Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[notice] CDK CLI Authentication Issues

See original GitHub issue

The CDK CLI has some limitations compared to the AWS CLI. If you are having authentication issues, they might be covered by one of the following issues. Please use this thread to discuss further.

CDK CLI will not read your region from your [default] profile

If your ~/.aws/config is set up like this:

[default]
region = us-east-1

[profile MyProfile]
role_arn = arn:aws:iam::123456789012:role/myprofile
source_profile = SomeOtherProfile

Even though your profile MyProfile does not contain a region, the AWS CLI will read the region from the [default] section. The AWS SDK for JavaScript that the CDK is built on does not do this, so the CDK does not support this. Make sure every profile section contains the region.

Cannot have a profile named “default” in the config file

The following will not work:

[default]
...

[profile default]
...

The AWS CLI seems to accept this, but the AWS SDK for JavaScript will fail to load the configuration file properly.

How to properly select AWS CLI profiles for your stacks/accounts

See issue #3961

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Reactions:71
  • Comments:68 (17 by maintainers)

github_iconTop GitHub Comments

15reactions
0xdevaliascommented, Feb 11, 2019

Another edge case, in case anyone else runs into it. Using aws-vault

⇒  aws-vault exec myprofile -- cdk diff
Need to perform AWS calls for account unknown-account, but no credentials found. Tried: default credentials.

Looking at ~/.aws/config I had an empty profile: [profile myprofile]

By changing it to include a region, the issue was resolved and cdk diff worked as expected:

[profile myprofile]
region=ap-southeast-2

Maybe updating the error message to be a bit more explicit in what the actual issue is would be helpful?

15reactions
vschumakercommented, Feb 1, 2019

I ran in to the case where a [profile default] of the following format

[default]
output = text
region = us-east-1

[profile default]
role_arn = arn:aws:iam::123456789012:role/myrole
source_profile = default

[profile dev]
source_profile = default
role_arn = arn:aws:iam::987654321012:role/myrole
region = us-east-1

caused the following error, even though my AWS_PROFILE environment variable was set to dev

cdk deploy
Need to perform AWS calls for account unknown-account, but no credentials found. Tried: default credentials.

Removing the [profile default] section allowed me to successfully cdk deploy my stack.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Troubleshooting common AWS CDK issues
This topic describes how to troubleshoot the following issues with the AWS CDK. After updating the AWS CDK, the AWS CDK Toolkit (CLI)...
Read more >
Cannot use AWS SSO credentials with CDK - Stack Overflow
I have tried with a deleted .aws/credentials file as well as one that is just empty. I have deleted everything in aws\sso\cache and...
Read more >
AWS temporary creds with SSO and a CDK workaround
The main problem with AWS credentials is that you set them in IAM and they live forever. It's like taking your password and...
Read more >
Open CDK Guide - The Open Construct Foundation
The AWS CloudDevelopment Kit (CDK) is a framework built on top of CloudFormation that makes it ... issue: CDK CLI does not support...
Read more >
aws-cdk - NPM Package Overview - Socket.dev
CDK Toolkit, the command line tool for CDK apps. ... cdk acknowledge, Acknowledge (and hide) a notice by issue number.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Enable termination protection of a stack

Next page

SecurityGroup connections between stacks lead to cyclic references