Questions tagged with AWS Cloud Development Kit (CDK)
Content language: English
Sort by most recent
Is there a way to query Timestream from an Appsync API using an HTTP resolver? Is there any examples of setting that up using the cdk?
I am trying to invoke googleapis through AWS lambda. I am using a google service account to generate server-server authentication.
we have stored the service account details in a JSON file name 'config.json'. Inorder to invoke API for google, we need to create auth object using the 'GoogleAuth' class and pass the config file path as a value to the 'keyfile' property. Though we have provided the correct path location of the file, lambda could not recognize the path and throw error.
For path, I have tried absolute, and relative paths, using Path package with '__dirname", process.env.cwd(), used environment variable etc. I even tried with assets too. I am using AWS cdk to form cloud formation using nodejs. My intention is to invoke google apis using service account credentials with AWS lambda.
```
import {GoogleAuth} from 'google-auth-library'
const auth = new GoogleAuth({
keyFile: 'path/to/file',
scope: SCOPES
})
```
```
undefined ERROR Uncaught Exception {"errorType":"Error","errorMessage":"ENOENT: no such file or directory, open '/keys/config.json'","code":"ENOENT","errno":-2,"syscall":"open","path":"/keys/config.json","stack":["Error: ENOENT: no such file or directory, open '/keys/config.json'"," at Object.openSync (node:fs:601:3)"," at Object.readFileSync (node:fs:469:35)"," at Object.<anonymous> (/var/task/index.js:533512:28)"," at Module._compile (node:internal/modules/cjs/loader:1254:14)"," at Module._extensions..js (node:internal/modules/cjs/loader:1308:10)"," at Module.load (node:internal/modules/cjs/loader:1117:32)"," at Module._load (node:internal/modules/cjs/loader:958:12)"," at Module.require (node:internal/modules/cjs/loader:1141:19)"," at require (node:internal/modules/cjs/helpers:110:18)"," at _tryRequireFile (file:///var/runtime/index.mjs:912:37)"]}
```
```
new UserPoolClient(this, 'Client', {
idTokenValidity: Duration.hours(2),
accessTokenValidity: Duration.hours(2),
// CDK BUG! sets to 1 minute which is error
refreshTokenValidity: Duration.hours(12),
```
is synthesized as:
```
TokenValidityUnits:
AccessToken: minutes
IdToken: minutes
RefreshToken: minutes
RefreshTokenValidity: 1 // <- WRONG!
IdTokenValidity: 120
AccessTokenValidity: 120
```
I have added two very similar OIDC id provider to cognito user pool with cdk.
Why is the <domain>.<region>.amazoncognito.com/oauth2/idpresponse giving error_description=username+attribute+mapping+required&error=invalid_request ?
I have successfully added two OIDC and one SAML id provider.
username is not one of the attributes you can add - it's provided by default.
I'm working on my first CDK stack, and it's frustratingly not working at all. It dies when I go to run deploy with the following error:
```
Building assets failed: Error: Building Assets Failed: Error: FuseArchiver: Socket timed out without establishing a connection
```
If I run it with `cdk deploy -vv` I get these last few lines after it run synthesis:
```
[15:21:15] Retrieved account ID xxxxxxxxx from disk cache
[15:21:15] Assuming role 'arn:aws:iam::xxxxxxxxxxx:role/cdk-hnb-xxxxxx-deploy-role-xxxxxxxxxxxx-us-east-1'.
[15:21:16] Waiting for stack CDKToolkit to finish creating or updating...
