Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Obscure error message 'Bucket named 'bucket-name' exists, but not in account [object Object]. Wrong account?'

See original GitHub issue

When running CDK deploy trying to deploy assets in preexisting CDK buckets, created by the bootstrap process without the necessary s3:getBucketLocation permission, the deployment fails with a message like Obscure error message ‘Bucket named ‘bucket-name’ exists, but not in account [object Object]. Wrong account?’ Notice that the bucket does exist in the account, it’s just a permission issue.

Reproduction Steps

Theoretical yet, but it should happen when trying to make a deploy to an account which already contains the assets being deployed in S3 from a previous bootstrap (at least there’s where we saw it happening).

It’s very likely that this can be reproduce by doing the same as in https://github.com/aws/aws-cdk/issues/4039, but only removing the s3:getBucketLocation permission.

Error Log

'Bucket named 'bucket-name' exists, but not in account [object Object]. Wrong account?'

Environment

CLI Version :
**Framework Version: 1.1.0
**OS : Linux x64
**Language : English

Other

Checking the code in https://github.com/aws/aws-cdk/blob/a75f711aea3dac83c6feec885b7df9b14a39486e/packages/cdk-assets/lib/private/handlers/files.ts you can see that when there is a permissions error, this message will be shown. Also, account is sent as an object and it stringifies into [objest Object]

This is 🐛 Bug Report

Issue Analytics

State:
Created 4 years ago
Reactions:29
Comments:16 (7 by maintainers)

Top GitHub Comments

33reactions

oscarnevarezlealcommented, Aug 18, 2020

I can confirm the error is related to a lack of permissions as @pmarrone mentioned. I had a task definition complaining about the same problem. The policy below worked for my situation.

taskDefinition.addToTaskRolePolicy(
      new iam.PolicyStatement({
        resources: ["arn:aws:s3:::cdktoolkit-stagingbucket-*"],
        actions: ["s3:*Object", "s3:ListBucket", 's3:getBucketLocation'],
      })
    );

15reactions

cnilakcommented, Aug 14, 2020

Any update on this? I am still getting the same error, I even updated the bucket policy as below:: { “Version”: “2012-10-17”, “Id”: “AccessControl”, “Statement”: [ { “Sid”: “UpdateBucketPolicy”, “Effect”: “Allow”, “Principal”: { “AWS”: “arn:aws:iam::{…acount id…}:root” }, “Action”: "s3:", “Resource”: [ “arn:aws:s3:::bucketnamefordemo”, “arn:aws:s3:::bucketnamefordemo/” ] } ] }

Top Results From Across the Web

CDK deploy results in "Bucket named 'x' exists, but not in ...

The error message is rather misleading. The S3 bucket is highly likely to exist in another account if you have access to several...

awslabs/aws-cdk - Gitter

I'm trying to avoid CDK creating a bucket on its own for uploading assets. ... 'cdktoolkit-stagingbucket-xxxxxxx' exists, but not in account [object Object] ......

"Bucket name already exists", but it is not listed on the S3 ...

Today, when i tried to create a new S3 bucket, it gives me an error.. "Bucket name already exists". Ironically, it is not...

Buckets overview - Amazon Simple Storage Service

A bucket is a container for objects stored in Amazon S3. You can store any number of objects in a bucket and can...

A deep dive into AWS S3 access controls - Detectify Labs

Look at response headers of objects in the bucket to see if they have meta data that reveals the bucket name. Look at...