Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
CdkPipeline: How to use existing service roles for code pipeline actions
See original GitHub issue❓ General Issue
The Question
Is there a way to override the generated pipeline service roles with existing roles? CdkPipeline creates a bunch of roles below which are used by the CodePipeline:
- codepipelineBuildSynthCodePipelineActionRole
- codepipelineUpdatePipelineSelfMutateCodePipelineActionRole
- codepipelineBuildSynthCdkBuildProjectRole
- etc.
I am wondering if there is a way to override these, because I need to use a pre-existing service role created by our security team instead. These generated roles are missing the required permissions to assume the stack synthesizer roles.
Sample code:
const pipeline = new cdkp.CdkPipeline(this, 'cdk_pipeline', {
selfMutating: true,
codePipeline: new codepipeline.Pipeline(this, 'code_pipeline', {
pipelineName: pipelineConfiguration.stackName,
role: cicdRole,
artifactBucket: existingEncryptedBucket,
}),
cloudAssemblyArtifact: cloudAssemblyArtifact,
sourceAction: sourceAction,
synthAction: cdkp.SimpleSynthAction.standardNpmSynth({
environment: {
privileged: true
},
subdirectory: 'iac/cdk',
sourceArtifact: sourceOutput,
cloudAssemblyArtifact: cloudAssemblyArtifact,
installCommand: 'npm ci'
})
})
Environment
- CDK CLI Version: 1.110.0
- Module Version: 1.110.0
Referring to the service role here:
Issue Analytics
- State:
- Created 2 years ago
- Comments:9 (6 by maintainers)
Top Results From Across the Web
Create the CodePipeline service role - AWS Documentation
You can use the CodePipeline console or the AWS CLI to create a CodePipeline service role. A service role is required to create...
Read more >@aws-cdk/aws-codepipeline-actions - npm
Start using @aws-cdk/aws-codepipeline-actions in your project by running ... If you want to use existing role which can be used by on commit ......
Read more >aws_codepipeline | Resources | hashicorp/aws
role_arn - (Required) A service role Amazon Resource Name (ARN) that grants AWS CodePipeline permission to make calls to AWS services on your...
Read more >Create an IAM Role to use with CodePipeline
According to AWS documentation it is recommended to use the console method of generating a new role when creating a new CodePipeline. After ......
Read more >Cannot assume role by code pipeline on code pipeline action ...
The user that I am using has enough permission to access and use the code pipeline. My problem is, AWS CDK generates a...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
The role
codepipelineBuildSynthCdkBuildProjectRoleis generated by theSimpleSynthAction. If you are rolling your own action and overriding the role, you don’t have to worry about it. Are there others blocking you?You can also override the
ownerinActionProperties. Make sure you set it to"AWS".⚠️COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.