CDK v2 failed publish assets to cdk-hnb659fds-assets-* bucket

0

Hello

We have migrated our AWS CDK from version 1 to ver 2. After first run new with new cdk it failed and asked to run cdk bootstrap. After run bootstrap, it switched to new version and after that it stopped upload/publish assets to S3 due to permissions issue. It failed with next error:

current credentials could not be used to assume 'arn:aws:iam::1234567890:role/cdk-hnb659fds-deploy-role-1234567890-ap-southeast-2', but are for the right account. Proceeding anyway.
[0%] start: Publishing b78d53a4e13604c990990d071559d16689ce158c2dfc2a01824190f31228a3bc:current_account-current_region
current credentials could not be used to assume 'arn:aws:iam:: 1234567890:role/cdk-hnb659fds-file-publishing-role-1234567890-ap-southeast-2', but are for the right account. Proceeding anyway.
[100%] fail: Bucket named 'cdk-hnb659fds-assets-1234567890-ap-southeast-2' exists, but not in account 1234567890. Wrong account?

I tried run bootstrap with different options: cdk bootstrap and with cdk bootstrap --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess but no luck.

Please help understood the problem and resolve it.

Thanks, Stanislav

  • Issue was fixed myself.

    Root-cause: By unknown reason the bootstrap process doesn't ask and create/attach IAM user from with we doing the deployment to new created cdk- roles. Official documentations doesn't told nothing about that.

    Fix: I added IAM users with assume role permission for allow them access to resources following this answer https://stackoverflow.com/a/68898448/2227931

asked 2 years ago128 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions