context?.expectedRegion,
15521
+ resourceType,
15522
+ logicalId,
15523
+ physicalId
15524
+ );
15192
15525
  this.logger.debug(`RouteTable ${physicalId} does not exist, skipping deletion`);
15193
15526
  return;
15194
15527
  }
@@ -15268,7 +15601,7 @@ var EC2Provider = class {
15268
15601
  );
15269
15602
  }
15270
15603
  }
15271
- async deleteRoute(logicalId, physicalId, resourceType) {
15604
+ async deleteRoute(logicalId, physicalId, resourceType, context) {
15272
15605
  this.logger.debug(`Deleting Route ${logicalId}: ${physicalId}`);
15273
15606
  const parts = physicalId.split("|");
15274
15607
  if (parts.length !== 2) {
@@ -15291,6 +15624,14 @@ var EC2Provider = class {
15291
15624
  this.logger.debug(`Successfully deleted Route ${logicalId}`);
15292
15625
  } catch (error) {
15293
15626
  if (this.isNotFoundError(error)) {
15627
+ const clientRegion = await this.ec2Client.config.region();
15628
+ assertRegionMatch(
15629
+ clientRegion,
15630
+ context?.expectedRegion,
15631
+ resourceType,
15632
+ logicalId,
15633
+ physicalId
15634
+ );
15294
15635
  this.logger.debug(`Route ${physicalId} does not exist, skipping deletion`);
15295
15636
  return;
15296
15637
  }
@@ -15348,13 +15689,21 @@ var EC2Provider = class {
15348
15689
  );
15349
15690
  return Promise.resolve({ physicalId, wasReplaced: false });
15350
15691
  }
15351
- async deleteSubnetRouteTableAssociation(logicalId, physicalId, resourceType) {
15692
+ async deleteSubnetRouteTableAssociation(logicalId, physicalId, resourceType, context) {
15352
15693
  this.logger.debug(`Deleting SubnetRouteTableAssociation ${logicalId}: ${physicalId}`);
15353
15694
  try {
15354
15695
  await this.ec2Client.send(new DisassociateRouteTableCommand({ AssociationId: physicalId }));
15355
15696
  this.logger.debug(`Successfully deleted SubnetRouteTableAssociation ${logicalId}`);
15356
15697
  } catch (error) {
15357
15698
  if (this.isNotFoundError(error)) {
15699
+ const clientRegion = await this.ec2Client.config.region();
15700
+ assertRegionMatch(
15701
+ clientRegion,
15702
+ context?.expectedRegion,
15703
+ resourceType,
15704
+ logicalId,
15705
+ physicalId
15706
+ );
15358
15707
  this.logger.debug(
15359
15708
  `SubnetRouteTableAssociation ${physicalId} does not exist, skipping deletion`
15360
15709
  );
@@ -15485,7 +15834,7 @@ var EC2Provider = class {
15485
15834
  );
15486
15835
  }
15487
15836
  }
15488
- async deleteSecurityGroup(logicalId, physicalId, resourceType) {
15837
+ async deleteSecurityGroup(logicalId, physicalId, resourceType, context) {
15489
15838
  this.logger.debug(`Deleting SecurityGroup ${logicalId}: ${physicalId}`);
15490
15839
  const maxAttempts = 10;
15491
15840
  for (let attempt = 1; attempt <= maxAttempts; attempt++) {
@@ -15495,6 +15844,14 @@ var EC2Provider = class {
15495
15844
  return;
15496
15845
  } catch (error) {
15497
15846
  if (this.isNotFoundError(error)) {
15847
+ const clientRegion = await this.ec2Client.config.region();
15848
+ assertRegionMatch(
15849
+ clientRegion,
15850
+ context?.expectedRegion,
15851
+ resourceType,
15852
+ logicalId,
15853
+ physicalId
15854
+ );
15498
15855
  this.logger.debug(`SecurityGroup ${physicalId} does not exist, skipping deletion`);
15499
15856
  return;
15500
15857
  }
@@ -15652,7 +16009,7 @@ var EC2Provider = class {
15652
16009
  );
15653
16010
  }
15654
16011
  }
15655
- async deleteSecurityGroupIngress(logicalId, physicalId, resourceType, properties) {
16012
+ async deleteSecurityGroupIngress(logicalId, physicalId, resourceType, properties, context) {
15656
16013
  this.logger.debug(`Deleting SecurityGroupIngress ${logicalId}: ${physicalId}`);
15657
16014
  const parts = physicalId.split("|");
15658
16015
  if (parts.length !== 4) {
@@ -15679,6 +16036,14 @@ var EC2Provider = class {
15679
16036
  this.logger.debug(`Successfully deleted SecurityGroupIngress ${logicalId}`);
15680
16037
  } catch (error) {
15681
16038
  if (this.isNotFoundError(error)) {
16039
+ const clientRegion = await this.ec2Client.config.region();
16040
+ assertRegionMatch(
16041
+ clientRegion,
16042
+ context?.expectedRegion,
16043
+ resourceType,
16044
+ logicalId,
16045
+ physicalId
16046
+ );
15682
16047
  this.logger.debug(`SecurityGroupIngress ${physicalId} does not exist, skipping deletion`);
15683
16048
  return;
15684
16049
  }
@@ -15795,7 +16160,7 @@ var EC2Provider = class {
15795
16160
  );
15796
16161
  }
15797
16162
  }
15798
- async deleteInstance(logicalId, physicalId, resourceType) {
16163
+ async deleteInstance(logicalId, physicalId, resourceType, context) {
15799
16164
  this.logger.debug(`Terminating EC2 Instance ${logicalId}: ${physicalId}`);
15800
16165
  try {
15801
16166
  await this.ec2Client.send(new TerminateInstancesCommand({ InstanceIds: [physicalId] }));
@@ -15807,6 +16172,14 @@ var EC2Provider = class {
15807
16172
  this.logger.debug(`EC2 Instance ${logicalId} terminated: ${physicalId}`);
15808
16173
  } catch (error) {
15809
16174
  if (this.isNotFoundError(error)) {
16175
+ const clientRegion = await this.ec2Client.config.region();
16176
+ assertRegionMatch(
16177
+ clientRegion,
16178
+ context?.expectedRegion,
16179
+ resourceType,
16180
+ logicalId,
16181
+ physicalId
16182
+ );
15810
16183
  this.logger.debug(
15811
16184
  `EC2 Instance ${physicalId} already terminated (not found), treating as success`
15812
16185
  );
@@ -16042,13 +16415,21 @@ var EC2Provider = class {
16042
16415
  );
16043
16416
  }
16044
16417
  }
16045
- async deleteNetworkAcl(logicalId, physicalId, resourceType) {
16418
+ async deleteNetworkAcl(logicalId, physicalId, resourceType, context) {
16046
16419
  this.logger.debug(`Deleting NetworkAcl ${logicalId}: ${physicalId}`);
16047
16420
  try {
16048
16421
  await this.ec2Client.send(new DeleteNetworkAclCommand({ NetworkAclId: physicalId }));
16049
16422
  this.logger.debug(`Successfully deleted NetworkAcl ${logicalId}`);
16050
16423
  } catch (error) {
16051
16424
  if (this.isNotFoundError(error)) {
16425
+ const clientRegion = await this.ec2Client.config.region();
16426
+ assertRegionMatch(
16427
+ clientRegion,
16428
+ context?.expectedRegion,
16429
+ resourceType,
16430
+ logicalId,
16431
+ physicalId
16432
+ );
16052
16433
  this.logger.debug(`NetworkAcl ${physicalId} does not exist, skipping deletion`);
16053
16434
  return;
16054
16435
  }
@@ -16118,7 +16499,7 @@ var EC2Provider = class {
16118
16499
  );
16119
16500
  }
16120
16501
  }
16121
- async deleteNetworkAclEntry(logicalId, physicalId, resourceType) {
16502
+ async deleteNetworkAclEntry(logicalId, physicalId, resourceType, context) {
16122
16503
  this.logger.debug(`Deleting NetworkAclEntry ${logicalId}: ${physicalId}`);
16123
16504
  const parts = physicalId.split("|");
16124
16505
  if (parts.length < 3) {
@@ -16139,6 +16520,14 @@ var EC2Provider = class {
16139
16520
  this.logger.debug(`Successfully deleted NetworkAclEntry ${logicalId}`);
16140
16521
  } catch (error) {
16141
16522
  if (this.isNotFoundError(error)) {
16523
+ const clientRegion = await this.ec2Client.config.region();
16524
+ assertRegionMatch(
16525
+ clientRegion,
16526
+ context?.expectedRegion,
16527
+ resourceType,
16528
+ logicalId,
16529
+ physicalId
16530
+ );
16142
16531
  this.logger.debug(`NetworkAclEntry ${physicalId} does not exist, skipping deletion`);
16143
16532
  return;
16144
16533
  }
@@ -16381,20 +16770,20 @@ var ApiGatewayProvider = class _ApiGatewayProvider {
16381
16770
  /**
16382
16771
  * Delete a resource
16383
16772
  */
16384
- async delete(logicalId, physicalId, resourceType, properties) {
16773
+ async delete(logicalId, physicalId, resourceType, properties, context) {
16385
16774
  switch (resourceType) {
16386
16775
  case "AWS::ApiGateway::Account":
16387
16776
  return this.deleteAccount(logicalId, physicalId, resourceType);
16388
16777
  case "AWS::ApiGateway::Authorizer":
16389
- return this.deleteAuthorizer(logicalId, physicalId, resourceType, properties);
16778
+ return this.deleteAuthorizer(logicalId, physicalId, resourceType, properties, context);
16390
16779
  case "AWS::ApiGateway::Resource":
16391
- return this.deleteResource(logicalId, physicalId, resourceType, properties);
16780
+ return this.deleteResource(logicalId, physicalId, resourceType, properties, context);
16392
16781
  case "AWS::ApiGateway::Deployment":
16393
- return this.deleteDeployment(logicalId, physicalId, resourceType, properties);
16782
+ return this.deleteDeployment(logicalId, physicalId, resourceType, properties, context);
16394
16783
  case "AWS::ApiGateway::Stage":
16395
- return this.deleteStage(logicalId, physicalId, resourceType, properties);
16784
+ return this.deleteStage(logicalId, physicalId, resourceType, properties, context);
16396
16785
  case "AWS::ApiGateway::Method":
16397
- return this.deleteMethod(logicalId, physicalId, resourceType);
16786
+ return this.deleteMethod(logicalId, physicalId, resourceType, context);
16398
16787
  default:
16399
16788
  throw new ProvisioningError(
16400
16789
  `Unsupported resource type: ${resourceType}`,
@@ -16616,7 +17005,7 @@ var ApiGatewayProvider = class _ApiGatewayProvider {
16616
17005
  /**
16617
17006
  * Delete an API Gateway Authorizer
16618
17007
  */
16619
- async deleteAuthorizer(logicalId, physicalId, resourceType, properties) {
17008
+ async deleteAuthorizer(logicalId, physicalId, resourceType, properties, context) {
16620
17009
  this.logger.debug(`Deleting API Gateway Authorizer ${logicalId}: ${physicalId}`);
16621
17010
  const restApiId = properties?.["RestApiId"];
16622
17011
  if (!restApiId) {
@@ -16637,6 +17026,14 @@ var ApiGatewayProvider = class _ApiGatewayProvider {
16637
17026
  this.logger.debug(`Successfully deleted API Gateway Authorizer ${logicalId}`);
16638
17027
  } catch (error) {
16639
17028
  if (error instanceof NotFoundException3) {
17029
+ const clientRegion = await this.apiGatewayClient.config.region();
17030
+ assertRegionMatch(
17031
+ clientRegion,
17032
+ context?.expectedRegion,
17033
+ resourceType,
17034
+ logicalId,
17035
+ physicalId
17036
+ );
16640
17037
  this.logger.debug(`API Gateway Authorizer ${physicalId} does not exist, skipping deletion`);
16641
17038
  return;
16642
17039
  }
@@ -16741,7 +17138,7 @@ var ApiGatewayProvider = class _ApiGatewayProvider {
16741
17138
  /**
16742
17139
  * Delete an API Gateway Resource
16743
17140
  */
16744
- async deleteResource(logicalId, physicalId, resourceType, properties) {
17141
+ async deleteResource(logicalId, physicalId, resourceType, properties, context) {
16745
17142
  this.logger.debug(`Deleting API Gateway Resource ${logicalId}: ${physicalId}`);
16746
17143
  const restApiId = properties?.["RestApiId"];
16747
17144
  if (!restApiId) {
@@ -16762,6 +17159,14 @@ var ApiGatewayProvider = class _ApiGatewayProvider {
16762
17159
  this.logger.debug(`Successfully deleted API Gateway Resource ${logicalId}`);