[15:21:16] [AWS cloudformation 200 0.081s 0 retries] describeStacks({ StackName: 'CDKToolkit' })
[15:22:35] [AWS ssm undefined 79.686s 6 retries] getParameter({ Name: '/cdk-bootstrap/hnxxxxxds/version' })
[15:22:35] Call failed: getParameter({"Name":"/cdk-bootstrap/hnxxxxxxfds/version"}) => Socket timed out without establishing a connection (code=TimeoutError)
❌ Building assets failed: Error: Building Assets Failed: Error: FuseArchiver: Socket timed out without establishing a connection
at buildAllStackAssets (D:\Users\xxxxx\apps\nvm\v18.15.0\node_modules\aws-cdk\lib\index.js:374:115279)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async CdkToolkit.deploy (D:\Users\xxxxx\apps\nvm\v18.15.0\node_modules\aws-cdk\lib\index.js:374:143496)
at async exec4 (D:\Users\xxxxx\apps\nvm\v18.15.0\node_modules\aws-cdk\lib\index.js:429:51795)
[15:22:52] Reading cached notices from D:\Users\xxxxx\.cdk\cache\notices.json
Building Assets Failed: Error: FuseArchiver: Socket timed out without establishing a connection
[15:22:52] Error: Building Assets Failed: Error: FuseArchiver: Socket timed out without establishing a connection
at buildAllStackAssets (D:\Users\xxxxx\apps\nvm\v18.15.0\node_modules\aws-cdk\lib\index.js:374:115279)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async CdkToolkit.deploy (D:\Users\xxxxx\apps\nvm\v18.15.0\node_modules\aws-cdk\lib\index.js:374:143496)
at async exec4 (D:\Users\xxxxx\apps\nvm\v18.15.0\node_modules\aws-cdk\lib\index.js:429:51795)
```
So it looks like it dies when it goes to talk to AWS SSM with getParameter call. I'm running this from an AWS workspace inside a VPC which should be able to talk to SSM, but can't. I've had some issues with SSM reaching my boxes in the past with permissions, but I think those are resolved.
I'm using node: v18.15.0, CDK 2.69.0, and Windows 10
I created a Kinesis stream and CfnDestination in my account through CDK in <region-1>.
And created CloudWatch logs subscription filters in cross-accounts to stream data to my kinesis.
Now for subscription filters in <region-2> accounts I will need to create CfnDestinations in <region-2>.
I followed [this AWS Article](https://aws.amazon.com/premiumsupport/knowledge-center/streaming-cloudwatch-logs/) to achieve it through CLI. Now I want to integrate this step in my CDK code.
I checked through various AWS resources/articles & went through the CfnDestination code base, but couldn't find any place in code where I can specify the region where the CfnDestination should be created.
Hello,
I'm using Java CDK to create a new ECR instance. Here is a code fragment:
Repository.Builder.create(scope, id).imageScanOnPush(true)
.repositoryName("my-registry").removalPolicy(RemovalPolicy.DESTROY).build();
Looking in the AWS Console, the name of the new created repository is "null/my-registry" instead of "my-registry".
If I create the new ECR instance in AWS Console then its name is created as expected, i.e. "my-registry" and not "null/my-registry".
What am I doing wrong here ?
Many thanks in advance.
Nicolas
When I use @aws-solutions-constructs/aws-sns-sqs, the construct creates its own topic and queue, and makes the subscription between them, regardless of whether I specify existingTopicObj and/or existingQueueObj. E.g.,
```
// subscribe the queue to the ihsTopic (from the global stack)
const snsToSqsStack = new SnsToSqs(this, env.buildId(baseStackName, 'SnsToSqsPattern'), {
existingTopicObj: ihsTopic
});
```
results in the creation of
```
dev2-MPNManagementIHSStack-dev2MPNManagementIHSSnsToSqsPatternSnsTopic3CE13A35-dK7u7eSgJnJ6
subscription: 72965362-92af-4ee3-8fb4-398e90ed93dd arn:aws:sqs:us-west-1:225996342467:dev2-MPN...
```
rather than using the specified
```
dev2-MPNManagementGlobalIHSTopic
```
I understand that this is still in 'experimental' status, so should I not expect this feature to work?
Please advise, thank, Mitchell
Any active projects on the CDK roadmap for a FSx Windows file system L2 construct? I just searched through the roadmap repo in GitHub and could not find any. I currently use the cfnFileSystem L1 construct to deploy a FSx file system plus an ec2.instance L2 construct to deploy a FSx file gateway appliance. However, I could use support for activating the gateway and attaching a file system to the former. Thanks.
