Closed c0debreaker closed 10 months ago
It's fixed. The role it was using didn't have proper permissions.
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.
Describe the bug
Unable to cdk bootstrap. I am getting tons of errors relating to IAM issues. I've tried version 2.93.0 and 2.95.0 of aws-cdk with no luck. Here is the result of
cdk bootstrap
. I also tried it on 2 different AWS accounts` $ cdk bootstrap
⏳ Bootstrapping environment aws://1111222233334/us-east-1... Trusted accounts for deployment: (none) Trusted accounts for lookup: (none) Using default execution policy of 'arn:aws:iam::aws:policy/AdministratorAccess'. Pass '--cloudformation-execution-policies' to customize. CDKToolkit: creating CloudFormation changeset... 8:19:40 AM | CREATE_FAILED | AWS::IAM::Role | LookupRole API: iam:GetRole User: arn:aws:sts::1111222233334:assumed-role/cdk-toolkit/AWSCloudFormation is not authorized to perform: iam:GetRole on resource: role cdk-hnb659fds-lookup-role-1111222233334-us-east-1 because no identity-based policy allows the iam:GetRole action
8:19:40 AM | CREATE_FAILED | AWS::IAM::Role | CloudFormationExecutionRole API: iam:GetRole User: arn:aws:sts::1111222233334:assumed-role/cdk-toolkit/AWSCloudFormation is not authorized to perform: iam:GetRole on resource: role cdk-hnb659fds-cfn-exec-role-1111222233334-us-east-1 because no identity-based policy allows the iam:GetRole action
8:19:40 AM | CREATE_FAILED | AWS::IAM::Role | FilePublishingRole API: iam:GetRole User: arn:aws:sts::1111222233334:assumed-role/cdk-toolkit/AWSCloudFormation is not authorized to perform: iam:GetRole on resource: role cdk-hnb659fds-file-publishing-role-1111222233334-us-east-1 because no identity-based policy allows the iam:GetRole ac tion
8:19:40 AM | CREATE_FAILED | AWS::IAM::Role | ImagePublishingRole API: iam:GetRole User: arn:aws:sts::1111222233334:assumed-role/cdk-toolkit/AWSCloudFormation is not authorized to perform: iam:GetRole on resource: role cdk-hnb659fds-image-publishing-role-1111222233334-us-east-1 because no identity-based policy allows the iam:GetRole a ction
❌ Environment aws://1111222233334/us-east-1 failed bootstrapping: Error: The stack named CDKToolkit failed to deploy: UPDATE_ROLLBACK_COMPLETE: API: iam:GetRole User: arn:aws:sts::1111222233334:assumed-role/cdk-toolkit/AWSCloudFormation is not authorized to perform: iam:GetRole on resource: role cdk-hnb659fds-lookup-role-1111222233334-us-east-1 because no identity-based policy allows the iam:GetRole action, API: iam:GetRole User: arn:aws:sts::1111222233334:assumed-role/cdk-toolkit/AWSCloudFormation is not authorized to perform: iam:GetRole on resource: role cdk-hnb659fds-cfn-exec-role-1111222233334-us-east-1 because no identity-based policy allows the iam:GetRole action, API: iam:GetRole User: arn:aws:sts::1111222233334:assumed-role/cdk-toolkit/AWSCloudFormation is not authorized to perform: iam:GetRole on resource: role cdk-hnb659fds-file-publishing-role-1111222233334-us-east-1 because no identity-based policy allows the iam:GetRole action, API: iam:GetRole User: arn:aws:sts::1111222233334:assumed-role/cdk-toolkit/AWSCloudFormation is not authorized to perform: iam:GetRole on resource: role cdk-hnb659fds-image-publishing-role-1111222233334-us-east-1 because no identity-based policy allows the iam:GetRole action at FullCloudFormationDeployment.monitorDeployment (/Users/jmeyers/.nvm/versions/node/v18.17.1/lib/node_modules/aws-cdk/lib/index.js:443:10236) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async /Users/jmeyers/.nvm/versions/node/v18.17.1/lib/node_modules/aws-cdk/lib/index.js:448:2104 at async Promise.all (index 0) at async CdkToolkit.bootstrap (/Users/jmeyers/.nvm/versions/node/v18.17.1/lib/node_modules/aws-cdk/lib/index.js:448:1949) at async exec4 (/Users/jmeyers/.nvm/versions/node/v18.17.1/lib/node_modules/aws-cdk/lib/index.js:521:52797)
The stack named CDKToolkit failed to deploy: UPDATE_ROLLBACK_COMPLETE: API: iam:GetRole User: arn:aws:sts::1111222233334:assumed-role/cdk-toolkit/AWSCloudFormation is not authorized to perform: iam:GetRole on resource: role cdk-hnb659fds-lookup-role-1111222233334-us-east-1 because no identity-based policy allows the iam:GetRole action, API: iam:GetRole User: arn:aws:sts::1111222233334:assumed-role/cdk-toolkit/AWSCloudFormation is not authorized to perform: iam:GetRole on resource: role cdk-hnb659fds-cfn-exec-role-1111222233334-us-east-1 because no identity-based policy allows the iam:GetRole action, API: iam:GetRole User: arn:aws:sts::1111222233334:assumed-role/cdk-toolkit/AWSCloudFormation is not authorized to perform: iam:GetRole on resource: role cdk-hnb659fds-file-publishing-role-1111222233334-us-east-1 because no identity-based policy allows the iam:GetRole action, API: iam:GetRole User: arn:aws:sts::1111222233334:assumed-role/cdk-toolkit/AWSCloudFormation is not authorized to perform: iam:GetRole on resource: role cdk-hnb659fds-image-publishing-role-1111222233334-us-east-1 because no identity-based policy allows the iam:GetRole action `
Expected Behavior
cdk tool should bootstrap the app
Current Behavior
It's failing with errors as shown above
Reproduction Steps
Before running
cdk bootstrap
, I had to export 3 AWS env variables to make my credentials work. The account I used has admin rights.Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.95.0
Framework Version
No response
Node.js Version
18.17.1
OS
macos
Language
Python
Language Version
Python 3.9.0