API call after stack deploy updates

Question

Hi team,

I have a CDK stack **stackA**, that creates a CloudFront distribution, already deployed in the stage and prod environments.

I want to do an API call to `secretsmanager.rotateSecret` each time **stackA** is redeployed (updating the CF distribution).

the purpose of this API call (`secretsmanager.rotateSecret`) is to update a  header value in CF distribution with a value of a secret stored in secretmanager.

I saw that I can use AwsCustomResource to do API calls, but the **onCreate**, **onUpdate** and **onDelete**  properties represent the lifecycle events of the custom resource *itself* and are invoked when the custom resource *itself*  is created, updated or deleted respectively.

The specific scenario that I would like to achieve is

- **cdk deploy  **stackA** (for cloudFront distribution updates)**
- **once the cloudFront stack finish updating ==> then call `secretsmanager.rotateSecret` operation** (to update a header in the CF by a value of a key stored in secret manager)

is there a way to achieve this scenario?

appreciate your help.

Accepted Answer

used AwsCustomResource at the end of my CF stack

example code for secretManager Service

```
    const apiKeysRotationTrigger = new AwsCustomResource(
      this,
      "ident",
      {
        policy: AwsCustomResourcePolicy.fromSdkCalls({
          resources: AwsCustomResourcePolicy.ANY_RESOURCE,
        }),
        onCreate: {
          service: "SecretsManager",
          action: "rotateSecret",
          parameters: {
            SecretId: "SecretId",
          },
          physicalResourceId: PhysicalResourceId.of("PhysicalResourceId"),
        },
        onUpdate: {
          service: "SecretsManager",
          action: "rotateSecret",
          parameters: {
            SecretId: "SecretId",
          },
          physicalResourceId: PhysicalResourceId.of("PhysicalResourceId"),
        },
      }
    );
  }
```

API call after stack deploy updates

Relevanter Inhalt