Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Unable to create multiple CodeBuild stages in CodePipeline using CDK

See original GitHub issue

I am trying to create two codebuild.PipelineProject objects to add as stages to a codepipeline.Pipeline object. I am using the same service role for both CodeBuilds. When creating a new CodeBuild project, it tries to add VPC required permissions in the addVpcRequiredPermissions method in project.ts with the hardcoded name CodeBuildEC2Policy. The problem is that I am using the same role, so CDK tries to attach two policies to the same role (one for each CodeBuild) with the same hardcoded name and it fails with the error stating A policy named "CodeBuildEC2Policy" is already attached.

I know through AWS Console or CloudFormation templates I can use the same role for multiple CodeBuilds, so we shouldn’t be forced to create multiple roles for CDK to work. I believe in the addVpcRequiredPermissions method the policy name should have a unique ID attached to it so clashing policy names shouldn’t happen. Or at the very least check if there already exists a policy with the same permissions attached to the role.

Reproduction Steps

let build1 = new codebuild.PipelineProject(
  // ...
  role: this.codeBuildRole
);
let build2 = new codebuild.PipelineProject(
  // ...
  role: this.codeBuildRole
);

Error Log

A policy named "CodeBuildEC2Policy" is already attached

C:\Users\user\<redacted>\node_modules\@aws-cdk\core\lib\construct.ts:53
          throw new Error(`Validation failed with the following errors:\n  ${errorList}`);
                ^
Error: Validation failed with the following errors:
  [<redacted>/PolicyDocument] Policy must be attached to at least one principal: user, group or role
    at Function.synth (C:\Users\user\<redacted>\node_modules\@aws-cdk\core\lib\construct.ts:53:17)
    at App.synth (C:\Users\user\<redacted>\node_modules\@aws-cdk\core\lib\app.ts:128:36)
    at process.App.process.once (C:\Users\user\<redacted>\node_modules\@aws-cdk\core\lib\app.ts:111:45)
    at Object.onceWrapper (events.js:277:13)
    at process.emit (events.js:189:13)
    at process.EventEmitter.emit (domain.js:441:20)
    at process.emit (C:\Users\user\<redacted>\node_modules\source-map-support\source-map-support.js:465:21)
    at process.topLevelDomainCallback (domain.js:120:23)
Subprocess exited with error 1

Environment

CDK CLI Version : CDK version
Angular CLI : 1.6.0, Angular CI: 7.3.8
OS : Windows 10
Language : Typescript

This is 🐛 Bug Report

Issue Analytics

State:
Created 4 years ago
Reactions:1
Comments:7 (4 by maintainers)

Top GitHub Comments

1reaction

redi-kilicbcommented, Jan 9, 2020

Just tested with 1.20.0 and verified that it’s working now. I was able to create multiple CodeBuildActions and no longer getting this error message. Thanks!

1reaction

skinny85commented, Dec 27, 2019

Hey @NamiKimTR , version 1.20.0 of the CDK (including the fix in #5385 ) should be released next week.