Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

(cli): CDK Pipeline in account bootstrapped with 1.110.0 (bootstrap version 7): S3 Access Denied

See original GitHub issue

CDKPipeline fails with S3 Access Denied error when account has been bootstrapped with aws-cdk@1.110.0 (bootstrap version 7).

If I downgrade my CDK CLI to 1.108.0, bootstrap again (bootstrap version 6) and push a change through the pipeline it completes successfully.

Reproduction Steps

Minimal cdk pipeline repo here: https://github.com/cogwirrel/minimal-cdk-pipeline-ts

npm i -g aws-cdk@1.110.0 cdk bootstrap cdk deploy git remote add cc codecommit://MyRepo (requires git-remote-codecommit) git push cc mainline

Observe error in the pipeline:

Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: ZE8ZB6NBMFEY4F6F; S3 Extended Request ID: t9dE+lUpj3K+CKD87YAPLOT0i2pD8CIqoTJv+KxBZQ6S84nM05bpPHzq0EhdNyjs8L00lSrR9wg=; Proxy: null)

What did you expect to happen?

Empty CDK Pipeline to deploy successfully

What actually happened?

“Prepare” step for the pipeline stage failed with an S3 Access Denied error.

Environment

CDK CLI Version : 1.110.0
Framework Version: 1.110.0
Node.js Version: 14.17.0
OS : macOS Big Sur (11.4)
Language (Version): Typescript 4.3.2

Other

Possibly related to https://github.com/aws/aws-cdk/pull/15192 ?

This is 🐛 Bug Report

Issue Analytics

State:
Created 2 years ago
Reactions:14
Comments:23 (12 by maintainers)

Top GitHub Comments

7reactions

rix0rrrcommented, Jun 28, 2021

AHA!

It breaks if you DO give an account on the stage, and the account is the same as the pipeline’s account! If you leave out the account, then the permissions get properly added to the bucket.

6reactions

aaxcommented, Jun 29, 2021

I have this problem, too. And like @czubocha I don’t specify any account anywhere (neither in the app nor stage nor stack). Is your fix still working in this configuration, @rix0rrr ?

Top Results From Across the Web

Bootstrapping - AWS Cloud Development Kit (AWS CDK) v2

Bootstrapping is the deployment of an AWS CloudFormation template to a specific AWS environment (account and Region). The bootstrapping template accepts ...

AWS CDK Bootstrap Error and How To Fix It - Gerard Ketuma

I got this error from the console after running the cdk deploy command: [100%] fail: No bucket named 'cdktoolkit-stagingbucket-fol1pifxqq1f'. Is ...

aws-cdk.pipelines - PyPI

Credentials to production environments should be short-lived. After bootstrapping and the initial pipeline provisioning, there is no more need ...

aws-cdk/pipelines NPM

CDK Pipelines can transparently deploy to other Regions and other accounts (provided those target environments have been bootstrapped). However, deploying to ...

aws-cdk | Yarn - Package Manager

Important: This documentation covers modern versions of Yarn. For 1.x docs, see classic.yarnpkg.com. Yarn.