16763
17160
  } catch (error) {
16764
17161
  if (error instanceof NotFoundException3) {
17162
+ const clientRegion = await this.apiGatewayClient.config.region();
17163
+ assertRegionMatch(
17164
+ clientRegion,
17165
+ context?.expectedRegion,
17166
+ resourceType,
17167
+ logicalId,
17168
+ physicalId
17169
+ );
16765
17170
  this.logger.debug(`API Gateway Resource ${physicalId} does not exist, skipping deletion`);
16766
17171
  return;
16767
17172
  }
@@ -16845,7 +17250,7 @@ var ApiGatewayProvider = class _ApiGatewayProvider {
16845
17250
  /**
16846
17251
  * Delete an API Gateway Deployment
16847
17252
  */
16848
- async deleteDeployment(logicalId, physicalId, resourceType, properties) {
17253
+ async deleteDeployment(logicalId, physicalId, resourceType, properties, context) {
16849
17254
  this.logger.debug(`Deleting API Gateway Deployment ${logicalId}: ${physicalId}`);
16850
17255
  const restApiId = properties?.["RestApiId"];
16851
17256
  if (!restApiId) {
@@ -16866,6 +17271,14 @@ var ApiGatewayProvider = class _ApiGatewayProvider {
16866
17271
  this.logger.debug(`Successfully deleted API Gateway Deployment ${logicalId}`);
16867
17272
  } catch (error) {
16868
17273
  if (error instanceof NotFoundException3) {
17274
+ const clientRegion = await this.apiGatewayClient.config.region();
17275
+ assertRegionMatch(
17276
+ clientRegion,
17277
+ context?.expectedRegion,
17278
+ resourceType,
17279
+ logicalId,
17280
+ physicalId
17281
+ );
16869
17282
  this.logger.debug(`API Gateway Deployment ${physicalId} does not exist, skipping deletion`);
16870
17283
  return;
16871
17284
  }
@@ -17003,7 +17416,7 @@ var ApiGatewayProvider = class _ApiGatewayProvider {
17003
17416
  /**
17004
17417
  * Delete an API Gateway Stage
17005
17418
  */
17006
- async deleteStage(logicalId, physicalId, resourceType, properties) {
17419
+ async deleteStage(logicalId, physicalId, resourceType, properties, context) {
17007
17420
  this.logger.debug(`Deleting API Gateway Stage ${logicalId}: ${physicalId}`);
17008
17421
  const restApiId = properties?.["RestApiId"];
17009
17422
  if (!restApiId) {
@@ -17024,6 +17437,14 @@ var ApiGatewayProvider = class _ApiGatewayProvider {
17024
17437
  this.logger.debug(`Successfully deleted API Gateway Stage ${logicalId}`);
17025
17438
  } catch (error) {
17026
17439
  if (error instanceof NotFoundException3) {
17440
+ const clientRegion = await this.apiGatewayClient.config.region();
17441
+ assertRegionMatch(
17442
+ clientRegion,
17443
+ context?.expectedRegion,
17444
+ resourceType,
17445
+ logicalId,
17446
+ physicalId
17447
+ );
17027
17448
  this.logger.debug(`API Gateway Stage ${physicalId} does not exist, skipping deletion`);
17028
17449
  return;
17029
17450
  }
@@ -17143,7 +17564,7 @@ var ApiGatewayProvider = class _ApiGatewayProvider {
17143
17564
  * Parses the composite physicalId (`restApiId|resourceId|httpMethod`) and
17144
17565
  * calls DeleteMethodCommand. Handles NotFoundException gracefully.
17145
17566
  */
17146
- async deleteMethod(logicalId, physicalId, resourceType) {
17567
+ async deleteMethod(logicalId, physicalId, resourceType, context) {
17147
17568
  this.logger.debug(`Deleting API Gateway Method ${logicalId}: ${physicalId}`);
17148
17569
  const parts = physicalId.split("|");
17149
17570
  if (parts.length !== 3) {
@@ -17166,6 +17587,14 @@ var ApiGatewayProvider = class _ApiGatewayProvider {
17166
17587
  this.logger.debug(`Successfully deleted API Gateway Method ${logicalId}`);
17167
17588
  } catch (error) {
17168
17589
  if (error instanceof NotFoundException3) {
17590
+ const clientRegion = await this.apiGatewayClient.config.region();
17591
+ assertRegionMatch(
17592
+ clientRegion,
17593
+ context?.expectedRegion,
17594
+ resourceType,
17595
+ logicalId,
17596
+ physicalId
17597
+ );
17169
17598
  this.logger.debug(`API Gateway Method ${physicalId} does not exist, skipping deletion`);
17170
17599
  return;
17171
17600
  }
@@ -17306,18 +17735,18 @@ var ApiGatewayV2Provider = class {
17306
17735
  attributes: {}
17307
17736
  });
17308
17737
  }
17309
- async delete(logicalId, physicalId, resourceType, properties) {
17738
+ async delete(logicalId, physicalId, resourceType, properties, context) {
17310
17739
  switch (resourceType) {
17311
17740
  case "AWS::ApiGatewayV2::Api":
17312
- return this.deleteApi(logicalId, physicalId, resourceType);
17741
+ return this.deleteApi(logicalId, physicalId, resourceType, context);
17313
17742
  case "AWS::ApiGatewayV2::Stage":
17314
- return this.deleteStage(logicalId, physicalId, resourceType, properties);
17743
+ return this.deleteStage(logicalId, physicalId, resourceType, properties, context);
17315
17744
  case "AWS::ApiGatewayV2::Integration":
17316
- return this.deleteIntegration(logicalId, physicalId, resourceType, properties);
17745
+ return this.deleteIntegration(logicalId, physicalId, resourceType, properties, context);
17317
17746
  case "AWS::ApiGatewayV2::Route":
17318
- return this.deleteRoute(logicalId, physicalId, resourceType, properties);
17747
+ return this.deleteRoute(logicalId, physicalId, resourceType, properties, context);
17319
17748
  case "AWS::ApiGatewayV2::Authorizer":
17320
- return this.deleteAuthorizer(logicalId, physicalId, resourceType, properties);
17749
+ return this.deleteAuthorizer(logicalId, physicalId, resourceType, properties, context);
17321
17750
  default:
17322
17751
  throw new ProvisioningError(
17323
17752
  `Unsupported resource type: ${resourceType}`,
@@ -17388,13 +17817,21 @@ var ApiGatewayV2Provider = class {
17388
17817
  );
17389
17818
  }
17390
17819
  }
17391
- async deleteApi(logicalId, physicalId, resourceType) {
17820
+ async deleteApi(logicalId, physicalId, resourceType, context) {
17392
17821
  this.logger.debug(`Deleting API Gateway V2 Api ${logicalId}: ${physicalId}`);
17393
17822
  try {
17394
17823
  await this.getClient().send(new DeleteApiCommand({ ApiId: physicalId }));
17395
17824
  this.logger.debug(`Successfully deleted API Gateway V2 Api ${logicalId}`);
17396
17825
  } catch (error) {
17397
17826
  if (error instanceof NotFoundException4) {
17827
+ const clientRegion = await this.getClient().config.region();
17828
+ assertRegionMatch(
17829
+ clientRegion,
17830
+ context?.expectedRegion,
17831
+ resourceType,
17832
+ logicalId,
17833
+ physicalId
17834
+ );
17398
17835
  this.logger.debug(`API Gateway V2 Api ${physicalId} does not exist, skipping deletion`);
17399
17836
  return;
17400
17837
  }
@@ -17451,7 +17888,7 @@ var ApiGatewayV2Provider = class {
17451
17888
  );
17452
17889
  }
17453
17890
  }
17454
- async deleteStage(logicalId, physicalId, resourceType, properties) {
17891
+ async deleteStage(logicalId, physicalId, resourceType, properties, context) {
17455
17892
  this.logger.debug(`Deleting API Gateway V2 Stage ${logicalId}: ${physicalId}`);
17456
17893
  const apiId = properties?.["ApiId"];
17457
17894
  if (!apiId) {
@@ -17467,6 +17904,14 @@ var ApiGatewayV2Provider = class {
17467
17904
  this.logger.debug(`Successfully deleted API Gateway V2 Stage ${logicalId}`);
17468
17905
  } catch (error) {
17469
17906
  if (error instanceof NotFoundException4) {
17907
+ const clientRegion = await this.getClient().config.region();
17908
+ assertRegionMatch(
17909
+ clientRegion,
17910
+ context?.expectedRegion,
17911
+ resourceType,
17912
+ logicalId,
17913
+ physicalId
17914
+ );
17470
17915
  this.logger.debug(`API Gateway V2 Stage ${physicalId} does not exist, skipping deletion`);
17471
17916
  return;
17472
17917
  }
@@ -17528,7 +17973,7 @@ var ApiGatewayV2Provider = class {
17528
17973
  );
17529
17974
  }
17530
17975
  }
17531
- async deleteIntegration(logicalId, physicalId, resourceType, properties) {
17976
+ async deleteIntegration(logicalId, physicalId, resourceType, properties, context) {
17532
17977
  this.logger.debug(`Deleting API Gateway V2 Integration ${logicalId}: ${physicalId}`);
17533
17978
  const apiId = properties?.["ApiId"];
17534
17979
  if (!apiId) {
@@ -17546,6 +17991,14 @@ var ApiGatewayV2Provider = class {
17546
17991
  this.logger.debug(`Successfully deleted API Gateway V2 Integration ${logicalId}`);
17547
17992
  } catch (error) {
17548
17993
  if (error instanceof NotFoundException4) {
17994
+ const clientRegion = await this.getClient().config.region();
17995
+ assertRegionMatch(
17996
+ clientRegion,
17997
+ context?.expectedRegion,
17998
+ resourceType,
17999
+ logicalId,
18000
+ physicalId
18001
+ );
17549
18002
  this.logger.debug(
17550
18003
  `API Gateway V2 Integration ${physicalId} does not exist, skipping deletion`
17551
18004
  );
@@ -17607,7 +18060,7 @@ var ApiGatewayV2Provider = class {
17607
18060
  );
17608
18061
  }
17609
18062
  }
17610
- async deleteRoute(logicalId, physicalId, resourceType, properties) {
18063
+ async deleteRoute(logicalId, physicalId, resourceType, properties, context) {
17611
18064
  this.logger.debug(`Deleting API Gateway V2 Route ${logicalId}: ${physicalId}`);
17612
18065
  const apiId = properties?.["ApiId"];
17613
18066
  if (!apiId) {
@@ -17623,6 +18076,14 @@ var ApiGatewayV2Provider = class {
17623
18076
  this.logger.debug(`Successfully deleted API Gateway V2 Route ${logicalId}`);
17624
18077
  } catch (error) {
17625
18078
  if (error instanceof NotFoundException4) {
18079
+ const clientRegion = await this.getClient().config.region();
18080
+ assertRegionMatch(
18081
+ clientRegion,
18082
+ context?.expectedRegion,
18083
+ resourceType,
18084
+ logicalId,
18085
+ physicalId
18086
+ );
17626
18087
  this.logger.debug(`API Gateway V2 Route ${physicalId} does not exist, skipping deletion`);
17627
18088
  return;
17628
18089
  }
@@ -17687,7 +18148,7 @@ var ApiGatewayV2Provider = class {
17687
18148
  );
17688
18149
  }
17689
18150
  }
17690
- async deleteAuthorizer(logicalId, physicalId, resourceType, properties) {
18151
+ async deleteAuthorizer(logicalId, physicalId, resourceType, properties, context) {
17691
18152
  this.logger.debug(`Deleting API Gateway V2 Authorizer ${logicalId}: ${physicalId}`);
17692
18153
  const apiId = properties?.["ApiId"];
17693
18154
  if (!apiId) {
@@ -17705,6 +18166,14 @@ var ApiGatewayV2Provider = class {
17705
18166
  this.logger.debug(`Successfully deleted API Gateway V2 Authorizer ${logicalId}`);
17706
18167
  } catch (error) {
17707
18168
  if (error instanceof NotFoundException4) {
18169
+ const clientRegion = await this.getClient().config.region();
18170
+ assertRegionMatch(
18171
+ clientRegion,
18172
+ context?.expectedRegion,
18173
+ resourceType,
18174
+ logicalId,
18175
+ physicalId
18176
+ );
17708
18177
  this.logger.debug(
17709
18178
  `API Gateway V2 Authorizer ${physicalId} does not exist, skipping deletion`
17710
18179
  );
@@ -17812,7 +18281,7 @@ var CloudFrontOAIProvider = class {
17812
18281
  *
17813
18282
  * Requires fetching the ETag first, then passing it as IfMatch for deletion.
