Closed NewReactDev2954 closed 1 year ago
cdk bootstrap
just deploys a CloudFormation template, see our bootstrapping documentation here for information on how it works, and how to customize your bootstrapping experience.
Since it's just deploying a template, it will try to create roles with the names that already exist in your account + region because they haven't been deleted. You have a few options here if you still need to bootstrap your account + region: modify the template such that you change the names of the roles that are created, remove the roles from the template that have already been created, or find a way to get permission to delete the roles
If a role or another resource exists and creation fails, CDKToolkit should assume the role or link the other resource rather than failing the bootstrap and deployment.
When you bootstrap you are explicitly saying that you want the resources in the template to be created within your account. This is unrelated to your CDK app, so there is no role assumption or linking happening here, just resource creation.
I'm converting this to a discussion as that is the best place to continue this if you have any followup questions
Describe the bug
After reverting CDK v2 implementation to address environment issues, when redeploying I receive an error stating that the roles created during the initial deployment already exists. I am unable to delete these policies due to our company's IAM restrictions.
Expected Behavior
If a role or another resource exists and creation fails, CDKToolkit should assume the role or link the other resource rather than failing the bootstrap and deployment.
Current Behavior
Bootstrapping environment aws://{{accountID}}/us-east-1... Trusted accounts for deployment: (none) Trusted accounts for lookup: (none) Using default execution policy of 'arn:aws:iam::aws:policy/AdministratorAccess'. Pass '--cloudformation-execution-policies' to customize. CDKToolkit: creating CloudFormation changeset... CDKToolkit | 0/12 | 10:07:11 PM | REVIEW_IN_PROGRESS | AWS::CloudFormation::Stack | CDKToolkit User Initiated CDKToolkit | 0/12 | 10:07:16 PM | CREATE_IN_PROGRESS | AWS::CloudFormation::Stack | CDKToolkit User Initiated CDKToolkit | 0/12 | 10:07:21 PM | CREATE_IN_PROGRESS | AWS::IAM::Role | CloudFormationExecutionRole CDKToolkit | 0/12 | 10:07:21 PM | CREATE_IN_PROGRESS | AWS::IAM::Role | FilePublishingRole CDKToolkit | 0/12 | 10:07:21 PM | CREATE_IN_PROGRESS | AWS::IAM::Role | LookupRole CDKToolkit | 0/12 | 10:07:21 PM | CREATE_IN_PROGRESS | AWS::SSM::Parameter | CdkBootstrapVersion CDKToolkit | 0/12 | 10:07:21 PM | CREATE_IN_PROGRESS | AWS::ECR::Repository | ContainerAssetsRepository CDKToolkit | 0/12 | 10:07:21 PM | CREATE_IN_PROGRESS | AWS::S3::Bucket | StagingBucket CDKToolkit | 0/12 | 10:07:21 PM | CREATE_IN_PROGRESS | AWS::IAM::Role | ImagePublishingRole CDKToolkit | 0/12 | 10:07:22 PM | CREATE_FAILED | AWS::IAM::Role | LookupRole cdk-hnb659fds-lookup-role-{{accountID}}-us-east-1 already exists CDKToolkit | 0/12 | 10:07:22 PM | CREATE_FAILED | AWS::IAM::Role | CloudFormationExecutionRole cdk-hnb659fds-cfn-exec-role-{{accountID}}-us-east-1 already exists CDKToolkit | 0/12 | 10:07:22 PM | CREATE_FAILED | AWS::IAM::Role | FilePublishingRole cdk-hnb659fds-file-publishing-role-{{accountID}}-us-east-1 already exists CDKToolkit | 0/12 | 10:07:22 PM | CREATE_FAILED | AWS::IAM::Role | ImagePublishingRole cdk-hnb659fds-image-publishing-role-{{accountID}}-us-east-1 already exists CDKToolkit | 0/12 | 10:07:22 PM | CREATE_FAILED | AWS::ECR::Repository | ContainerAssetsRepository Resource creation cancelled CDKToolkit | 0/12 | 10:07:22 PM | CREATE_FAILED | AWS::S3::Bucket | StagingBucket Resource creation cancelled CDKToolkit | 0/12 | 10:07:22 PM | CREATE_FAILED | AWS::SSM::Parameter | CdkBootstrapVersion Resource creation cancelled CDKToolkit | 0/12 | 10:07:23 PM | ROLLBACK_IN_PROGRESS | AWS::CloudFormation::Stack | CDKToolkit The following resource(s) failed to create: [ImagePublishingRole, FilePublishingRole, CdkBootstrapVersion, LookupRole, StagingBucket, CloudFormationExecutionRole, ContainerAssetsRepository]. Rollback requested by user. CDKToolkit | 1/12 | 10:07:28 PM | DELETE_COMPLETE | AWS::IAM::Role | ImagePublishingRole CDKToolkit | 2/12 | 10:07:28 PM | DELETE_COMPLETE | AWS::IAM::Role | LookupRole CDKToolkit | 3/12 | 10:07:28 PM | DELETE_COMPLETE | AWS::IAM::Role | CloudFormationExecutionRole CDKToolkit | 4/12 | 10:07:28 PM | DELETE_COMPLETE | AWS::IAM::Role | FilePublishingRole CDKToolkit | 5/12 | 10:07:28 PM | DELETE_COMPLETE | AWS::ECR::Repository | ContainerAssetsRepository CDKToolkit | 5/12 | 10:07:28 PM | DELETE_SKIPPED | AWS::S3::Bucket | StagingBucket CDKToolkit | 6/12 | 10:07:28 PM | DELETE_COMPLETE | AWS::SSM::Parameter | CdkBootstrapVersion CDKToolkit | 7/12 | 10:07:29 PM | ROLLBACK_COMPLETE | AWS::CloudFormation::Stack | CDKToolkit Failed resources: CDKToolkit | 10:07:22 PM | CREATE_FAILED | AWS::IAM::Role | LookupRole cdk-hnb659fds-lookup-role-{{accountID}}-us-east-1 already exists CDKToolkit | 10:07:22 PM | CREATE_FAILED | AWS::IAM::Role | CloudFormationExecutionRole cdk-hnb659fds-cfn-exec-role-{{accountID}}-us-east-1 already exists CDKToolkit | 10:07:22 PM | CREATE_FAILED | AWS::IAM::Role | FilePublishingRole cdk-hnb659fds-file-publishing-role-{{accountID}}-us-east-1 already exists CDKToolkit | 10:07:22 PM | CREATE_FAILED | AWS::IAM::Role | ImagePublishingRole cdk-hnb659fds-image-publishing-role-{{accountID}}-us-east-1 already exists ❌ Environment aws://{{accountID}}/us-east-1 failed bootstrapping: Error: The stack named CDKToolkit failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: cdk-hnb659fds-lookup-role-{{accountID}}-us-east-1 already exists, cdk-hnb659fds-cfn-exec-role-{{accountID}}-us-east-1 already exists, cdk-hnb659fds-file-publishing-role-{{accountID}}-us-east-1 already exists, cdk-hnb659fds-image-publishing-role-{{accountID}}-us-east-1 already exists at FullCloudFormationDeployment.monitorDeployment (/builds/{{projectPath}}/infra/node_modules/aws-cdk/lib/index.js:371:10236) at processTicksAndRejections (internal/process/task_queues.js:95:5) at async /builds/{{projectPath}}/infra/node_modules/aws-cdk/lib/index.js:376:2104 at async Promise.all (index 0) at async CdkToolkit.bootstrap (/builds/{{projectPath}}/infra/node_modules/aws-cdk/lib/index.js:376:1949) at async exec4 (/builds/{{projectPath}}/infra/node_modules/aws-cdk/lib/index.js:429:51795) The stack named CDKToolkit failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: cdk-hnb659fds-lookup-role-{{accountID}}-us-east-1 already exists, cdk-hnb659fds-cfn-exec-role-{{accountID}}-us-east-1 already exists, cdk-hnb659fds-file-publishing-role-{{accountID}}-us-east-1 already exists, cdk-hnb659fds-image-publishing-role-{{accountID}}-us-east-1 already exists npm ERR! code ELIFECYCLE
Reproduction Steps
Deploy and bootstrap using CDK v2, revert changes, and redeploy.
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.70.0
Framework Version
No response
Node.js Version
16.20.0
OS
Amazon Linux
Language
Typescript
Language Version
TypeScript (4.9.5)
Other information
No response