aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.65k stars 3.91k forks source link

[cdk deploy] cdk deploy does not take into account the specific bootstrap qualifier #18453

Closed VXConsulting closed 2 years ago

VXConsulting commented 2 years ago

What is the problem?

I had bootstraped my account with the following qualifier : devops The synth command synthesizes the stack with the correct values of bootstrap : BootstrapVersion: Type: AWS::SSM::Parameter::Value<String> Default: /cdk-bootstrap/devops/version Description: Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]

Reproduction Steps

cdk bootstrap --qualifier devops aws://xxxx/eu-west-1

My stack is:

InfraBackbonePipelineStack(app, stackName, { synthesizer: new DefaultStackSynthesizer({ qualifier: "devops"})

Then I execute : cdk deploy

What did you expect to happen?

Deployment of the stack using the correct bootstrap qualifier 'devops'

What actually happened?

But the cdk deploy commands is always in error: Error [ValidationError]: Unable to fetch parameters [/cdk-bootstrap/hnb659fds/version] from parameter store for this account.

CDK CLI Version

2.8

Framework Version

No response

Node.js Version

14.17.3

OS

Ubuntu 20.04

Language

Typescript

Language Version

Typescript 4.5.4

Other information

No response

mrpackethead commented 2 years ago

Have you modifiyed your cdk.json to reflect that you are not using the default qualifier?

hnb659fds is the default value for a cdk project.

VXConsulting commented 2 years ago

Yes I have. But, I detected that this problem now occurs only on one account. I will clean the stacks and the bootstrap stack and see if I still have the problem.

peterwoodworth commented 2 years ago

Let us know once you have an update here 🙂

github-actions[bot] commented 2 years ago

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

emccullagh commented 2 years ago

Just hit this issue as well, on an environment that doesn't have the default CDK bootstrap stack deployed. So no /cdk-bootstrap/hnb659fds/version SSM param existed. I've tried setting the qualifier in both the cdk.json file and via the DefaultStackSynthesizer, but I still get the same ValidationError mentioned above. I'm using CDK v2.8.0, but also got the error with v2.7.0. If I manually create the /cdk-bootstrap/hnb659fds/version SSM param cdk deploy works using the qualifier

abhisjoshi commented 2 years ago

Have encountered the same issue. It happens when you have deployed a resource and later change the qualifier for the bootstrap. Even even after setting the value of the new qualifier in the app, during the deploy one gets this error. So it seems changing the qualifier impacts any apps that were previously deployed.

Steps to replicate:

cdk bootstrap qualifier --external Changes to app (cdk.json) to use this qualifier "@aws-cdk/core:bootstrapQualifier": "external" cdk deploy change the qualifier to internal "cdk bootstrap qualifier --internal" Changes to app (cdk.json) to use this qualifier "@aws-cdk/core:bootstrapQualifier": "internal" cdk deploy - this step gives an error:

MyCdkStack failed: Error [ValidationError]: Unable to fetch parameters [/cdk-bootstrap/external/version] from parameter store for this account. at Request.extractError (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/protocol/query.js:50:29) at Request.callListeners (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/sequential_executor.js:106:20) at Request.emit (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/sequential_executor.js:78:10) at Request.emit (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/request.js:686:14) at Request.transition (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/request.js:22:10) at AcceptorStateMachine.runTo (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/state_machine.js:14:12) at /usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/state_machine.js:26:10 at Request.<anonymous> (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/request.js:38:9) at Request.<anonymous> (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/request.js:688:12) at Request.callListeners (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/sequential_executor.js:116:18) { code: 'ValidationError', time: 2022-02-02T06:10:04.825Z, requestId: '1e8887ad-e555-4ffa-b223-5c5038dd3a4f', statusCode: 400, retryable: false, retryDelay: 343.7898234226937 } Unable to fetch parameters [/cdk-bootstrap/external/version] from parameter store for this account.

abhisjoshi commented 2 years ago

By default, the AWS CDK retains values of parameters from previous deployments and uses them in subsequent deployments if they are not specified explicitly.

To resolve the issue, I use the command listed below.

cdk deploy --no-previous-parameters

peterwoodworth commented 2 years ago

Thanks for posting your findings @abhisjoshi, much appreciated 🙂 Hopefully this was the root cause for the others as well

VXConsulting commented 2 years ago

Thanks it works :-)

github-actions[bot] commented 2 years ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.

fargito commented 1 year ago

By default, the AWS CDK retains values of parameters from previous deployments and uses them in subsequent deployments if they are not specified explicitly.

To resolve the issue, I use the command listed below.

cdk deploy --no-previous-parameters

Thanks @abhisjoshi, this saved me a lot of effort!

rmjwilbur commented 2 months ago

Hi @peterwoodworth - I encountered the same behaviour today with v2.149.0. My thoughts on this are:

CodeSammich commented 1 month ago

+1 This is still not resolved. Please add support for cdk deploy qualifiers, since you have already added it for cdk bootstrap.

In some cases, it is not possible to access cdk.json, such as if the CDK CLI is called by another application indirectly (e.g. cdk deploy --app).

Even when trying to deploy with cdk deploy --toolkit-stack-name, it still defaults to the default value.

The lack of qualifiers directly inhibits use in certain policies, such as within SCPs.