17814
18283
  */
17815
- async delete(logicalId, physicalId, resourceType, _properties) {
18284
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
17816
18285
  this.logger.debug(`Deleting CloudFront OAI ${logicalId}: ${physicalId}`);
17817
18286
  try {
17818
18287
  let etag;
@@ -17823,6 +18292,14 @@ var CloudFrontOAIProvider = class {
17823
18292
  etag = getResponse.ETag;
17824
18293
  } catch (error) {
17825
18294
  if (error instanceof NoSuchCloudFrontOriginAccessIdentity) {
18295
+ const clientRegion = await this.cloudFrontClient.config.region();
18296
+ assertRegionMatch(
18297
+ clientRegion,
18298
+ context?.expectedRegion,
18299
+ resourceType,
18300
+ logicalId,
18301
+ physicalId
18302
+ );
17826
18303
  this.logger.debug(`OAI ${physicalId} does not exist, skipping deletion`);
17827
18304
  return;
17828
18305
  }
@@ -17837,6 +18314,14 @@ var CloudFrontOAIProvider = class {
17837
18314
  this.logger.debug(`Successfully deleted CloudFront OAI ${logicalId}`);
17838
18315
  } catch (error) {
17839
18316
  if (error instanceof NoSuchCloudFrontOriginAccessIdentity) {
18317
+ const clientRegion = await this.cloudFrontClient.config.region();
18318
+ assertRegionMatch(
18319
+ clientRegion,
18320
+ context?.expectedRegion,
18321
+ resourceType,
18322
+ logicalId,
18323
+ physicalId
18324
+ );
17840
18325
  this.logger.debug(`OAI ${physicalId} does not exist, skipping deletion`);
17841
18326
  return;
17842
18327
  }
@@ -18010,7 +18495,7 @@ var CloudFrontDistributionProvider = class {
18010
18495
  * 2. If Enabled, update to Enabled=false and wait
18011
18496
  * 3. Delete with the latest ETag
18012
18497
  */
18013
- async delete(logicalId, physicalId, resourceType, _properties) {
18498
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
18014
18499
  this.logger.debug(`Deleting CloudFront Distribution ${logicalId}: ${physicalId}`);
18015
18500
  try {
18016
18501
  let etag;
@@ -18023,6 +18508,14 @@ var CloudFrontDistributionProvider = class {
18023
18508
  config = getConfigResponse.DistributionConfig;
18024
18509
  } catch (error) {
18025
18510
  if (error instanceof NoSuchDistribution) {
18511
+ const clientRegion = await this.cloudFrontClient.config.region();
18512
+ assertRegionMatch(
18513
+ clientRegion,
18514
+ context?.expectedRegion,
18515
+ resourceType,
18516
+ logicalId,
18517
+ physicalId
18518
+ );
18026
18519
  this.logger.debug(`Distribution ${physicalId} does not exist, skipping deletion`);
18027
18520
  return;
18028
18521
  }
@@ -18054,6 +18547,14 @@ var CloudFrontDistributionProvider = class {
18054
18547
  this.logger.debug(`Successfully deleted CloudFront Distribution ${logicalId}`);
18055
18548
  } catch (error) {
18056
18549
  if (error instanceof NoSuchDistribution) {
18550
+ const clientRegion = await this.cloudFrontClient.config.region();
18551
+ assertRegionMatch(
18552
+ clientRegion,
18553
+ context?.expectedRegion,
18554
+ resourceType,
18555
+ logicalId,
18556
+ physicalId
18557
+ );
18057
18558
  this.logger.debug(`Distribution ${physicalId} does not exist, skipping deletion`);
18058
18559
  return;
18059
18560
  }
@@ -18473,7 +18974,7 @@ var AgentCoreRuntimeProvider = class {
18473
18974
  /**
18474
18975
  * Delete a BedrockAgentCore Runtime
18475
18976
  */
18476
- async delete(logicalId, physicalId, resourceType, _properties) {
18977
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
18477
18978
  this.logger.debug(`Deleting BedrockAgentCore Runtime ${logicalId}: ${physicalId}`);
18478
18979
  try {
18479
18980
  await this.client.send(
@@ -18484,6 +18985,14 @@ var AgentCoreRuntimeProvider = class {
18484
18985
  this.logger.debug(`Successfully deleted BedrockAgentCore Runtime ${logicalId}`);
18485
18986
  } catch (error) {
18486
18987
  if (error instanceof ResourceNotFoundException11) {
18988
+ const clientRegion = await this.client.config.region();
18989
+ assertRegionMatch(
18990
+ clientRegion,
18991
+ context?.expectedRegion,
18992
+ resourceType,
18993
+ logicalId,
18994
+ physicalId
18995
+ );
18487
18996
  this.logger.debug(`Runtime ${physicalId} does not exist, skipping deletion`);
18488
18997
  return;
18489
18998
  }
@@ -18679,13 +19188,21 @@ var StepFunctionsProvider = class {
18679
19188
  /**
18680
19189
  * Delete a Step Functions state machine
18681
19190
  */
18682
- async delete(logicalId, physicalId, resourceType, _properties) {
19191
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
18683
19192
  this.logger.debug(`Deleting Step Functions state machine ${logicalId}: ${physicalId}`);
18684
19193
  try {
18685
19194
  await this.getClient().send(new DeleteStateMachineCommand({ stateMachineArn: physicalId }));
18686
19195
  this.logger.debug(`Successfully deleted Step Functions state machine ${logicalId}`);
18687
19196
  } catch (error) {
18688
19197
  if (error instanceof StateMachineDoesNotExist) {
19198
+ const clientRegion = await this.getClient().config.region();
19199
+ assertRegionMatch(
19200
+ clientRegion,
19201
+ context?.expectedRegion,
19202
+ resourceType,
19203
+ logicalId,
19204
+ physicalId
19205
+ );
18689
19206
  this.logger.debug(
18690
19207
  `Step Functions state machine ${physicalId} does not exist, skipping deletion`
18691
19208
  );
@@ -18852,14 +19369,14 @@ var ECSProvider = class {
18852
19369
  );
18853
19370
  }
18854
19371
  }
18855
- async delete(logicalId, physicalId, resourceType, properties) {
19372
+ async delete(logicalId, physicalId, resourceType, properties, context) {
18856
19373
  switch (resourceType) {
18857
19374
  case "AWS::ECS::Cluster":
18858
- return this.deleteCluster(logicalId, physicalId, resourceType);
19375
+ return this.deleteCluster(logicalId, physicalId, resourceType, context);
18859
19376
  case "AWS::ECS::TaskDefinition":
18860
- return this.deleteTaskDefinition(logicalId, physicalId, resourceType);
19377
+ return this.deleteTaskDefinition(logicalId, physicalId, resourceType, context);
18861
19378
  case "AWS::ECS::Service":
18862
- return this.deleteService(logicalId, physicalId, resourceType, properties);
19379
+ return this.deleteService(logicalId, physicalId, resourceType, properties, context);
18863
19380
  default:
18864
19381
  throw new ProvisioningError(
18865
19382
  `Unsupported resource type: ${resourceType}`,
@@ -18960,7 +19477,7 @@ var ECSProvider = class {
18960
19477
  );
18961
19478
  }
18962
19479
  }
18963
- async deleteCluster(logicalId, physicalId, resourceType) {
19480
+ async deleteCluster(logicalId, physicalId, resourceType, context) {
18964
19481
  this.logger.debug(`Deleting ECS cluster ${logicalId}: ${physicalId}`);
18965
19482
  const client = this.getClient();
18966
19483
  try {
@@ -18968,6 +19485,14 @@ var ECSProvider = class {
18968
19485
  this.logger.debug(`Successfully deleted ECS cluster ${logicalId}`);
18969
19486
  } catch (error) {
18970
19487
  if (this.isClusterNotFoundException(error)) {
19488
+ const clientRegion = await client.config.region();
19489
+ assertRegionMatch(
19490
+ clientRegion,
19491
+ context?.expectedRegion,
19492
+ resourceType,
19493
+ logicalId,
19494
+ physicalId
19495
+ );
18971
19496
  this.logger.debug(`ECS cluster ${physicalId} not found, skipping deletion`);
18972
19497
  return;
18973
19498
  }
@@ -19067,7 +19592,7 @@ var ECSProvider = class {
19067
19592
  attributes: result.attributes ?? {}
19068
19593
  };
19069
19594
  }
19070
- async deleteTaskDefinition(logicalId, physicalId, resourceType) {
19595
+ async deleteTaskDefinition(logicalId, physicalId, resourceType, context) {
19071
19596
  this.logger.debug(`Deleting ECS task definition ${logicalId}: ${physicalId}`);
19072
19597
  const client = this.getClient();
19073
19598
  try {
@@ -19075,6 +19600,14 @@ var ECSProvider = class {
19075
19600
  this.logger.debug(`Successfully deregistered ECS task definition ${logicalId}`);
19076
19601
  } catch (error) {
19077
19602
  if (this.isNotFoundException(error)) {
19603
+ const clientRegion = await client.config.region();
19604
+ assertRegionMatch(
19605
+ clientRegion,
19606
+ context?.expectedRegion,
19607
+ resourceType,
19608
+ logicalId,
19609
+ physicalId
19610
+ );
19078
19611
  this.logger.debug(`ECS task definition ${physicalId} not found, skipping deletion`);
19079
19612
  return;
19080
19613
  }
@@ -19213,7 +19746,7 @@ var ECSProvider = class {
19213
19746
  );
19214
19747
  }
19215
19748
  }
19216
- async deleteService(logicalId, physicalId, resourceType, properties) {
19749
+ async deleteService(logicalId, physicalId, resourceType, properties, context) {
19217
19750
  this.logger.debug(`Deleting ECS service ${logicalId}: ${physicalId}`);
19218
19751
  const client = this.getClient();
19219
19752
  const cluster = properties?.["Cluster"];
@@ -19229,6 +19762,14 @@ var ECSProvider = class {
19229
19762
  this.logger.debug(`Scaled down ECS service ${physicalId} to 0`);
19230
19763
  } catch (error) {
19231
19764
  if (this.isServiceNotFoundException(error)) {
19765
+ const clientRegion = await client.config.region();
19766
+ assertRegionMatch(
19767
+ clientRegion,
19768
+ context?.expectedRegion,
19769
+ resourceType,
19770
+ logicalId,
19771
+ physicalId
19772
+ );
19232
19773
  this.logger.debug(
19233
19774
  `ECS service ${physicalId} not found during scale down, skipping deletion`
19234
19775
  );
@@ -19246,6 +19787,14 @@ var ECSProvider = class {
19246
19787
  this.logger.debug(`Successfully deleted ECS service ${logicalId}`);
19247
19788
  } catch (error) {
19248
19789
  if (this.isServiceNotFoundException(error)) {
19790
+ const clientRegion = await client.config.region();
19791
+ assertRegionMatch(
19792
+ clientRegion,
19793
+ context?.expectedRegion,
19794
+ resourceType,
19795
+ logicalId,
19796
+ physicalId
19797
+ );
19249
19798
  this.logger.debug(`ECS service ${physicalId} not found, skipping deletion`);
19250
19799
  return;
19251
19800
  }
@@ -19544,14 +20093,14 @@ var ELBv2Provider = class {
19544
20093
  );
19545
20094
  }
19546
20095
  }
19547
- async delete(logicalId, physicalId, resourceType, _properties) {
20096
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
19548
20097
  switch (resourceType) {
19549
20098
  case "AWS::ElasticLoadBalancingV2::LoadBalancer":
19550
- return this.deleteLoadBalancer(logicalId, physicalId, resourceType);
20099
+ return this.deleteLoadBalancer(logicalId, physicalId, resourceType, context);
19551
20100
  case "AWS::ElasticLoadBalancingV2::TargetGroup":
19552
