Reputation: 11604
CDK v2 update resulting in deployment error with Circle CI CI/CD pipeline
I have updated my cdk from version 1 to version 2, when I tried to do this locally using npm run cdk -- deploy --context awsEnv=dev --all --profile=dev, this works flawlessly.
However when the Circle CI CI/CD pipeline tries to deploy in the same dev environment, it throws an error
User: arn:aws:sts::xxxxxxxx:assumed-role/*******************************************************/jatinmehrotra is not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:**************:xxxxx:parameter/cdk-bootstrap/xxxxxxxxx/version because no identity-based policy allows the ssm:GetParameter action
SO basically Circle CI CI/CD pipeline for deployment assumes the roles and create temporary credentials using aws sts assume role command.
Note:- after updating to cdk v2 I can see a new role, which has the same name as the bootstrap ssm parameter. Does that have to do something with error?
As of now, I think the assume role credentials (even though it has sufficient permissions) are not able to access the bootstrap parameter.
Upvotes: 0
Views: 338
Answers (1)
Reputation: 11604
After some troubleshooting and carefully reading the error logs, i manually updated the role's permission with full SSM parameters permission whose credentials are being used to deploy the resources.
This resolved the issue.
Upvotes: 0
Related Questions
- CDKToolkit failed creation
- AWS CDK Bootstrap itself broken
- CDK not updating
- AWS CDK - Vague error while creating an AWS ECS service
- AWS CDK: Use Previous Build for Deployment
- AWS CDK installation issue
- CDK Deploy results in a "Unexpected token A in JSON at position 0"
- How to upgrade CDK bootstrapping?
- AWS CDK: Detected package version outside of dependency constraint
- AWS CDK CI/CD Pipeline - Deployed Lambda returns ClassNotFoundException