Hello
We have migrated our AWS CDK from version 1 to ver 2. After first run new with new cdk it failed and asked to run cdk bootstrap
. After run bootstrap, it switched to new version and after that it stopped upload/publish assets to S3 due to permissions issue. It failed with next error:
current credentials could not be used to assume 'arn:aws:iam::1234567890:role/cdk-hnb659fds-deploy-role-1234567890-ap-southeast-2', but are for the right account. Proceeding anyway.
[0%] start: Publishing b78d53a4e13604c990990d071559d16689ce158c2dfc2a01824190f31228a3bc:current_account-current_region
current credentials could not be used to assume 'arn:aws:iam:: 1234567890:role/cdk-hnb659fds-file-publishing-role-1234567890-ap-southeast-2', but are for the right account. Proceeding anyway.
[100%] fail: Bucket named 'cdk-hnb659fds-assets-1234567890-ap-southeast-2' exists, but not in account 1234567890. Wrong account?
I tried run bootstrap with different options: cdk bootstrap
and with cdk bootstrap --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess
but no luck.
Please help understood the problem and resolve it.
Thanks, Stanislav
Issue was fixed myself.
Root-cause: By unknown reason the bootstrap process doesn't ask and create/attach IAM user from with we doing the deployment to new created cdk- roles. Official documentations doesn't told nothing about that.
Fix: I added IAM users with assume role permission for allow them access to resources following this answer https://stackoverflow.com/a/68898448/2227931