- return this.deleteTargetGroup(logicalId, physicalId, resourceType);
20101
+ return this.deleteTargetGroup(logicalId, physicalId, resourceType, context);
19553
20102
  case "AWS::ElasticLoadBalancingV2::Listener":
19554
- return this.deleteListener(logicalId, physicalId, resourceType);
20103
+ return this.deleteListener(logicalId, physicalId, resourceType, context);
19555
20104
  default:
19556
20105
  throw new ProvisioningError(
19557
20106
  `Unsupported resource type: ${resourceType}`,
@@ -19652,13 +20201,21 @@ var ELBv2Provider = class {
19652
20201
  );
19653
20202
  }
19654
20203
  }
19655
- async deleteLoadBalancer(logicalId, physicalId, resourceType) {
20204
+ async deleteLoadBalancer(logicalId, physicalId, resourceType, context) {
19656
20205
  this.logger.debug(`Deleting LoadBalancer ${logicalId}: ${physicalId}`);
19657
20206
  try {
19658
20207
  await this.getClient().send(new DeleteLoadBalancerCommand({ LoadBalancerArn: physicalId }));
19659
20208
  this.logger.debug(`Successfully deleted LoadBalancer ${logicalId}`);
19660
20209
  } catch (error) {
19661
20210
  if (this.isNotFoundError(error)) {
20211
+ const clientRegion = await this.getClient().config.region();
20212
+ assertRegionMatch(
20213
+ clientRegion,
20214
+ context?.expectedRegion,
20215
+ resourceType,
20216
+ logicalId,
20217
+ physicalId
20218
+ );
19662
20219
  this.logger.debug(`LoadBalancer ${physicalId} does not exist, skipping deletion`);
19663
20220
  return;
19664
20221
  }
@@ -19768,13 +20325,21 @@ var ELBv2Provider = class {
19768
20325
  );
19769
20326
  }
19770
20327
  }
19771
- async deleteTargetGroup(logicalId, physicalId, resourceType) {
20328
+ async deleteTargetGroup(logicalId, physicalId, resourceType, context) {
19772
20329
  this.logger.debug(`Deleting TargetGroup ${logicalId}: ${physicalId}`);
19773
20330
  try {
19774
20331
  await this.getClient().send(new DeleteTargetGroupCommand({ TargetGroupArn: physicalId }));
19775
20332
  this.logger.debug(`Successfully deleted TargetGroup ${logicalId}`);
19776
20333
  } catch (error) {
19777
20334
  if (this.isNotFoundError(error)) {
20335
+ const clientRegion = await this.getClient().config.region();
20336
+ assertRegionMatch(
20337
+ clientRegion,
20338
+ context?.expectedRegion,
20339
+ resourceType,
20340
+ logicalId,
20341
+ physicalId
20342
+ );
19778
20343
  this.logger.debug(`TargetGroup ${physicalId} does not exist, skipping deletion`);
19779
20344
  return;
19780
20345
  }
@@ -19870,13 +20435,21 @@ var ELBv2Provider = class {
19870
20435
  );
19871
20436
  }
19872
20437
  }
19873
- async deleteListener(logicalId, physicalId, resourceType) {
20438
+ async deleteListener(logicalId, physicalId, resourceType, context) {
19874
20439
  this.logger.debug(`Deleting Listener ${logicalId}: ${physicalId}`);
19875
20440
  try {
19876
20441
  await this.getClient().send(new DeleteListenerCommand({ ListenerArn: physicalId }));
19877
20442
  this.logger.debug(`Successfully deleted Listener ${logicalId}`);
19878
20443
  } catch (error) {
19879
20444
  if (this.isNotFoundError(error)) {
20445
+ const clientRegion = await this.getClient().config.region();
20446
+ assertRegionMatch(
20447
+ clientRegion,
20448
+ context?.expectedRegion,
20449
+ resourceType,
20450
+ logicalId,
20451
+ physicalId
20452
+ );
19880
20453
  this.logger.debug(`Listener ${physicalId} does not exist, skipping deletion`);
19881
20454
  return;
19882
20455
  }
@@ -20026,14 +20599,14 @@ var RDSProvider = class {
20026
20599
  );
20027
20600
  }
20028
20601
  }
20029
- async delete(logicalId, physicalId, resourceType, _properties) {
20602
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
20030
20603
  switch (resourceType) {
20031
20604
  case "AWS::RDS::DBSubnetGroup":
20032
- return this.deleteDBSubnetGroup(logicalId, physicalId, resourceType);
20605
+ return this.deleteDBSubnetGroup(logicalId, physicalId, resourceType, context);
20033
20606
  case "AWS::RDS::DBCluster":
20034
- return this.deleteDBCluster(logicalId, physicalId, resourceType);
20607
+ return this.deleteDBCluster(logicalId, physicalId, resourceType, context);
20035
20608
  case "AWS::RDS::DBInstance":
20036
- return this.deleteDBInstance(logicalId, physicalId, resourceType);
20609
+ return this.deleteDBInstance(logicalId, physicalId, resourceType, context);
20037
20610
  default:
20038
20611
  throw new ProvisioningError(
20039
20612
  `Unsupported resource type: ${resourceType}`,
@@ -20104,7 +20677,7 @@ var RDSProvider = class {
20104
20677
  );
20105
20678
  }
20106
20679
  }
20107
- async deleteDBSubnetGroup(logicalId, physicalId, resourceType) {
20680
+ async deleteDBSubnetGroup(logicalId, physicalId, resourceType, context) {
20108
20681
  this.logger.debug(`Deleting DBSubnetGroup ${logicalId}: ${physicalId}`);
20109
20682
  try {
20110
20683
  await this.getClient().send(
@@ -20115,6 +20688,14 @@ var RDSProvider = class {
20115
20688
  this.logger.debug(`Successfully deleted DBSubnetGroup ${logicalId}`);
20116
20689
  } catch (error) {
20117
20690
  if (this.isNotFoundError(error, "DBSubnetGroupNotFoundFault")) {
20691
+ const clientRegion = await this.getClient().config.region();
20692
+ assertRegionMatch(
20693
+ clientRegion,
20694
+ context?.expectedRegion,
20695
+ resourceType,
20696
+ logicalId,
20697
+ physicalId
20698
+ );
20118
20699
  this.logger.debug(`DBSubnetGroup ${physicalId} does not exist, skipping deletion`);
20119
20700
  return;
20120
20701
  }
@@ -20237,7 +20818,7 @@ var RDSProvider = class {
20237
20818
  );
20238
20819
  }
20239
20820
  }
20240
- async deleteDBCluster(logicalId, physicalId, resourceType) {
20821
+ async deleteDBCluster(logicalId, physicalId, resourceType, context) {
20241
20822
  this.logger.debug(`Deleting DBCluster ${logicalId}: ${physicalId}`);
20242
20823
  try {
20243
20824
  try {
@@ -20264,6 +20845,14 @@ var RDSProvider = class {
20264
20845
  await this.waitForClusterDeleted(physicalId);
20265
20846
  } catch (error) {
20266
20847
  if (this.isNotFoundError(error, "DBClusterNotFoundFault")) {
20848
+ const clientRegion = await this.getClient().config.region();
20849
+ assertRegionMatch(
20850
+ clientRegion,
20851
+ context?.expectedRegion,
20852
+ resourceType,
20853
+ logicalId,
20854
+ physicalId
20855
+ );
20267
20856
  this.logger.debug(`DBCluster ${physicalId} does not exist, skipping deletion`);
20268
20857
  return;
20269
20858
  }
@@ -20357,7 +20946,7 @@ var RDSProvider = class {
20357
20946
  );
20358
20947
  }
20359
20948
  }
20360
- async deleteDBInstance(logicalId, physicalId, resourceType) {
20949
+ async deleteDBInstance(logicalId, physicalId, resourceType, context) {
20361
20950
  this.logger.debug(`Deleting DBInstance ${logicalId}: ${physicalId}`);
20362
20951
  try {
20363
20952
  try {
@@ -20385,6 +20974,14 @@ var RDSProvider = class {
20385
20974
  await this.waitForInstanceDeleted(physicalId);
20386
20975
  } catch (error) {
20387
20976
  if (this.isNotFoundError(error, "DBInstanceNotFoundFault")) {
20977
+ const clientRegion = await this.getClient().config.region();
20978
+ assertRegionMatch(
20979
+ clientRegion,
20980
+ context?.expectedRegion,
20981
+ resourceType,
20982
+ logicalId,
20983
+ physicalId
20984
+ );
20388
20985
  this.logger.debug(`DBInstance ${physicalId} does not exist, skipping deletion`);
20389
20986
  return;
20390
20987
  }
@@ -20598,12 +21195,12 @@ var Route53Provider = class {
20598
21195
  );
20599
21196
  }
20600
21197
  }
20601
- async delete(logicalId, physicalId, resourceType, properties) {
21198
+ async delete(logicalId, physicalId, resourceType, properties, context) {
20602
21199
  switch (resourceType) {
20603
21200
  case "AWS::Route53::HostedZone":
20604
- return this.deleteHostedZone(logicalId, physicalId, resourceType);
21201
+ return this.deleteHostedZone(logicalId, physicalId, resourceType, context);
20605
21202
  case "AWS::Route53::RecordSet":
20606
- return this.deleteRecordSet(logicalId, physicalId, resourceType, properties);
21203
+ return this.deleteRecordSet(logicalId, physicalId, resourceType, properties, context);
20607
21204
  default:
20608
21205
  throw new ProvisioningError(
20609
21206
  `Unsupported resource type: ${resourceType}`,
@@ -20737,7 +21334,7 @@ var Route53Provider = class {
20737
21334
  );
20738
21335
  }
20739
21336
  }
20740
- async deleteHostedZone(logicalId, physicalId, resourceType) {
21337
+ async deleteHostedZone(logicalId, physicalId, resourceType, context) {
20741
21338
  this.logger.debug(`Deleting Route 53 hosted zone ${logicalId}: ${physicalId}`);
20742
21339
  try {
20743
21340
  await this.deleteQueryLoggingConfigForZone(physicalId, logicalId);
@@ -20745,6 +21342,14 @@ var Route53Provider = class {
20745
21342
  this.logger.debug(`Successfully deleted hosted zone ${logicalId}`);
20746
21343
  } catch (error) {
20747
21344
  if (error instanceof Error && error.name === "NoSuchHostedZone") {
21345
+ const clientRegion = await this.getClient().config.region();
21346
+ assertRegionMatch(
21347
+ clientRegion,
21348
+ context?.expectedRegion,
21349
+ resourceType,
21350
+ logicalId,
21351
+ physicalId
21352
+ );
20748
21353
  this.logger.debug(`Hosted zone ${physicalId} does not exist, skipping deletion`);
20749
21354
  return;
20750
21355
  }
@@ -20857,7 +21462,7 @@ var Route53Provider = class {
20857
21462
  );
20858
21463
  }
20859
21464
  }
20860
- async deleteRecordSet(logicalId, physicalId, resourceType, properties) {
21465
+ async deleteRecordSet(logicalId, physicalId, resourceType, properties, context) {
20861
21466
  this.logger.debug(`Deleting Route 53 record set ${logicalId}: ${physicalId}`);
20862
21467
  const parts = physicalId.split("|");
20863
21468
  if (parts.length !== 3) {
@@ -20895,6 +21500,14 @@ var Route53Provider = class {
20895
21500
  this.logger.debug(`Successfully deleted record set ${logicalId}`);
20896
21501
  } catch (error) {
20897
21502
  if (error instanceof Error && (error.name === "InvalidChangeBatch" || error.message.includes("it was not found"))) {
21503
+ const clientRegion = await this.getClient().config.region();
21504
+ assertRegionMatch(
21505
+ clientRegion,
21506
+ context?.expectedRegion,
21507
+ resourceType,
21508
+ logicalId,
21509
+ physicalId
21510
+ );
20898
21511
  this.logger.debug(`Record set ${physicalId} does not exist, skipping deletion`);
20899
21512
  return;
20900
21513
  }
@@ -21335,7 +21948,7 @@ var WAFv2WebACLProvider = class {
21335
21948
  * DeleteWebACL requires LockToken obtained from GetWebACL.
