Open kornicameister opened 4 months ago
CICD account 000000 configured OIDC role for Bitbucket Test account 1111111 has CDK toolkit configured
So your pipeline account is 000000 and deploying account is 1111111.
How did you bootstrap the account 1111111? Did you add the --trust
and --trust-for-lookup
for 000000 ?
It's not pipeline account per se.
000000
configures the CICD role that is used inside bitbucket pipelines.
Said role can work with CDK toolkit that's deployed in 1111111.
And yes, the parameters you've mentioned had been set between the accounts.
Here's the piece of code from my codebase that deploys the OUs and accounts:
if (props.cicdAccount) {
parameters = {
...parameters,
TrustedAccounts: [props.cicdAccount],
};
}
const tpl = new CfnInclude(this, 'BootstrapTemplate', {
templateFile: 'bootstrap/bootstrap.yml',
preserveLogicalIds: false,
parameters: {
...parameters,
Qualifier: qualifier,
},
});
bootstrap.yml
is the CFN template that cdk boostrap
generates.
I am utilizing stack sets to deploy same CDK toolkit to numerous accounts at a time.
Describe the bug
I am using Bitbucket pipelines and my authorization is configured via OIDC. I can, without any issue deploy the stacks and other artifacts using configured role.
Stack deployments happen via CDK's exec role that CICD role is able to assume. For sake of the bug let's assume:
If I do not make an attempt to use
--hotswap-fallback
I can deploy from CICD without a problem. The moment I try to use it I get:It seems the problem lies in how SdkProvider.forEnvironment works.
What is quite important to mention is the this error happens at the end of the pipeline. Before that error I have bunch of activity related to publishing assets into deployment account 1111111 and those calls work perfectly:
Below you can find logs from execution without
--hotswap-fallback
:Expected Behavior
I can use
--hotswap-fallback
in CICD environment of Bitbucket that is using OIDC authorization.Current Behavior
Stack cannot be deployed with
--hotswap-fallback
Reproduction Steps
N/A
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.121.1
Framework Version
No response
Node.js Version
20.8
OS
Debian (BB Pipeline)
Language
TypeScript
Language Version
No response
Other information
No response