CDK_DEFAULT_ACCOUNT Environment variable not respected

• I’m submitting a …

  • 🪲 bug report
  • 🚀 feature request
  • 📚 construct library gap
  • ☎️ security issue or vulnerability => Please see policy
  • ❓ support request => Please see note at the top of this template.

• What is the current behavior? If the current behavior is a 🪲bug🪲: Please provide the steps to reproduce

When using a Stack that contains: ec2.Vpc.fromLookup I’m unable to use the CDK_ACCOUNT_DEFAULT environment variable to complete a lookup. If I specify the region & account ID in the cdk.StackProps then it works, but that isn’t going to work for my use case. We promote stacks to an Integration account before moving to our Production account. Stacks need to be account agnostic.

CDK_ACCOUNT_DEFAULT=555555555555 cdk list --verbose

Result

...
Setting "CDK_DEFAULT_REGION" environment variable to us-east-2
Resolving default credentials
Unable to determine the default AWS account (did you configure "aws configure"?): SharedIniFileCredentialsProviderFailure: Credentials not set for profile default
    at SharedIniFileCredentials.load (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials/shared_ini_file_credentials.js:161:11)
    at SharedIniFileCredentials.coalesceRefresh (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials.js:205:12)
    at SharedIniFileCredentials.refresh (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials/shared_ini_file_credentials.js:185:10)
    at SharedIniFileCredentials.get (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials.js:122:12)
    at resolveNext (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials/credential_provider_chain.js:125:17)
    at /usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials/credential_provider_chain.js:126:13
    at /usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials.js:124:23
    at EnvironmentCredentials.refresh (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials/environment_credentials.js:78:9)
    at EnvironmentCredentials.get (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials.js:122:12)
    at resolveNext (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials/credential_provider_chain.js:125:17) {
  message: 'Credentials not set for profile default',
  code: 'SharedIniFileCredentialsProviderFailure',
  time: 2019-07-11T18:14:37.944Z
}
Setting "CDK_DEFAULT_ACCOUNT" environment variable to undefined

• What is the expected behavior (or behavior of feature suggested)?

Should be able to define the desired account ID with the CDK_ACCOUNT_DEFAULT variable. Really, I would vote for CDK to respect the AWS_PROFILE environment variable.

• What is the motivation / use case for changing the behavior or adding this feature?

• Please tell us about your environment:

  • CDK CLI Version: 1.0.0
  • Module Version: 1.0.0
  • OS: OSX Mojave
  • Language: TypeScript

• Other information

We’re using AWS SSO and credentials for given accounts are managed through aws-cli profiles. Default profile is meaningless, we move between accounts using named profiles and updating the AWS_PROFILE environment variable.