21336
21949
  * WAFNonexistentItemException is treated as success (idempotent delete).
21337
21950
  */
21338
- async delete(logicalId, physicalId, resourceType, _properties) {
21951
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
21339
21952
  this.logger.debug(`Deleting WAFv2 WebACL ${logicalId}: ${physicalId}`);
21340
21953
  try {
21341
21954
  const { id, name, scope } = parseWebACLArn(physicalId);
@@ -21361,6 +21974,14 @@ var WAFv2WebACLProvider = class {
21361
21974
  this.logger.debug(`Successfully deleted WAFv2 WebACL ${logicalId}`);
21362
21975
  } catch (error) {
21363
21976
  if (error instanceof WAFNonexistentItemException) {
21977
+ const clientRegion = await this.getClient().config.region();
21978
+ assertRegionMatch(
21979
+ clientRegion,
21980
+ context?.expectedRegion,
21981
+ resourceType,
21982
+ logicalId,
21983
+ physicalId
21984
+ );
21364
21985
  this.logger.debug(`WAFv2 WebACL ${physicalId} does not exist, skipping deletion`);
21365
21986
  return;
21366
21987
  }
@@ -21645,7 +22266,7 @@ var CognitoUserPoolProvider = class {
21645
22266
  *
21646
22267
  * If DeletionProtection is ACTIVE, it is automatically disabled before deletion.
21647
22268
  */
21648
- async delete(logicalId, physicalId, resourceType, properties) {
22269
+ async delete(logicalId, physicalId, resourceType, properties, context) {
21649
22270
  this.logger.debug(`Deleting Cognito User Pool ${logicalId}: ${physicalId}`);
21650
22271
  try {
21651
22272
  const deletionProtection = properties?.["DeletionProtection"];
@@ -21677,6 +22298,14 @@ var CognitoUserPoolProvider = class {
21677
22298
  }
21678
22299
  } catch (descError) {
21679
22300
  if (descError instanceof ResourceNotFoundException12) {
22301
+ const clientRegion = await this.getClient().config.region();
22302
+ assertRegionMatch(
22303
+ clientRegion,
22304
+ context?.expectedRegion,
22305
+ resourceType,
22306
+ logicalId,
22307
+ physicalId
22308
+ );
21680
22309
  this.logger.debug(`Cognito User Pool ${physicalId} does not exist, skipping deletion`);
21681
22310
  return;
21682
22311
  }
@@ -21689,6 +22318,14 @@ var CognitoUserPoolProvider = class {
21689
22318
  this.logger.debug(`Successfully deleted Cognito User Pool ${logicalId}`);
21690
22319
  } catch (error) {
21691
22320
  if (error instanceof ResourceNotFoundException12) {
22321
+ const clientRegion = await this.getClient().config.region();
22322
+ assertRegionMatch(
22323
+ clientRegion,
22324
+ context?.expectedRegion,
22325
+ resourceType,
22326
+ logicalId,
22327
+ physicalId
22328
+ );
21692
22329
  this.logger.debug(`Cognito User Pool ${physicalId} does not exist, skipping deletion`);
21693
22330
  return;
21694
22331
  }
@@ -21791,12 +22428,12 @@ var ElastiCacheProvider = class {
21791
22428
  );
21792
22429
  }
21793
22430
  }
21794
- async delete(logicalId, physicalId, resourceType, _properties) {
22431
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
21795
22432
  switch (resourceType) {
21796
22433
  case "AWS::ElastiCache::SubnetGroup":
21797
- return this.deleteSubnetGroup(logicalId, physicalId, resourceType);
22434
+ return this.deleteSubnetGroup(logicalId, physicalId, resourceType, context);
21798
22435
  case "AWS::ElastiCache::CacheCluster":
21799
- return this.deleteCacheCluster(logicalId, physicalId, resourceType);
22436
+ return this.deleteCacheCluster(logicalId, physicalId, resourceType, context);
21800
22437
  default:
21801
22438
  throw new ProvisioningError(
21802
22439
  `Unsupported resource type: ${resourceType}`,
@@ -21867,7 +22504,7 @@ var ElastiCacheProvider = class {
21867
22504
  );
21868
22505
  }
21869
22506
  }
21870
- async deleteSubnetGroup(logicalId, physicalId, resourceType) {
22507
+ async deleteSubnetGroup(logicalId, physicalId, resourceType, context) {
21871
22508
  this.logger.debug(`Deleting CacheSubnetGroup ${logicalId}: ${physicalId}`);
21872
22509
  try {
21873
22510
  await this.getClient().send(
@@ -21878,6 +22515,14 @@ var ElastiCacheProvider = class {
21878
22515
  this.logger.debug(`Successfully deleted CacheSubnetGroup ${logicalId}`);
21879
22516
  } catch (error) {
21880
22517
  if (this.isNotFoundError(error, "CacheSubnetGroupNotFoundFault")) {
22518
+ const clientRegion = await this.getClient().config.region();
22519
+ assertRegionMatch(
22520
+ clientRegion,
22521
+ context?.expectedRegion,
22522
+ resourceType,
22523
+ logicalId,
22524
+ physicalId
22525
+ );
21881
22526
  this.logger.debug(`CacheSubnetGroup ${physicalId} does not exist, skipping deletion`);
21882
22527
  return;
21883
22528
  }
@@ -22011,7 +22656,7 @@ var ElastiCacheProvider = class {
22011
22656
  );
22012
22657
  }
22013
22658
  }
22014
- async deleteCacheCluster(logicalId, physicalId, resourceType) {
22659
+ async deleteCacheCluster(logicalId, physicalId, resourceType, context) {
22015
22660
  this.logger.debug(`Deleting CacheCluster ${logicalId}: ${physicalId}`);
22016
22661
  try {
22017
22662
  await this.getClient().send(
@@ -22023,6 +22668,14 @@ var ElastiCacheProvider = class {
22023
22668
  await this.waitForClusterDeleted(physicalId);
22024
22669
  } catch (error) {
22025
22670
  if (this.isNotFoundError(error, "CacheClusterNotFoundFault")) {
22671
+ const clientRegion = await this.getClient().config.region();
22672
+ assertRegionMatch(
22673
+ clientRegion,
22674
+ context?.expectedRegion,
22675
+ resourceType,
22676
+ logicalId,
22677
+ physicalId
22678
+ );
22026
22679
  this.logger.debug(`CacheCluster ${physicalId} does not exist, skipping deletion`);
22027
22680
  return;
22028
22681
  }
@@ -22181,12 +22834,12 @@ var ServiceDiscoveryProvider = class {
22181
22834
  );
22182
22835
  }
22183
22836
  }
22184
- async delete(logicalId, physicalId, resourceType, _properties) {
22837
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
22185
22838
  switch (resourceType) {
22186
22839
  case "AWS::ServiceDiscovery::PrivateDnsNamespace":
22187
- return this.deleteNamespace(logicalId, physicalId, resourceType);
22840
+ return this.deleteNamespace(logicalId, physicalId, resourceType, context);
22188
22841
  case "AWS::ServiceDiscovery::Service":
22189
- return this.deleteService(logicalId, physicalId, resourceType);
22842
+ return this.deleteService(logicalId, physicalId, resourceType, context);
22190
22843
  default:
22191
22844
  throw new ProvisioningError(
22192
22845
  `Unsupported resource type: ${resourceType}`,
@@ -22264,7 +22917,7 @@ var ServiceDiscoveryProvider = class {
22264
22917
  }
22265
22918
  });
22266
22919
  }
22267
- async deleteNamespace(logicalId, physicalId, resourceType) {
22920
+ async deleteNamespace(logicalId, physicalId, resourceType, context) {
22268
22921
  this.logger.debug(`Deleting private DNS namespace ${logicalId}: ${physicalId}`);
22269
22922
  const client = this.getClient();
22270
22923
  try {
@@ -22276,6 +22929,14 @@ var ServiceDiscoveryProvider = class {
22276
22929
  this.logger.debug(`Successfully deleted private DNS namespace ${logicalId}`);
22277
22930
  } catch (error) {
22278
22931
  if (error instanceof NamespaceNotFound) {
22932
+ const clientRegion = await this.getClient().config.region();
22933
+ assertRegionMatch(
22934
+ clientRegion,
22935
+ context?.expectedRegion,
22936
+ resourceType,
22937
+ logicalId,
22938
+ physicalId
22939
+ );
22279
22940
  this.logger.debug(`Namespace ${physicalId} does not exist, skipping deletion`);
22280
22941
  return;
22281
22942
  }
@@ -22359,7 +23020,7 @@ var ServiceDiscoveryProvider = class {
22359
23020
  }
22360
23021
  });
22361
23022
  }
22362
- async deleteService(logicalId, physicalId, resourceType) {
23023
+ async deleteService(logicalId, physicalId, resourceType, context) {
22363
23024
  this.logger.debug(`Deleting service discovery service ${logicalId}: ${physicalId}`);
22364
23025
  const client = this.getClient();
22365
23026
  try {
@@ -22367,6 +23028,14 @@ var ServiceDiscoveryProvider = class {
22367
23028
  this.logger.debug(`Successfully deleted service discovery service ${logicalId}`);
22368
23029
  } catch (error) {
22369
23030
  if (error instanceof ServiceNotFound) {
23031
+ const clientRegion = await this.getClient().config.region();
23032
+ assertRegionMatch(
23033
+ clientRegion,
23034
+ context?.expectedRegion,
23035
+ resourceType,
23036
+ logicalId,
23037
+ physicalId
23038
+ );
22370
23039
  this.logger.debug(`Service ${physicalId} does not exist, skipping deletion`);
22371
23040
  return;
22372
23041
  }
@@ -22513,19 +23182,19 @@ var AppSyncProvider = class {
22513
23182
  this.logger.debug(`Update for ${resourceType} ${logicalId} (${physicalId}) - no-op, immutable`);
22514
23183
  return Promise.resolve({ physicalId, wasReplaced: false });
22515
23184
  }
22516
- async delete(logicalId, physicalId, resourceType, _properties) {
23185
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
22517
23186
  switch (resourceType) {
22518
23187
  case "AWS::AppSync::GraphQLApi":
22519
- return this.deleteGraphQLApi(logicalId, physicalId, resourceType);
23188
+ return this.deleteGraphQLApi(logicalId, physicalId, resourceType, context);
22520
23189
  case "AWS::AppSync::GraphQLSchema":
22521
23190
  this.logger.debug(`Schema ${logicalId} is deleted with its API, skipping`);
22522
23191
  return;
22523
23192
  case "AWS::AppSync::DataSource":
22524
- return this.deleteDataSource(logicalId, physicalId, resourceType);
23193
+ return this.deleteDataSource(logicalId, physicalId, resourceType, context);
22525
23194
  case "AWS::AppSync::Resolver":
22526
- return this.deleteResolver(logicalId, physicalId, resourceType);
23195
+ return this.deleteResolver(logicalId, physicalId, resourceType, context);
22527
23196
  case "AWS::AppSync::ApiKey":
22528
- return this.deleteApiKey(logicalId, physicalId, resourceType);
23197
+ return this.deleteApiKey(logicalId, physicalId, resourceType, context);
22529
