Reputation: 3
AWS CDK Lookup one peered VPC in another account
I have two VPCs(VPC_A, VPC_B) in two different accounts (AccountA, AccountB) and both VPCs are peered successfully. I have CDK code that has a pipeline stage to deploy to AccountA. I have a need to lookup VPC_B from AccountA's context and lookup & modify security group which is in VPC_B. I have below code written, but it's not working. When I do cdk synth, it gives me an error saying it cannot find VPC_B in AccountA's context.
const vpcB: IVpc = ec2.Vpc.fromLookup(this, 'VPC_B', {
vpcId: 'VPC_B_ID'
});
const SG_B: ISecurityGroup = ec2.SecurityGroup.fromLookupByName(
this,
'SG-B',
'SG-B_ID,
vpcB
);
Here is the synth step in CodePipeline
synthCodeBuildDefaults: {
rolePolicy: [
new PolicyStatement({
actions: ["sts:AssumeRole"],
effect: Effect.ALLOW,
resources: [
'lookup_role_arn_for_account_a
],
}),
]
}
Any help is appreciated
Upvotes: 0
Views: 1286
Answers (1)
Reputation: 144
I don't think you can do this. My suggestion for you is to create another stack on the AccountB and do whatever you want there, separate from AccountA stack.
There was even an issue on their repo about this:
https://github.com/aws/aws-cdk/issues/12754#issuecomment-769786855
Upvotes: 0
Related Questions
- How to import existing VPC in aws cdk?
- How to configure AWS CDK Account and Region to look up a VPC
- How can I reference an existing VPC Endpoint in AWS CDK?
- Cross-account pass role is not allowed in AWS CDK
- VPC Peering in 2 different account via Terraform
- AWS-CDK: Cross account Resource Access and Resource reference
- Listing all the existing VPCs of an account via AWS CDK
- VPC Peering via aws-cdk
- AWS-CDK: Any way to pass vpc cidr through input parameter?
- How to use cdk cross-account access with OIDC and EKS