Open dxunix opened 4 years ago
this problem seems to be triggered when i try to import existing resource of the account into to the stack. Such as when I make ec2.Vpc.from_lookup(...)
call
Any updates @SomayaB and @shivlaks ? Thanks!
@dxunix have you taken a look at #1656
@shivlaks Yes I did. My case is ok to deploy with profile. So that works. But the problem is I am using methods such as ec2.Vpc.from_lookup(), so cdk will need to login to aws to get the existing resource info. That's where the problem came up.
I didnt try the plug-in.. Thought the CDK should work natively with the profile....
@dxunix I see what you mean. I'll have to give that a repro, but please let me know if the plugin works for you.
@shivlaks: Ok. i have a feeling this something to do with vpc only
without specify the account id works in other from*** methods for other resources. vpc needs account id. thus i got the error.
jsii.errors.JSIIError: Cannot retrieve value from context provider vpc-provider since account/region are not specified at the stack level. Either configure "env" with explicit account and region when you define your stack, or use the environment variables "CDK_DEFAULT_ACCOUNT" and "CDK_DEFAULT_REGION" to inherit environment information from the CLI (not recommended for production stacks)
Subprocess exited with error 1
add account to env
$ cdk synth --profile sbx
vpc is vpc-12345
vpc is vpc-12345
[Error at /ecs-test-stack] Need to perform AWS calls for account ************, but no credentials found. Tried: default credentials.
also worth noting is: we are using saml to get the keys. therefore, there is a token as well. I dont know if this is the reason it is off.
@dxunix does running the command with --verbose
provide any additional information.
Thanks for mentioning SAML, it might be a detail of significance but I'm not sure at this point.
@shivlaks , see the verbose output. The credential is fed in from the env variables including TOKEN.
cdk synth --verboseCDK toolkit version: 1.17.1 (build fa4cb1f)Command line arguments: {
_: [ 'synth' ],
verbose: true,
v: true,
'ignore-errors': false,
ignoreErrors: false,
json: false,
j: false,
ec2creds: undefined,
i: undefined,
'version-reporting': undefined,
versionReporting: undefined,
'path-metadata': true,
pathMetadata: true,
'asset-metadata': true,
assetMetadata: true,
'role-arn': undefined,
r: undefined,
roleArn: undefined,
staging: true,
'no-color': false,
noColor: false,
'$0': '/usr/local/bin/cdk'
}
Determining whether we're on an EC2 instance.
Does not look like EC2 instance.
cdk.json: {
"app": "python3 app.py"
}
cdk.context.json: {
"@aws-cdk/core:enableStackNameDuplicates": "true"
}
merged settings: {
versionReporting: true,
pathMetadata: true,
output: 'cdk.out',
app: 'python3 app.py',
context: {},
tags: [],
assetMetadata: true,
toolkitBucket: {},
staging: true
}
Setting "CDK_DEFAULT_REGION" environment variable to us-east-1
Resolving default credentials
Looking up default account ID from STS
Default account ID: ------------6
Setting "CDK_DEFAULT_ACCOUNT" environment variable to ------------6
context: {
'@aws-cdk/core:enableStackNameDuplicates': 'true',
'aws:cdk:enable-path-metadata': true,
'aws:cdk:enable-asset-metadata': true
}
outdir: cdk.out
env: {
CDK_DEFAULT_REGION: 'us-east-1',
CDK_DEFAULT_ACCOUNT: '------------6',
CDK_CONTEXT_JSON: '{"@aws-cdk/core:enableStackNameDuplicates":"true","aws:cdk:enable-path-metadata":true,"aws:cdk:enable-asset-metadata":true}',
CDK_OUTDIR: 'cdk.out',
CDK_CLI_ASM_VERSION: '1.16.0',
CDK_CLI_VERSION: '1.17.1'
}
vpc is vpc-12345
Some context information is missing. Fetching...