23198
  default:
22530
23199
  throw new ProvisioningError(
22531
23200
  `Unsupported resource type: ${resourceType}`,
@@ -22599,13 +23268,21 @@ var AppSyncProvider = class {
22599
23268
  );
22600
23269
  }
22601
23270
  }
22602
- async deleteGraphQLApi(logicalId, physicalId, resourceType) {
23271
+ async deleteGraphQLApi(logicalId, physicalId, resourceType, context) {
22603
23272
  this.logger.debug(`Deleting GraphQL API ${logicalId}: ${physicalId}`);
22604
23273
  try {
22605
23274
  await this.getClient().send(new DeleteGraphqlApiCommand({ apiId: physicalId }));
22606
23275
  this.logger.debug(`Successfully deleted GraphQL API ${logicalId}`);
22607
23276
  } catch (error) {
22608
23277
  if (this.isNotFoundError(error)) {
23278
+ const clientRegion = await this.getClient().config.region();
23279
+ assertRegionMatch(
23280
+ clientRegion,
23281
+ context?.expectedRegion,
23282
+ resourceType,
23283
+ logicalId,
23284
+ physicalId
23285
+ );
22609
23286
  this.logger.debug(`GraphQL API ${physicalId} does not exist, skipping deletion`);
22610
23287
  return;
22611
23288
  }
@@ -22725,7 +23402,7 @@ var AppSyncProvider = class {
22725
23402
  );
22726
23403
  }
22727
23404
  }
22728
- async deleteDataSource(logicalId, physicalId, resourceType) {
23405
+ async deleteDataSource(logicalId, physicalId, resourceType, context) {
22729
23406
  this.logger.debug(`Deleting DataSource ${logicalId}: ${physicalId}`);
22730
23407
  const [apiId, name] = physicalId.split("|");
22731
23408
  if (!apiId || !name) {
@@ -22737,6 +23414,14 @@ var AppSyncProvider = class {
22737
23414
  this.logger.debug(`Successfully deleted DataSource ${logicalId}`);
22738
23415
  } catch (error) {
22739
23416
  if (this.isNotFoundError(error)) {
23417
+ const clientRegion = await this.getClient().config.region();
23418
+ assertRegionMatch(
23419
+ clientRegion,
23420
+ context?.expectedRegion,
23421
+ resourceType,
23422
+ logicalId,
23423
+ physicalId
23424
+ );
22740
23425
  this.logger.debug(`DataSource ${physicalId} does not exist, skipping deletion`);
22741
23426
  return;
22742
23427
  }
@@ -22817,7 +23502,7 @@ var AppSyncProvider = class {
22817
23502
  );
22818
23503
  }
22819
23504
  }
22820
- async deleteResolver(logicalId, physicalId, resourceType) {
23505
+ async deleteResolver(logicalId, physicalId, resourceType, context) {
22821
23506
  this.logger.debug(`Deleting Resolver ${logicalId}: ${physicalId}`);
22822
23507
  const parts = physicalId.split("|");
22823
23508
  if (parts.length < 3) {
@@ -22830,6 +23515,14 @@ var AppSyncProvider = class {
22830
23515
  this.logger.debug(`Successfully deleted Resolver ${logicalId}`);
22831
23516
  } catch (error) {
22832
23517
  if (this.isNotFoundError(error)) {
23518
+ const clientRegion = await this.getClient().config.region();
23519
+ assertRegionMatch(
23520
+ clientRegion,
23521
+ context?.expectedRegion,
23522
+ resourceType,
23523
+ logicalId,
23524
+ physicalId
23525
+ );
22833
23526
  this.logger.debug(`Resolver ${physicalId} does not exist, skipping deletion`);
22834
23527
  return;
22835
23528
  }
@@ -22883,7 +23576,7 @@ var AppSyncProvider = class {
22883
23576
  );
22884
23577
  }
22885
23578
  }
22886
- async deleteApiKey(logicalId, physicalId, resourceType) {
23579
+ async deleteApiKey(logicalId, physicalId, resourceType, context) {
22887
23580
  this.logger.debug(`Deleting ApiKey ${logicalId}: ${physicalId}`);
22888
23581
  const [apiId, apiKeyId] = physicalId.split("|");
22889
23582
  if (!apiId || !apiKeyId) {
@@ -22895,6 +23588,14 @@ var AppSyncProvider = class {
22895
23588
  this.logger.debug(`Successfully deleted ApiKey ${logicalId}`);
22896
23589
  } catch (error) {
22897
23590
  if (this.isNotFoundError(error)) {
23591
+ const clientRegion = await this.getClient().config.region();
23592
+ assertRegionMatch(
23593
+ clientRegion,
23594
+ context?.expectedRegion,
23595
+ resourceType,
23596
+ logicalId,
23597
+ physicalId
23598
+ );
22898
23599
  this.logger.debug(`ApiKey ${physicalId} does not exist, skipping deletion`);
22899
23600
  return;
22900
23601
  }
@@ -22975,12 +23676,12 @@ var GlueProvider = class {
22975
23676
  );
22976
23677
  }
22977
23678
  }
22978
- async delete(logicalId, physicalId, resourceType, _properties) {
23679
+ async delete(logicalId, physicalId, resourceType, properties, context) {
22979
23680
  switch (resourceType) {
22980
23681
  case "AWS::Glue::Database":
22981
- return this.deleteDatabase(logicalId, physicalId, resourceType);
23682
+ return this.deleteDatabase(logicalId, physicalId, resourceType, properties, context);
22982
23683
  case "AWS::Glue::Table":
22983
- return this.deleteTable(logicalId, physicalId, resourceType);
23684
+ return this.deleteTable(logicalId, physicalId, resourceType, properties, context);
22984
23685
  default:
22985
23686
  throw new ProvisioningError(
22986
23687
  `Unsupported resource type: ${resourceType}`,
@@ -23038,7 +23739,7 @@ var GlueProvider = class {
23038
23739
  );
23039
23740
  }
23040
23741
  }
23041
- async deleteDatabase(logicalId, physicalId, resourceType, properties) {
23742
+ async deleteDatabase(logicalId, physicalId, resourceType, properties, context) {
23042
23743
  this.logger.debug(`Deleting Glue Database ${logicalId}: ${physicalId}`);
23043
23744
  try {
23044
23745
  const catalogId = properties?.["CatalogId"];
@@ -23051,6 +23752,14 @@ var GlueProvider = class {
23051
23752
  this.logger.debug(`Successfully deleted Glue Database ${logicalId}`);
23052
23753
  } catch (error) {
23053
23754
  if (error instanceof EntityNotFoundException) {
23755
+ const clientRegion = await this.getClient().config.region();
23756
+ assertRegionMatch(
23757
+ clientRegion,
23758
+ context?.expectedRegion,
23759
+ resourceType,
23760
+ logicalId,
23761
+ physicalId
23762
+ );
23054
23763
  this.logger.debug(`Glue Database ${physicalId} does not exist, skipping deletion`);
23055
23764
  return;
23056
23765
  }
@@ -23162,7 +23871,7 @@ var GlueProvider = class {
23162
23871
  );
23163
23872
  }
23164
23873
  }
23165
- async deleteTable(logicalId, physicalId, resourceType) {
23874
+ async deleteTable(logicalId, physicalId, resourceType, _properties, context) {
23166
23875
  this.logger.debug(`Deleting Glue Table ${logicalId}: ${physicalId}`);
23167
23876
  const [databaseName, tableName] = physicalId.split("|");
23168
23877
  if (!databaseName || !tableName) {
@@ -23179,6 +23888,14 @@ var GlueProvider = class {
23179
23888
  this.logger.debug(`Successfully deleted Glue Table ${logicalId}`);
23180
23889
  } catch (error) {
23181
23890
  if (error instanceof EntityNotFoundException) {
23891
+ const clientRegion = await this.getClient().config.region();
23892
+ assertRegionMatch(
23893
+ clientRegion,
23894
+ context?.expectedRegion,
23895
+ resourceType,
23896
+ logicalId,
23897
+ physicalId
23898
+ );
23182
23899
  this.logger.debug(`Glue Table ${physicalId} does not exist, skipping deletion`);
23183
23900
  return;
23184
23901
  }
@@ -23364,12 +24081,12 @@ var KMSProvider = class {
23364
24081
  );
23365
24082
  }
23366
24083
  }
23367
- async delete(logicalId, physicalId, resourceType, _properties) {
24084
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
23368
24085
  switch (resourceType) {
23369
24086
  case "AWS::KMS::Key":
23370
- return this.deleteKey(logicalId, physicalId, resourceType, _properties);
24087
+ return this.deleteKey(logicalId, physicalId, resourceType, _properties, context);
23371
24088
  case "AWS::KMS::Alias":
23372
- return this.deleteAlias(logicalId, physicalId, resourceType);
24089
+ return this.deleteAlias(logicalId, physicalId, resourceType, context);
23373
24090
  default:
23374
24091
  throw new ProvisioningError(
23375
24092
  `Unsupported resource type: ${resourceType}`,
@@ -23533,7 +24250,7 @@ var KMSProvider = class {
23533
24250
  );
23534
24251
  }
23535
24252
  }
23536
- async deleteKey(logicalId, physicalId, resourceType, properties) {
24253
+ async deleteKey(logicalId, physicalId, resourceType, properties, context) {
23537
24254
  this.logger.debug(`Scheduling deletion for KMS Key ${logicalId}: ${physicalId}`);
23538
24255
  const pendingWindowInDays = properties?.["PendingWindowInDays"] ?? 7;
23539
24256
  try {
@@ -23546,6 +24263,14 @@ var KMSProvider = class {
23546
24263
  this.logger.debug(`Successfully scheduled deletion for KMS Key ${logicalId}`);
23547
24264
  } catch (error) {
23548
24265
  if (error instanceof NotFoundException5) {
24266
+ const clientRegion = await this.getClient().config.region();
24267
+ assertRegionMatch(
24268
+ clientRegion,
24269
+ context?.expectedRegion,
24270
+ resourceType,
24271
+ logicalId,
24272
+ physicalId
24273
+ );
23549
24274
  this.logger.debug(`KMS Key ${physicalId} does not exist, skipping deletion`);
23550
24275
  return;
23551
24276
  }
@@ -23632,7 +24357,7 @@ var KMSProvider = class {
23632
24357
  );
23633
24358
  }
23634
24359
  }
23635
- async deleteAlias(logicalId, physicalId, resourceType) {
24360
+ async deleteAlias(logicalId, physicalId, resourceType, context) {
23636
24361
  this.logger.debug(`Deleting KMS Alias ${logicalId}: ${physicalId}`);
23637
24362
  try {
23638
24363
  await this.getClient().send(
@@ -23643,6 +24368,14 @@ var KMSProvider = class {
23643
24368
  this.logger.debug(`Successfully deleted KMS Alias ${logicalId}`);
23644
24369
  } catch (error) {
23645
24370
  if (error instanceof NotFoundException5) {
24371
+ const clientRegion = await this.getClient().config.region();
24372
+ assertRegionMatch(
24373
+ clientRegion,
24374
+ context?.expectedRegion,
24375
+ resourceType,
24376
+ logicalId,
24377
+ physicalId
24378
+ );
23646
24379
  this.logger.debug(`KMS Alias ${physicalId} does not exist, skipping deletion`);
23647
24380
  return;
23648
24381
  }
@@ -23889,7 +24622,7 @@ var KinesisStreamProvider = class {
23889
24622
  /**
23890
