codepipeline-actions: CloudFormationCreateUpdateStackAction fails when lambda requires assets

[traysonkelii]

Describe the issue

I have a few stacks (ServiceStack,AuthenticationStack, and DataStorageStack). All of which work when deployed locally from the CLI. I decided to try and create a simple CICD pipeline using thePipeline construct from the aws-cdk-lib/aws-codepipeline module. A simple github source to main, along with a simple build step (npm ci, cdk synth). I then use the cdk.out generated in an artifact to perform actions specifically the CloudFormationCreateUpdateStackAction on the stacks (essentially update them). Below is the code for the PipelineStack:

export class PipelineStack extends Stack {
  constructor(scope: Construct, id: string, props?: StackProps) {
    super(scope, id, props);

    const pipeline = new Pipeline(this, "Pipeline", {
      pipelineName: "CombatSportsRankingPipeline",
      crossAccountKeys: false,
    });

    const sourceOutput = new Artifact("sourceOutput");

    pipeline.addStage({
      stageName: "Source",
      actions: [
        new GitHubSourceAction({
          owner: "XXXX",
          repo: "XXXX",
          branch: "main",
          actionName: "Pipeline_Source",
          oauthToken: SecretValue.secretsManager(
            "XXXX"
          ),
          output: sourceOutput,
        }),
      ],
    });

    const codeBuildOutput = new Artifact("codeBuildOutput");

    pipeline.addStage({
      stageName: "Build",
      actions: [
        new CodeBuildAction({
          actionName: "Code_Build",
          input: sourceOutput,
          outputs: [codeBuildOutput],
          project: new PipelineProject(this, "CodeBuildProject", {
            environment: {
              buildImage: LinuxBuildImage.STANDARD_7_0,
            },
            buildSpec: BuildSpec.fromSourceFilename(
              "build-specs/code-build.yml"
            ),
          }),
        }),
      ],
    });

    pipeline.addStage({
      stageName: "Pipeline_Update",
      actions: [
        new CloudFormationCreateUpdateStackAction({
          actionName: "Pipeline_Update",
          stackName: "PipelineStack",
          templatePath: codeBuildOutput.atPath("PipelineStack.template.json"),
          adminPermissions: true,
        }),
      ],
    });

    pipeline.addStage({
      stageName: "DataStorage_Update",
      actions: [
        new CloudFormationCreateUpdateStackAction({
          actionName: "DataStorage_Update",
          stackName: "DataStorageStack",
          templatePath: codeBuildOutput.atPath(
            "DataStorageStack.template.json"
          ),
          adminPermissions: true,
        }),
      ],
    });

    pipeline.addStage({
      stageName: "Authorization_Update",
      actions: [
        new CloudFormationCreateUpdateStackAction({
          actionName: "Authorization_Update",
          stackName: "AuthorizationStack",
          templatePath: codeBuildOutput.atPath(
            "AuthorizationStack.template.json"
          ),
          adminPermissions: true,
        }),
      ],
    });

    pipeline.addStage({
      stageName: "CsrService_Update",
      actions: [
        new CloudFormationCreateUpdateStackAction({
          actionName: "CsrService_Update",
          stackName: "CsrServiceStack",
          templatePath: codeBuildOutput.atPath("CsrServiceStack.template.json"),
          adminPermissions: true,
        }),
      ],
    });
  }
}

The Authorization_Update stage fails with the error:

Resource handler returned message: "Error occurred while GetObject. S3 Error Code: NoSuchKey. S3 Error Message: The specified key does not exist. (Service: Lambda, Status Code: 400)"

I did check the S3 bucket and the asset.zip file found in the template was there. I don't know if there is any other steps I need to do on my part.

I checked the documentation and couldn't find anywhere that suggested whether I should enabled any pipeline service principles access to the lambdas or if there were other parameters (selfMutating doesn't seem to be an option in this v2 version of code pipelines). I may be lost a little as to what this entails.

I've looked through codepipeline module and the CloudFormationCreateUpdateStackAction which seemed extra lean. Any guidance is appreciated.

Links

• https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_codepipeline_actions.CloudFormationCreateUpdateStackAction.html
• https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_codepipeline_actions-readme.html
• https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_codepipeline-readme.html

[pahud]

I was not able to deploy with the provided code snippets. Are you able to simplify it and provide all necessary info including the buildspec of codebuild and a sample source repo so we can simply run in our local environment and see what's happening?

[traysonkelii]

Here is the buildspec, I will need to work on the sample source repo:

version: 0.2

phases:
  install:
    commands:
      - npm install -g npm
      - npm install
  build:
    commands:
      - npm run clean
      - npm run build
      - npm run cdk -- synth

artifacts:
  base-directory: cdk.out
  files:
    - "**/*"

Here is the actual github repo (it should be public: https://github.com/traysonkelii/combat-sports-ranking-cdk) I'll work on making it smaller.