My CDK app has two stacks defined, one for a prod environment and one for a dev environment. I have a CloudFront function defined in the stack with a different file path for dev and prod builds (the behavior of the function necessarily needs to be different for dev and prod, i.e. the dev function implements basic authentication so that the dev site will not be publicly accessible and I don't want that code on the prod side). So for example, the CloudFront function is defined as follows:
```
const cfViewerRequest = new cloudfront.Function(this, "MySite-CFViewerRequest", {
code: cloudfront.FunctionCode.fromFile({filePath: `backend/functions/cf-viewer-request/build-${props.stage}/index.js`}),
functionName: `MySite-CFViewerRequest-${props.stage}`,
comment: `MySite-CFViewerRequest-${props.stage}`
});
```
The idea here is that when the "stage" prop is passed to the stack constructor (it is set to either "dev" or "prod"), the resulting file path for the function will either be "build-dev" or "build-prod". However, if I only build the dev version, I get an error `ENOENT: no such file or directory, open 'backend/functions/cf-viewer-request/build-prod/index.js'` when running cdk synth with the dev stack name, since only the dev resource was built. The same goes for other resources, such as the CloudFront deployment, which also has specific dev and prod build directories. How can I run CDK commands for the dev stack without having to build the prod resources beforehand?
Or is there a better way I should be going about this?
Here is the entry point code:
```
#!/usr/bin/env node
import "source-map-support/register";
import * as cdk from "aws-cdk-lib";
import { MySiteStack } from "../lib/my-site-stack";
const app = new cdk.App();
new MySiteStack(app, "MySiteDev", {
env: { account: "012345678901", region: "us-east-1" },
stage: "dev",
});
new MySiteStack(app, "MySiteProd", {
env: { account: "109876543210", region: "us-east-1" },
stage: "prod",
});
```
I received an email to inform me to update some CDK stacks to version 2 or all of my stacks firstly created with CDK 1 were migrated on v2 from January 2022.
Despite several searches via the console or using [awscdk-v1-stack-finder](https://github.com/cdklabs/awscdk-v1-stack-finder) No stacks were found.
CDK v1 entered on end-of-support period on June 1, 2023. So I would like to make sure that I don't have andy stacks or nested stacks in CDK v1.
Do you have any idea how to do this ?
Hi, I just did as I always used to do:
* Create a Cloud9 using Amazon Linux 2
* upgrade AWS CLI to v2
* initialize a CDK app and add some sample code
* I am logged on using a role that has 'AdministratorAccess' policy attached and it is assumed by Cloud9.
* CDK is bootstrapped.
Running 'cdk deploy' now gives the following error:
```
current credentials could not be used to assume 'arn:aws:iam::ACCOUNTNUMBER:role/cdk-hnb659fds-deploy-role-ACCOUNTNUMBER-eu-central-1', but are for the right account. Proceeding anyway.
❌ Building assets failed: Error: Building Assets Failed: Error: TestStack: The security token included in the request is invalid
at buildAllStackAssets (/home/ec2-user/.nvm/versions/node/v16.19.1/lib/node_modules/cdk/node_modules/aws-cdk/lib/index.js:362:115279)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async CdkToolkit.deploy (/home/ec2-user/.nvm/versions/node/v16.19.1/lib/node_modules/cdk/node_modules/aws-cdk/lib/index.js:362:142800)
at async exec4 (/home/ec2-user/.nvm/versions/node/v16.19.1/lib/node_modules/cdk/node_modules/aws-cdk/lib/index.js:417:51795)
Building Assets Failed: Error: TestStack: The security token included in the request is invalid
```
* I deleted the CDKToolkit stack and did run 'cdk bootstrap' again, it created the stack again. So apparently this works.
* Running ' aws sts get-caller-identity' also shows the right role.
* I also tried on an old instance that was stopped, getting same result.
Ideas?