24623
  * Delete a Kinesis stream
23891
24624
  */
23892
- async delete(logicalId, physicalId, resourceType, _properties) {
24625
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
23893
24626
  this.logger.debug(`Deleting Kinesis stream ${logicalId}: ${physicalId}`);
23894
24627
  try {
23895
24628
  await this.getClient().send(
@@ -23901,6 +24634,14 @@ var KinesisStreamProvider = class {
23901
24634
  this.logger.debug(`Successfully deleted Kinesis stream ${logicalId}`);
23902
24635
  } catch (error) {
23903
24636
  if (error instanceof ResourceNotFoundException13) {
24637
+ const clientRegion = await this.getClient().config.region();
24638
+ assertRegionMatch(
24639
+ clientRegion,
24640
+ context?.expectedRegion,
24641
+ resourceType,
24642
+ logicalId,
24643
+ physicalId
24644
+ );
23904
24645
  this.logger.debug(`Kinesis stream ${physicalId} does not exist, skipping deletion`);
23905
24646
  return;
23906
24647
  }
@@ -24017,14 +24758,14 @@ var EFSProvider = class {
24017
24758
  }
24018
24759
  return Promise.resolve({ physicalId, wasReplaced: false });
24019
24760
  }
24020
- async delete(logicalId, physicalId, resourceType, _properties) {
24761
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
24021
24762
  switch (resourceType) {
24022
24763
  case "AWS::EFS::FileSystem":
24023
- return this.deleteFileSystem(logicalId, physicalId, resourceType);
24764
+ return this.deleteFileSystem(logicalId, physicalId, resourceType, context);
24024
24765
  case "AWS::EFS::MountTarget":
24025
- return this.deleteMountTarget(logicalId, physicalId, resourceType);
24766
+ return this.deleteMountTarget(logicalId, physicalId, resourceType, context);
24026
24767
  case "AWS::EFS::AccessPoint":
24027
- return this.deleteAccessPoint(logicalId, physicalId, resourceType);
24768
+ return this.deleteAccessPoint(logicalId, physicalId, resourceType, context);
24028
24769
  default:
24029
24770
  throw new ProvisioningError(
24030
24771
  `Unsupported resource type: ${resourceType}`,
@@ -24073,7 +24814,7 @@ var EFSProvider = class {
24073
24814
  );
24074
24815
  }
24075
24816
  }
24076
- async deleteFileSystem(logicalId, physicalId, resourceType) {
24817
+ async deleteFileSystem(logicalId, physicalId, resourceType, context) {
24077
24818
  this.logger.debug(`Deleting EFS FileSystem ${logicalId}: ${physicalId}`);
24078
24819
  try {
24079
24820
  await this.getClient().send(
@@ -24084,6 +24825,14 @@ var EFSProvider = class {
24084
24825
  this.logger.debug(`Successfully deleted EFS FileSystem ${logicalId}`);
24085
24826
  } catch (error) {
24086
24827
  if (error instanceof FileSystemNotFound) {
24828
+ const clientRegion = await this.getClient().config.region();
24829
+ assertRegionMatch(
24830
+ clientRegion,
24831
+ context?.expectedRegion,
24832
+ resourceType,
24833
+ logicalId,
24834
+ physicalId
24835
+ );
24087
24836
  this.logger.debug(`EFS FileSystem ${physicalId} does not exist, skipping deletion`);
24088
24837
  return;
24089
24838
  }
@@ -24199,7 +24948,7 @@ var EFSProvider = class {
24199
24948
  mountTargetId
24200
24949
  );
24201
24950
  }
24202
- async deleteMountTarget(logicalId, physicalId, resourceType) {
24951
+ async deleteMountTarget(logicalId, physicalId, resourceType, context) {
24203
24952
  this.logger.debug(`Deleting EFS MountTarget ${logicalId}: ${physicalId}`);
24204
24953
  try {
24205
24954
  await this.getClient().send(
@@ -24211,6 +24960,14 @@ var EFSProvider = class {
24211
24960
  this.logger.debug(`Successfully deleted EFS MountTarget ${logicalId}`);
24212
24961
  } catch (error) {
24213
24962
  if (error instanceof MountTargetNotFound) {
24963
+ const clientRegion = await this.getClient().config.region();
24964
+ assertRegionMatch(
24965
+ clientRegion,
24966
+ context?.expectedRegion,
24967
+ resourceType,
24968
+ logicalId,
24969
+ physicalId
24970
+ );
24214
24971
  this.logger.debug(`EFS MountTarget ${physicalId} does not exist, skipping deletion`);
24215
24972
  return;
24216
24973
  }
@@ -24309,7 +25066,7 @@ var EFSProvider = class {
24309
25066
  );
24310
25067
  }
24311
25068
  }
24312
- async deleteAccessPoint(logicalId, physicalId, resourceType) {
25069
+ async deleteAccessPoint(logicalId, physicalId, resourceType, context) {
24313
25070
  this.logger.debug(`Deleting EFS AccessPoint ${logicalId}: ${physicalId}`);
24314
25071
  try {
24315
25072
  await this.getClient().send(
@@ -24320,6 +25077,14 @@ var EFSProvider = class {
24320
25077
  this.logger.debug(`Successfully deleted EFS AccessPoint ${logicalId}`);
24321
25078
  } catch (error) {
24322
25079
  if (error instanceof AccessPointNotFound) {
25080
+ const clientRegion = await this.getClient().config.region();
25081
+ assertRegionMatch(
25082
+ clientRegion,
25083
+ context?.expectedRegion,
25084
+ resourceType,
25085
+ logicalId,
25086
+ physicalId
25087
+ );
24323
25088
  this.logger.debug(`EFS AccessPoint ${physicalId} does not exist, skipping deletion`);
24324
25089
  return;
24325
25090
  }
@@ -24557,7 +25322,7 @@ var FirehoseProvider = class {
24557
25322
  /**
24558
25323
  * Delete a Firehose delivery stream
24559
25324
  */
24560
- async delete(logicalId, physicalId, resourceType, _properties) {
25325
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
24561
25326
  this.logger.debug(`Deleting Firehose delivery stream ${logicalId}: ${physicalId}`);
24562
25327
  try {
24563
25328
  await this.getClient().send(
@@ -24568,6 +25333,14 @@ var FirehoseProvider = class {
24568
25333
  this.logger.debug(`Successfully deleted Firehose delivery stream ${logicalId}`);
24569
25334
  } catch (error) {
24570
25335
  if (error instanceof ResourceNotFoundException14) {
25336
+ const clientRegion = await this.getClient().config.region();
25337
+ assertRegionMatch(
25338
+ clientRegion,
25339
+ context?.expectedRegion,
25340
+ resourceType,
25341
+ logicalId,
25342
+ physicalId
25343
+ );
24571
25344
  this.logger.debug(
24572
25345
  `Firehose delivery stream ${physicalId} does not exist, skipping deletion`
24573
25346
  );
@@ -24899,7 +25672,7 @@ var CloudTrailProvider = class {
24899
25672
  );
24900
25673
  }
24901
25674
  }
24902
- async delete(logicalId, physicalId, resourceType, _properties) {
25675
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
24903
25676
  this.logger.debug(`Deleting CloudTrail Trail ${logicalId}: ${physicalId}`);
24904
25677
  try {
24905
25678
  try {
@@ -24910,6 +25683,14 @@ var CloudTrailProvider = class {
24910
25683
  this.logger.debug(`Successfully deleted CloudTrail Trail ${logicalId}`);
24911
25684
  } catch (error) {
24912
25685
  if (error instanceof TrailNotFoundException) {
25686
+ const clientRegion = await this.getClient().config.region();
25687
+ assertRegionMatch(
25688
+ clientRegion,
25689
+ context?.expectedRegion,
25690
+ resourceType,
25691
+ logicalId,
25692
+ physicalId
25693
+ );
24913
25694
  this.logger.debug(`CloudTrail Trail ${physicalId} does not exist, skipping deletion`);
24914
25695
  return;
24915
25696
  }
@@ -25161,13 +25942,21 @@ var CodeBuildProvider = class {
25161
25942
  );
25162
25943
  }
25163
25944
  }
25164
- async delete(logicalId, physicalId, resourceType, _properties) {
25945
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
25165
25946
  this.logger.debug(`Deleting CodeBuild Project ${logicalId}: ${physicalId}`);
25166
25947
  try {
25167
25948
  await this.getClient().send(new DeleteProjectCommand({ name: physicalId }));
25168
25949
  this.logger.debug(`Successfully deleted CodeBuild Project ${logicalId}`);
25169
25950
  } catch (error) {
25170
25951
  if (error instanceof ResourceNotFoundException15) {
25952
+ const clientRegion = await this.getClient().config.region();
25953
+ assertRegionMatch(
25954
+ clientRegion,
25955
+ context?.expectedRegion,
25956
+ resourceType,
25957
+ logicalId,
25958
+ physicalId
25959
+ );
25171
25960
  this.logger.debug(`CodeBuild Project ${physicalId} does not exist, skipping deletion`);
25172
25961
  return;
25173
25962
  }
@@ -25233,10 +26022,10 @@ var S3VectorsProvider = class {
25233
26022
  );
25234
26023
  }
25235
26024
  }
25236
- async delete(logicalId, physicalId, resourceType, _properties) {
26025
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
25237
26026
  switch (resourceType) {
25238
26027
  case "AWS::S3Vectors::VectorBucket":
25239
- return this.deleteVectorBucket(logicalId, physicalId, resourceType);
26028
+ return this.deleteVectorBucket(logicalId, physicalId, resourceType, context);
25240
26029
  default:
25241
26030
  throw new ProvisioningError(
25242
26031
  `Unsupported resource type: ${resourceType}`,
@@ -25287,7 +26076,7 @@ var S3VectorsProvider = class {
25287
26076
  );
25288
26077
  }
25289
26078
  }
25290
- async deleteVectorBucket(logicalId, physicalId, resourceType) {
26079
+ async deleteVectorBucket(logicalId, physicalId, resourceType, context) {
25291
26080
  this.logger.debug(`Deleting S3 VectorBucket ${logicalId}: ${physicalId}`);
25292
26081
  try {
25293
26082
  await this.emptyVectorBucket(logicalId, physicalId);
@@ -25299,6 +26088,14 @@ var S3VectorsProvider = class {
25299
26088
  this.logger.debug(`Successfully deleted S3 VectorBucket ${logicalId}`);
25300
26089
  } catch (error) {
25301
26090
  if (this.isNotFoundError(error)) {
26091
+ const clientRegion = await this.getClient().config.region();
26092
+ assertRegionMatch(
26093
+ clientRegion,
26094
+ context?.expectedRegion,
26095
+ resourceType,
26096
+ logicalId,
26097
+ physicalId
26098
+ );
25302
26099
  this.logger.debug(`S3 VectorBucket ${physicalId} does not exist, skipping deletion`);
25303
26100
  return;
25304
26101
  }
@@ -25495,7 +26292,7 @@ var S3DirectoryBucketProvider = class {
25495
26292
  * Must empty the bucket before deletion. Directory buckets do not support
25496
26293
  * versioning, so only current objects need to be deleted.
