Closed KarthickEmis closed 4 years ago
Same error here...
Can you share your stack definition code?
got same error
Getting same error after upgrading from 1.1.0
to 1.2.0
, no other changes, actually cant get cdk deploy
to work at all, forcing a revert to 1.1.0
.
@eladb is there anything I can provide you with? I get this error even with the simplest of stacks:
import * as logs from "@aws-cdk/aws-logs"
import { RetentionDays } from "@aws-cdk/aws-logs"
import * as cdk from "@aws-cdk/core"
export const logGroupName = 'name'
export default class LogStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props: cdk.StackProps) {
super(scope, id, props)
new logs.LogGroup(this, 'logGroup', {
logGroupName,
retention: RetentionDays.THREE_MONTHS,
})
}
}
Funny thing is this seems to work with cmd.exe
in Win10, but not with bash through ConEmu or WSL.
edit again: So for me this is strictly an issue with any non-cmd.exe environment from 1.0.0
onwards. In the first paragraph I had mistakenly assumed this was due to the upgrade path, but there was also the switch from cmd to bash.
What do you mean when you say “the switch from cmd to bash“?
Executing the command in cmd
works, executing it in bash
does not work, switching was just for me personally in my Win10 dev environment.
I.E on my Win10 machine, this is not an issue and cdk deploy
works but only when using cmd
, on my macbook, it does not work at all with either bash or zsh
Having a similar issue. It seems like cdk is looking specifically for a credentials file that I don't use (we use a MFA implementation). Here's the verbose output of my cdk deploy --profile foo
command:
CDK toolkit version: 1.2.0 (build 6b763b7)
Command line arguments: {
_: [ 'deploy' ],
'ignore-errors': false,
ignoreErrors: false,
json: false,
j: false,
verbose: true,
v: true,
ec2creds: undefined,
i: undefined,
'version-reporting': undefined,
versionReporting: undefined,
'path-metadata': true,
pathMetadata: true,
'asset-metadata': true,
assetMetadata: true,
staging: true,
ci: false,
profile: 'foo',
'role-arn': undefined,
r: undefined,
roleArn: undefined,
'build-exclude': [],
E: [],
buildExclude: [],
'$0': '/usr/local/bin/cdk'
}
Determining whether we're on an EC2 instance.
Does not look like EC2 instance.
cdk.json: {
"app": "npx ts-node bin/hello-cdk.ts"
}
merged settings: {
versionReporting: true,
pathMetadata: true,
output: 'cdk.out',
app: 'npx ts-node bin/hello-cdk.ts',
context: {},
tags: [],
assetMetadata: true,
staging: true
}
Setting "CDK_DEFAULT_REGION" environment variable to us-west-2
Resolving default credentials
Unable to determine the default AWS account (did you configure "aws configure"?): Error: ENOENT: no such file or directory, open '/Users/micgo/.aws/credentials'
at Object.openSync (fs.js:447:3)
at Object.readFileSync (fs.js:349:35)
at Object.readFileSync (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/util.js:95:26)
at IniLoader.parseFile (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/shared-ini/ini-loader.js:6:47)
at IniLoader.loadFrom (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/shared-ini/ini-loader.js:56:30)
at SharedIniFileCredentials.load (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials/shared_ini_file_credentials.js:104:41)
at SharedIniFileCredentials.coalesceRefresh (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials.js:205:12)
at SharedIniFileCredentials.refresh (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials/shared_ini_file_credentials.js:185:10)
at SharedIniFileCredentials.get (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials.js:122:12)
at resolveNext (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials/credential_provider_chain.js:125:17) {
errno: -2,
syscall: 'open',
code: 'ENOENT',
path: '/Users/micgo/.aws/credentials'
}
Setting "CDK_DEFAULT_ACCOUNT" environment variable to undefined
context: {
'aws:cdk:enable-path-metadata': true,
'aws:cdk:enable-asset-metadata': true
}
outdir: cdk.out
env: {
CDK_DEFAULT_REGION: 'us-west-2',
CDK_DEFAULT_ACCOUNT: undefined,
CDK_CONTEXT_JSON: '{"aws:cdk:enable-path-metadata":true,"aws:cdk:enable-asset-metadata":true}',
CDK_OUTDIR: 'cdk.out'
}
Reading existing template for stack HelloCdkStack.
Unable to resolve AWS account to use. It must be either configured when you define your CDK or through the environment
Error: Unable to resolve AWS account to use. It must be either configured when you define your CDK or through the environment
at SDK.resolveEnvironment (/usr/local/lib/node_modules/aws-cdk/lib/api/util/sdk.ts:188:13)
at SDK.cloudFormation (/usr/local/lib/node_modules/aws-cdk/lib/api/util/sdk.ts:113:25)
at CloudFormationDeploymentTarget.readCurrentTemplate (/usr/local/lib/node_modules/aws-cdk/lib/api/deployment-target.ts:52:17)
at CdkToolkit.deploy (/usr/local/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:94:33)
at main (/usr/local/lib/node_modules/aws-cdk/bin/cdk.ts:192:16)
at initCommandLine (/usr/local/lib/node_modules/aws-cdk/bin/cdk.ts:150:9)
Hello there, after some retries I resolved the issue insert the AWS keys in the "config" file inside ~/.aws folder, and not inside "credentials" file like the other aws's cli works. It seems the cdk-cli taking info from different files. Copying the credentials inside that, resolved the issue.
I am having the same issue, I have tried:
.aws/config
[profile davros] # also for default
aws_default_region = eu-central-1
region = eu-central-1
aws_access_key_id = ...
aws_secret_access_key = ...
and
.aws/credentials
[davros] # also for default
aws_default_region = eu-central-1
region = eu-central-1
aws_access_key_id = ...
aws_secret_access_key = ...
and
AWS_DEFAULT_REGION=... AWS_SECRET_ACCESS_KEY=... AWS_ACCESS_KEY_ID=... cdk deploy
and
export AWS_DEFAULT_REGION=...
export AWS_SECRET_ACCESS_KEY=...
export AWS_ACCESS_KEY_ID=...
cdk deploy
and nothing works.
Always result:
CDK toolkit version: 1.3.0 (build bba9914)
Command line arguments: { _: [ 'deploy' ],
'ignore-errors': false,
ignoreErrors: false,
json: false,
j: false,
verbose: true,
v: true,
ec2creds: undefined,
i: undefined,
'version-reporting': undefined,
versionReporting: undefined,
'path-metadata': true,
pathMetadata: true,
'asset-metadata': true,
assetMetadata: true,
staging: true,
ci: false,
profile: 'davros',
'role-arn': undefined,
r: undefined,
roleArn: undefined,
'build-exclude': [],
E: [],
buildExclude: [],
'$0': 'cdk' }
Determining whether we're on an EC2 instance.
Does not look like EC2 instance.
cdk.json: {
"app": "npx ts-node bin/infrastructure.ts"
}
merged settings: { versionReporting: true,
pathMetadata: true,
output: 'cdk.out',
app: 'npx ts-node bin/infrastructure.ts',
context: {},
tags: [],
assetMetadata: true,
staging: true }
Setting "CDK_DEFAULT_REGION" environment variable to eu-central-1
Resolving default credentials
Retrieved account ID 272348052748 from disk cache
Setting "CDK_DEFAULT_ACCOUNT" environment variable to 272348052748
context: { 'aws:cdk:enable-path-metadata': true,
'aws:cdk:enable-asset-metadata': true }
outdir: cdk.out
env: { CDK_DEFAULT_REGION: 'eu-central-1',
CDK_DEFAULT_ACCOUNT: '272348052748',
CDK_CONTEXT_JSON:
'{"aws:cdk:enable-path-metadata":true,"aws:cdk:enable-asset-metadata":true}',
CDK_OUTDIR: 'cdk.out' }
Reading existing template for stack InfrastructureStack.
Need to perform AWS calls for account davros, but no credentials found. Tried: default credentials.
Error: Need to perform AWS calls for account davros, but no credentials found. Tried: default credentials.
at CredentialsCache.getCredentials (/Users/davros/.nvm/versions/node/v10.16.1/lib/node_modules/aws-cdk/lib/api/util/sdk.ts:261:11)
at process._tickCallback (internal/process/next_tick.js:68:7)
And normal aws
commands or even npx aws
work flawlessly.
Experienced this issue also as @fedeBollo mentioned, however if you have another method of providing the required variables aka (export AWS_DEFAULT_REGION, AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID) it seems that this ~/.aws/credentials
file needs to exist! Even as an empty file, the CDK CLI will not create it for you
I had same problem, but it solved by making empty ~/.aws/credentials
file as @daviddeejjames says.
Thanks @daviddeejjames!
I had similar issue, and removing [profile default] from ~/.aws/config solved the issue! I had both [default] and [profile default]. Please see https://github.com/aws/aws-cdk/issues/1656
I think this issue thread should be consolidated into #1656 provided that some of the workarounds and guidance is covered there.
Thoughts @NGL321 ?
resolving this issue in favour of #1656 - further details should be added to the master thread
in my case, cdk diff
gave me same error.
so I just followed this instructions from https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html
$ export AWS_ACCESS_KEY_ID=AKIAIOSFODTHISISNOTMYKEYID
$ export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/EXAMPLEACCESSKEY
$ export AWS_DEFAULT_REGION=us-west-2
In my case it had nothing to do with AWS configuration, I tried almost all that and nothing worked.
When I added the -v
(verbose) parameter to cdk command, I was able to get more details about the error:
Unable to determine the default AWS account: TypeError [ERR_INVALID_PROTOCOL]: Protocol "https:" not supported. Expected "http:"
I tried different versions of CDK and nothing, still the same error. After many tries I ended up with the root cause: node version. With v15.2.1 I got that error, but after downgrading to v14.15.1 the issue was solved.
If nothing helps try to sync your OS time. Helped me!
For me, I'd copied my AWS_SECRET_ACCESS_KEY incorrectly. The --verbose option helped my diagnose it.
Building assets failed: Error: Building Assets Failed: Error: Unable to resolve AWS account to use. It must be either configred when you define your CDK Stack, or through the environment, I spent 2 hours on it until I found out I have to login again.
aws sso login --profile xxxxxx Now it works.
For me, I'd copied my AWS_SECRET_ACCESS_KEY incorrectly. The --verbose option helped my diagnose it.
I used verbose also and I noticed there was something wrong with my clock: Chatgpt helped me with this: The error message SignatureDoesNotMatch: Signature expired typically indicates that the time on your machine is not synchronized with the current time12. This can happen if you’re in a virtual machine and the host’s OS time does not match the guest’s OS time3.
AWS signatures include a timestamp and are only valid for a short period of time after they are created1. If the time on your machine is incorrect, the AWS service might consider the signature to be expired1.
Here are a few potential solutions:
Check the time on your machine: Make sure the time on your machine is correct. If you’re using Linux or WSL, you can run sudo hwclock -s to synchronize the hardware clock with the current system time2.
Error: Unable to resolve AWS account to use. It must be either configured when you define your CDK or through the environment
cmd used : cdk deploy --profile