By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS CDK bootstrap certificate warning-error

0

I am new to AWS and AWS CDK. I have started to play around with AWS CDK and so far I was able to deploy everything through my Visual Studio Code console. Since yesterday, every time I try to give commands like cdk diff or cdk deploy or even cdk synth I get the following error:

"current credentials could not be used to assume 'arn:aws:iam::XXXXXX:role/cdk-hnb659fds-lookup-role-XXXXXXX-eu-west-1', but are for the right account. Proceeding anyway.(To get rid of this warning, please upgrade to bootstrap version >= 8)"

At first I thought it was something related to Bootstrap version so I ran the following command to check the version that I use: "aws cloudformation describe-stacks --stack-name CDKToolkit --query "Stacks[0].Outputs"

the output is: { "OutputKey": "BootstrapVersion", "OutputValue": "20", "Description": "The version of the bootstrap resources that are currently mastered in this stack" },

However if run "cdk bootstrap" I get this:

Environment aws://XXXXXXXXX/eu-west-1 failed bootstrapping: Error: unable to verify the first certificate at TLSSocket.onConnectSecure (node:_tls_wrap:1600:34) at TLSSocket.emit (node:events:517:28) at TLSSocket.emit (node:domain:489:12) at TLSSocket._finishInit (node:_tls_wrap:1017:8) at ssl.onhandshakedone (node:_tls_wrap:803:12) { code: 'NetworkingError', region: 'eu-west-1', hostname: 'sts.eu-west-1.amazonaws.com', retryable: true, time: 2024-04-19T08:17:51.627Z } unable to verify the first certificate

Can anyone help me please so I can continue my awesome journey to aws cdk, because I am stacked now...

Topics
Management & GovernanceAWS Cloud Development Kit (CDK)
Tags
AWS CloudFormationAWS Cloud Development Kit (CDK)
Language
English
Dimitris
asked 13 days ago181 views
2 Answers
0
Accepted Answer

Do you use ESET Antivirus by any chance? they apparently broke everyone's local node.js on April 17th, 2024

https://forum.eset.com/topic/40702-eset-ssl-protection-produces-an-invalid-certificate-chain-for-nodejs-apps/

short answer is disable SSL/TLS protection in ESET until they push a fix.

  • Open ESET
  • Click Setup
  • click Internet protection
  • click the gear icon by Web Access protection
  • click SSL/TLS
  • turn off "Enable SSL/TLS"

Then wait until ESET pushes a fix fir this before turning it back on.

mike
answered 12 days ago
  • Dimitris
    9 days ago

    Yes! that was it ! Thank you so much!

0

Hello.

There may be a problem with the certificate of the OS you are using, but according to the GitHub issue below, you may be able to temporarily avoid this by setting the Nodejs environment variables.
Therefore, before executing the CDK command, try setting the environment variables using the following command.
https://github.com/aws/aws-cdk/issues/14216#issuecomment-822249343

export NODE_TLS_REJECT_UNAUTHORIZED=0
profile picture
EXPERT
Riku_Kobayashi
answered 13 days ago
  • Dimitris
    13 days ago

    Nope still the same

  • Riku_Kobayashi EXPERT
    13 days ago

    Does the same error occur if you try it on another PC?

  • Dimitris
    13 days ago

    I haven't tried on another PC/Laptop. Until yesterday I was able to run the code and everything was working fine. I didnt change anything at all (code,Roles etc).

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content