25497
26294
  */
25498
- async delete(logicalId, physicalId, resourceType, _properties) {
26295
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
25499
26296
  this.logger.debug(`Deleting S3 Express Directory Bucket ${logicalId}: ${physicalId}`);
25500
26297
  try {
25501
26298
  await this.emptyBucket(physicalId);
@@ -25507,6 +26304,14 @@ var S3DirectoryBucketProvider = class {
25507
26304
  this.logger.debug(`Successfully deleted S3 Express Directory Bucket ${logicalId}`);
25508
26305
  } catch (error) {
25509
26306
  if (error instanceof Error && (error.name === "NoSuchBucket" || error.name === "BucketNotFound")) {
26307
+ const clientRegion = await this.s3Client.config.region();
26308
+ assertRegionMatch(
26309
+ clientRegion,
26310
+ context?.expectedRegion,
26311
+ resourceType,
26312
+ logicalId,
26313
+ physicalId
26314
+ );
25510
26315
  this.logger.debug(`Bucket ${physicalId} does not exist, skipping deletion`);
25511
26316
  return;
25512
26317
  }
@@ -25601,14 +26406,14 @@ var S3TablesProvider = class {
25601
26406
  this.logger.debug(`Update is no-op for ${resourceType} ${logicalId}`);
25602
26407
  return Promise.resolve({ physicalId, wasReplaced: false });
25603
26408
  }
25604
- async delete(logicalId, physicalId, resourceType, _properties) {
26409
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
25605
26410
  switch (resourceType) {
25606
26411
  case "AWS::S3Tables::TableBucket":
25607
- return this.deleteTableBucket(logicalId, physicalId, resourceType);
26412
+ return this.deleteTableBucket(logicalId, physicalId, resourceType, context);
25608
26413
  case "AWS::S3Tables::Namespace":
25609
- return this.deleteNamespace(logicalId, physicalId, resourceType);
26414
+ return this.deleteNamespace(logicalId, physicalId, resourceType, context);
25610
26415
  case "AWS::S3Tables::Table":
25611
- return this.deleteTable(logicalId, physicalId, resourceType);
26416
+ return this.deleteTable(logicalId, physicalId, resourceType, context);
25612
26417
  default:
25613
26418
  throw new ProvisioningError(
25614
26419
  `Unsupported resource type: ${resourceType}`,
@@ -25654,7 +26459,7 @@ var S3TablesProvider = class {
25654
26459
  );
25655
26460
  }
25656
26461
  }
25657
- async deleteTableBucket(logicalId, physicalId, resourceType) {
26462
+ async deleteTableBucket(logicalId, physicalId, resourceType, context) {
25658
26463
  this.logger.debug(`Deleting S3 Table Bucket ${logicalId}: ${physicalId}`);
25659
26464
  try {
25660
26465
  await this.emptyTableBucket(physicalId);
@@ -25666,6 +26471,14 @@ var S3TablesProvider = class {
25666
26471
  this.logger.debug(`Successfully deleted S3 Table Bucket ${logicalId}`);
25667
26472
  } catch (error) {
25668
26473
  if (error instanceof NotFoundException6) {
26474
+ const clientRegion = await this.getClient().config.region();
26475
+ assertRegionMatch(
26476
+ clientRegion,
26477
+ context?.expectedRegion,
26478
+ resourceType,
26479
+ logicalId,
26480
+ physicalId
26481
+ );
25669
26482
  this.logger.debug(`S3 Table Bucket ${physicalId} does not exist, skipping deletion`);
25670
26483
  return;
25671
26484
  }
@@ -25789,7 +26602,7 @@ var S3TablesProvider = class {
25789
26602
  );
25790
26603
  }
25791
26604
  }
25792
- async deleteNamespace(logicalId, physicalId, resourceType) {
26605
+ async deleteNamespace(logicalId, physicalId, resourceType, context) {
25793
26606
  this.logger.debug(`Deleting S3 Tables Namespace ${logicalId}: ${physicalId}`);
25794
26607
  const [tableBucketARN, namespaceName] = physicalId.split("|");
25795
26608
  if (!tableBucketARN || !namespaceName) {
@@ -25810,6 +26623,14 @@ var S3TablesProvider = class {
25810
26623
  this.logger.debug(`Successfully deleted S3 Tables Namespace ${logicalId}`);
25811
26624
  } catch (error) {
25812
26625
  if (error instanceof NotFoundException6) {
26626
+ const clientRegion = await this.getClient().config.region();
26627
+ assertRegionMatch(
26628
+ clientRegion,
26629
+ context?.expectedRegion,
26630
+ resourceType,
26631
+ logicalId,
26632
+ physicalId
26633
+ );
25813
26634
  this.logger.debug(`S3 Tables Namespace ${physicalId} does not exist, skipping deletion`);
25814
26635
  return;
25815
26636
  }
@@ -25884,7 +26705,7 @@ var S3TablesProvider = class {
25884
26705
  );
25885
26706
  }
25886
26707
  }
25887
- async deleteTable(logicalId, physicalId, resourceType) {
26708
+ async deleteTable(logicalId, physicalId, resourceType, context) {
25888
26709
  this.logger.debug(`Deleting S3 Tables Table ${logicalId}: ${physicalId}`);
25889
26710
  const parts = physicalId.split("|");
25890
26711
  if (parts.length < 3) {
@@ -25909,6 +26730,14 @@ var S3TablesProvider = class {
25909
26730
  this.logger.debug(`Successfully deleted S3 Tables Table ${logicalId}`);
25910
26731
  } catch (error) {
25911
26732
  if (error instanceof NotFoundException6) {
26733
+ const clientRegion = await this.getClient().config.region();
26734
+ assertRegionMatch(
26735
+ clientRegion,
26736
+ context?.expectedRegion,
26737
+ resourceType,
26738
+ logicalId,
26739
+ physicalId
26740
+ );
25912
26741
  this.logger.debug(`S3 Tables Table ${physicalId} does not exist, skipping deletion`);
25913
26742
  return;
25914
26743
  }
@@ -26135,7 +26964,7 @@ var ECRProvider = class {
26135
26964
  * Uses `force: true` to delete the repository even if it contains images.
26136
26965
  * This supports CDK's `emptyOnDelete: true` / `removalPolicy: DESTROY` pattern.
26137
26966
  */
26138
- async delete(logicalId, physicalId, resourceType, _properties) {
26967
+ async delete(logicalId, physicalId, resourceType, _properties, context) {
26139
26968
  this.logger.debug(`Deleting ECR Repository ${logicalId}: ${physicalId}`);
26140
26969
  try {
26141
26970
  await this.getClient().send(
@@ -26147,6 +26976,14 @@ var ECRProvider = class {
26147
26976
  this.logger.debug(`Successfully deleted ECR Repository ${logicalId}`);
26148
26977
  } catch (error) {
26149
26978
  if (error instanceof RepositoryNotFoundException) {
26979
+ const clientRegion = await this.getClient().config.region();
26980
+ assertRegionMatch(
26981
+ clientRegion,
26982
+ context?.expectedRegion,
26983
+ resourceType,
26984
+ logicalId,
26985
+ physicalId
26986
+ );
26150
26987
  this.logger.debug(`ECR Repository ${physicalId} does not exist, skipping deletion`);
26151
26988
  return;
26152
26989
  }
@@ -27051,7 +27888,9 @@ var DeployEngine = class {
27051
27888
  ` Rollback: Deleting created resource ${op.logicalId} (${op.resourceType})`
27052
27889
  );
27053
27890
  const provider = this.providerRegistry.getProvider(op.resourceType);
27054
- await provider.delete(op.logicalId, op.physicalId, op.resourceType, op.properties);
27891
+ await provider.delete(op.logicalId, op.physicalId, op.resourceType, op.properties, {
27892
+ expectedRegion: this.stackRegion
27893
+ });
27055
27894
  delete stateResources[op.logicalId];
27056
27895
  this.logger.info(` Rollback: ${op.logicalId} deleted successfully`);
27057
27896
  break;
@@ -27193,7 +28032,8 @@ var DeployEngine = class {
27193
28032
  logicalId,
27194
28033
  currentResource.physicalId,
27195
28034
  resourceType,
27196
- currentResource.properties
28035
+ currentResource.properties,
28036
+ { expectedRegion: this.stackRegion }
27197
28037
  );
27198
28038
  this.logger.info(` \u2713 Old resource deleted`);
27199
28039
  } catch (deleteError) {
@@ -27242,7 +28082,8 @@ var DeployEngine = class {
27242
28082
  logicalId,
27243
28083
  currentResource.physicalId,
27244
28084
  resourceType,
27245
- currentProps
28085
+ currentProps,
28086
+ { expectedRegion: this.stackRegion }
27246
28087
  );
27247
28088
  } catch (deleteError) {
27248
28089
  const deleteMsg = deleteError instanceof Error ? deleteError.message : String(deleteError);
@@ -27313,7 +28154,8 @@ var DeployEngine = class {
27313
28154
  logicalId,
27314
28155
  currentResource.physicalId,
27315
28156
  resourceType,
27316
- currentResource.properties
28157
+ currentResource.properties,
28158
+ { expectedRegion: this.stackRegion }
27317
28159
  ),
27318
28160
  logicalId,
27319
28161
  3,
@@ -28268,7 +29110,8 @@ Acquiring lock for stack ${stackName}...`);
28268
29110
  logicalId,
28269
29111
  resource.physicalId,
28270
29112
  resource.resourceType,
28271
- resource.properties
29113
+ resource.properties,
29114
+ { expectedRegion: currentState.region }
28272
29115
  );
28273
29116
  lastDeleteError = null;
28274
29117
  break;
@@ -28894,7 +29737,7 @@ function reorderArgs(argv) {
28894
29737
  }
28895
29738
  async function main() {
28896
29739
  const program = new Command10();
28897
- program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.8.0");
29740
+ program.name("cdkd").description("CDK Direct - Deploy AWS CDK apps directly via SDK/Cloud Control API").version("0.9.0");
28898
29741
  program.addCommand(createBootstrapCommand());
28899
29742
  program.addCommand(createSynthCommand());
28900
29743
  program.addCommand(createListCommand());