Resources sprawl is a problem with the CDK pipeline libraries. I addressed this and other such problems in a pipeline libary I created:

https://medium.com/@gmournos/creating-professional-aws-native-delivery-pipelines-with-cdk-c2aed59be6e7 https://medium.com/@gmournos/creating-professional-aws-native-delivery-pipelines-with-cdk-part-2-68fde253c34e

It is quite robust, I have been using it in production for one year. I built the Medium articles as a tutorial, so if you do not want to use the library as is, you can easily pick the individual steps that treat resources sprawl and adjust them in your project.

Specifically: For the roles, I used a Cloudformation macro to do the disassociation from the pipeline and the deletion of the extra roles and policies that the libraries create. For keys and buckets reuse, esp in cross region deployments, I created a custom resource that finds the cross-region KMS keys, so that they can be looked up from the pipeline stack. For pipelines/codebuild projects, I added utilities that lookup "old" pipelines and delete their corresponding Cloudformation stacks.

Hope this helps

G Mournos