Setting "vpc-provider:account=------------:filter.vpc-id=vpc-0000000000000000:region=us-east-1:returnAsymmetricSubnets=true" context to {"$providerError":"Need to perform AWS calls for account ------------, but no credentials found. Tried: default credentials.","$dontSaveContext":true}
Setting "CDK_DEFAULT_REGION" environment variable to us-east-1
Setting "CDK_DEFAULT_ACCOUNT" environment variable to ------------6
context: {
'@aws-cdk/core:enableStackNameDuplicates': 'true',
'vpc-provider:account=------------:filter.vpc-id=vpc-0000000000000000:region=us-east-1:returnAsymmetricSubnets=true': {
'$providerError': 'Need to perform AWS calls for account ------------, but no credentials found. Tried: default credentials.',
'$dontSaveContext': true
},
'aws:cdk:enable-path-metadata': true,
'aws:cdk:enable-asset-metadata': true
}
outdir: cdk.out
env: {
CDK_DEFAULT_REGION: 'us-east-1',
CDK_DEFAULT_ACCOUNT: '------------6',
CDK_CONTEXT_JSON: '{"@aws-cdk/core:enableStackNameDuplicates":"true","vpc-provider:account=------------:filter.vpc-id=vpc-0000000000000000:region=us-east-1:returnAsymmetricSubnets=true":{"$providerError":"Need to perform AWS calls for account ------------, but no credentials found. Tried: default credentials.","$dontSaveContext":true},"aws:cdk:enable-path-metadata":true,"aws:cdk:enable-asset-metadata":true}',
CDK_OUTDIR: 'cdk.out',
CDK_CLI_ASM_VERSION: '1.16.0',
CDK_CLI_VERSION: '1.17.1'
}
vpc is vpc-12345
Not making progress trying to resolve environmental context. Giving up.
[Error at /ecs-test-stack] Need to perform AWS calls for account ------------, but no credentials found. Tried: default credentials.
ConstructNode.addError (/private/var/folders/zc/h552c9kn7_jg_2k6xz15r_v40000gp/T/jsii-kernel-UcjXI5/node_modules/@aws-cdk/core/lib/construct.js:285:14)
Function.getValue (/private/var/folders/zc/h552c9kn7_jg_2k6xz15r_v40000gp/T/jsii-kernel-UcjXI5/node_modules/@aws-cdk/core/lib/context-provider.js:50:28)
Function.fromLookup (/private/var/folders/zc/h552c9kn7_jg_2k6xz15r_v40000gp/T/jsii-kernel-UcjXI5/node_modules/@aws-cdk/aws-ec2/lib/vpc.js:375:51)
/Users/user/dev/cdk/service-chk/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7603:51
Kernel._wrapSandboxCode (/Users/user/dev/cdk/service-chk/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:8202:20)
/Users/user/dev/cdk/service-chk/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7603:25
Kernel._ensureSync (/Users/user/dev/cdk/service-chk/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:8178:20)
Kernel.sinvoke (/Users/user/dev/cdk/service-chk/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7602:26)
KernelHost.processRequest (/Users/user/dev/cdk/service-chk/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7293:28)
KernelHost.run (/Users/user/dev/cdk/service-chk/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7233:14)
Immediate._onImmediate (/Users/user/dev/cdk/service-chk/.env/lib/python3.7/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7236:37)
processImmediate (internal/timers.js:439:21)
Found errors
Error: Found errors
at AppStacks.processMetadata (/usr/local/lib/node_modules/aws-cdk/lib/api/cxapp/stacks.ts:316:13)
at cliSynthesize (/usr/local/lib/node_modules/aws-cdk/bin/cdk.ts:309:15)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at main (/usr/local/lib/node_modules/aws-cdk/bin/cdk.ts:232:16)
at initCommandLine (/usr/local/lib/node_modules/aws-cdk/bin/cdk.ts:160:9)
@shivlaks Is there a plan to fix bugs like these?
This solution is works for me:
~/.aws/config
[profile testProfile]
region = us-east-1
~/.aws/credentials
[testProfile]
role_arn = arn:aws:iam::...
aws_access_key_id = *****
aws_secret_access_key = *********
source_profile=testProfile
command to deploy:
cdk deploy --profile=testProfile
Environment
@dxunix yes, but i'm still a little unclear on the repro steps... what does your stack code look like (particularly environment setup and where you're attempting to use the fromLookup). I'm also curious what your cdk.context.json
looks like. please redact information as needed.
@shivlaks I have the same issue. It seems that the source_profile in ~/.aws/config does not use the corresponding credentials in ~/.aws/credentials.
@shivlaks I am also seeing this error. It is coming from the context. However, I've destroyed context continuously; i.e. used cdk context --clear
, manually deleted cdk.context.json
. I have followed the workaround suggested by @vzakharchenko above but to no avail. I see similar behavior pasted above by @dxunix. The CDK gets the proper credentials for my profile's account, but it fetches context for stuff in the default profile account and therefore finds VPC info that I'm not looking for. Where's it getting this if there's no local context?
ACCOUNT_A == default profile ACCOUNT_B == new target profile
<snip/>
Does not look like EC2 instance.
Toolkit stack: CDKToolkit
Setting "CDK_DEFAULT_REGION" environment variable to us-west-2
Resolving default credentials
Retrieved account ID ACCOUNT_B from disk cache
Setting "CDK_DEFAULT_ACCOUNT" environment variable to ACCOUNT_B
context: {
'aws:cdk:enable-path-metadata': true,
'aws:cdk:enable-asset-metadata': true
}
outdir: cdk.out
env: {
CDK_DEFAULT_REGION: 'us-west-2',
CDK_DEFAULT_ACCOUNT: 'ACCOUNT_B',
CDK_CONTEXT_JSON: '{"aws:cdk:enable-path-metadata":true,"aws:cdk:enable-asset-metadata":true}',
CDK_OUTDIR: 'cdk.out',
CDK_CLI_ASM_VERSION: '5.0.0',
CDK_CLI_VERSION: '1.51.0'
}
I expect the above.
I don't expect the below.
<snip/>
Some context information is missing. Fetching...
Reading AZs for ACCOUNT A:us-west-2
Setting "availability-zones:account=ACCOUNT_A:region=us-west-2" context to {"$providerError":"Need to perform AWS calls for account ACCOUNT_A, but the current credentials are for ACCOUNT_B.","$dontSaveContext":true}
Setting "vpc-provider:account=ACCOUNT_A:filter.tag:Name=infraStack/CodeBuild VPC:region=us-west-2:returnAsymmetricSubnets=true" context to {"$providerError":"Need to perform AWS calls for account ACCOUNT_A, but the current credentials are for ACCOUNT_B.","$dontSaveContext":true}
Setting "CDK_DEFAULT_REGION" environment variable to us-west-2
Setting "CDK_DEFAULT_ACCOUNT" environment variable to ACCOUNT_B
Environment:
CDK_CLI_VERSION: '1.51.0' Mac OS 10.14.6 Language: Java
Same or similar issue here with cdk 1.57.0. Running cdk synth --profile <profile name>
.
Error: Cannot retrieve value from context provider vpc-provider since account/region are not specified at the stack level. Either configure "env" with explicit account and region when you define your stack, or use the environment variables "CDK_DEFAULT_ACCOUNT" and "CDK_DEFAULT_REGION" to inherit environment information from the CLI (not recommended for production stacks)
at Function.getValue (/private/var/folders/vk/ztyb56817vx3n12hzcjpfv1r0000gp/T/jsii-kernel-jLl9SS/node_modules/@aws-cdk/core/lib/context-provider.js:42:19)
at Function.fromLookup (/private/var/folders/vk/ztyb56817vx3n12hzcjpfv1r0000gp/T/jsii-kernel-jLl9SS/node_modules/@aws-cdk/aws-ec2/lib/vpc.js:460:51)
at /Users/anw306/MyEcsConstruct/.env/lib/python3.8/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7768:51
at Kernel._wrapSandboxCode (/Users/anw306/MyEcsConstruct/.env/lib/python3.8/site-packages/jsii/_embedded/jsii/jsii-runtime.js:8398:19)
at /Users/anw306/MyEcsConstruct/.env/lib/python3.8/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7768:25
at Kernel._ensureSync (/Users/anw306/MyEcsConstruct/.env/lib/python3.8/site-packages/jsii/_embedded/jsii/jsii-runtime.js:8371:20)
at Kernel.sinvoke (/Users/anw306/MyEcsConstruct/.env/lib/python3.8/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7767:26)
at KernelHost.processRequest (/Users/anw306/MyEcsConstruct/.env/lib/python3.8/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7446:28)
at KernelHost.run (/Users/anw306/MyEcsConstruct/.env/lib/python3.8/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7384:14)
at Immediate._onImmediate (/Users/anw306/MyEcsConstruct/.env/lib/python3.8/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7387:37)
at processImmediate (internal/timers.js:458:21)
What I did was follow the example provided by AWS: https://docs.aws.amazon.com/cdk/latest/guide/ecs_example.html. But since I want to use an existing VPC, I added this in my_ecs_construct_stack.py:
vpc = ec2.Vpc.from_lookup(self, "VPC",
vpc_id='vpc-xxxxxxxxx', is_default=False)
Maybe there is something else I need to do first?
Hard code the account number in the code, or set environment variables is not an acceptable solution for us since we have over 40 accounts to manage.
@foscraig @aw-huit have you tried using the cdk credential plugin ? It might be useful in simplifying your cross-account usage.
can you give that a try and let me know how it goes?
Is the plugin what is officially supported to manage multiple accounts? What does --profile
actually do then?
This solution is works for me:
~/.aws/config
[profile testProfile]
region = us-east-1
~/.aws/credentials
[testProfile]
role_arn = arn:aws:iam::...
aws_access_key_id = *****
aws_secret_access_key = *********
source_profile=testProfile
command to deploy:
cdk deploy --profile=testProfile
Environment
- CDK_CLI_ASM_VERSION: '1.16.0',
- CDK_CLI_VERSION: '1.18.0'
- OS : mac os
- Language : java
Didn't when I tried it a couple of ways - Windows 10/ Python CDK Version: 1.86.0 (build a10cfcf)
Similar problem for cdk deploy --profile named-profile
. Perhaps related, perhaps red herring:
Fails with ~/.aws/config
[profile named-profile]
sso_start_url = https://example.awsapps.com/start
sso_region = us-east-2
sso_account_id = 123412341234
sso_role_name = AWSAdministratorAccess
Works with ~/.aws/config
[profile named-profile]
role_arn = arn:aws:iam::123412341234:role/role-assumable-by-named-profile-with-user
source_profile = profile-with-user
and ~/.aws/credentials
[profile-with-user]
aws_access_key_id = ADEADBEEFDEADBEEFABC
aws_secret_access_key = SuperSecretKeyThatIsNotRealAbcEfg
Not sure why it would succeed with one assumed role from user w/keys vs SSO assumed role.
We just switched to AWS SSO and ran into this same problem. Our profiles looked similar to what @seekayel posted (but no access keys). Then switched to AWS SSO and getting this same error everyone is reporting, EG:
Need to perform AWS calls for account 11111111, but no credentials have been configured
Maybe this is helpful (from cdk diff --verbose
):
Setting "CDK_DEFAULT_REGION" environment variable to us-east-1
Resolving default credentials
Unable to determine the default AWS account: ProcessCredentialsProviderFailure: Profile MY_PROFILE did not include credential process
at ProcessCredentials.load (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials/process_credentials.js:102:11)
at ProcessCredentials.coalesceRefresh (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials.js:205:12)
at ProcessCredentials.refresh (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials/process_credentials.js:163:10)
at ProcessCredentials.get (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials.js:122:12)
at resolveNext (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials/credential_provider_chain.js:125:17)
at /usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials/credential_provider_chain.js:126:13
at /usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials.js:124:23
at /usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/credentials.js:212:15
at processTicksAndRejections (node:internal/process/task_queues:76:11) {
code: 'ProcessCredentialsProviderFailure',
Sorry for the noise, looks like there is another issue tracking AWS SSO: https://github.com/aws/aws-cdk/issues/5455
What @tomassommar said is the correct cause of this issue: "It seems that the source_profile in ~/.aws/config does not use the corresponding credentials in ~/.aws/credentials."
The CDK CLI seems to search for both the config and credentials with the same name as the profile provided. When the credentials are under a different name than the config, but referenced with "source_profile", it does not work.
cdk bootstrap aws://ACCOUNT/REGION --profile PROFILENAME
seems pretty straightforward that this should just work but it doesnt
failed bootstrapping: Error: Need to perform AWS calls for account 475466387505, but no credentials have been configured
i have three profiles configured in ~/.aws/config but no default (removed per debug steps) I deleted and then recreated empty ~/.aws/credential
my credential is an AWS SSO type I am sso logged in and aws commands work with --profile
cdk --version 2.11.0 (build f7148c5)
Try with the --verbose flag to get the error. In my case, it was Unable to determine the default AWS account: InvalidClientTokenId: The security token included in the request is invalid.
And it turned out that aws_secret_access_key
contains the plus (+) sign that causes the issue.
I am facing exactly the same issue. When passing --profile with cdk bootstrap
node --version
v16.15.0
npm --version
8.10.0
cdk --version
2.28.1 (build d035432)
My command looks something like this
cdk bootstrap --termination-protection --profile=$AWS_PROFILE aws://<AWS_ACCOUNT>/<AWS_REGION>
Another case when the credential lookup fails. If you used upper-case for the access key id and secret key in your credentials file, CDK seems to fail. For example,
This doesn't work:
[some_profile]
AWS_ACCESS_KEY_ID=xxxxxxx
AWS_SECRET_ACCESS_KEY=xxxxxx
but this does:
[some_profile]
aws_access_key_id=xxxxxxx
aws_secret_access_key=xxxxxx
Note that the AWS CLI itself seems to be case-insensitive but CDK doesn't seem to be. That is, I am able to run aws sts get-caller-identity --profile some_profile
without any issues regardless of which case the ceredentials file uses for the property names. I don't know if this is an issue with CDK or perhaps some other underlying lib that it depends on for credentials lookup.
Another case when the credential lookup fails. If you used upper-case for the access key id and secret key in your credentials file, CDK seems to fail. For example,
This doesn't work:
[some_profile] AWS_ACCESS_KEY_ID=xxxxxxx AWS_SECRET_ACCESS_KEY=xxxxxx
but this does:
[some_profile] aws_access_key_id=xxxxxxx aws_secret_access_key=xxxxxx
Note that the AWS CLI itself seems to be case-insensitive but CDK doesn't seem to be. That is, I am able to run
aws sts get-caller-identity --profile some_profile
without any issues regardless of which case the ceredentials file uses for the property names. I don't know if this is an issue with CDK or perhaps some other underlying lib that it depends on for credentials lookup.
Exactly, case sensitive problem. My code works after changing to lower case: "aws_access_key_id", etc... Thank @praneetloke We just use lower case, then cdk --profile works fine!!! Still alive!!!
Hi - I got this to work
~/.aws/credentials
[default]
aws_access_key_id = aaaaaaaaaaaaaaaaaaaa
aws_secret_access_key = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[london]
aws_access_key_id = bbbbbbbbbbbbbbbbbbbb
aws_secret_access_key = bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
[paris]
aws_access_key_id = cccccccccccccccccccc
aws_secret_access_key = cccccccccccccccccccccccccccccccccccccccc
~/.aws/config
[default]
output = json
region = eu-west-3
[profile london]
region = eu-west-2
[profile paris]
region = eu-west-3
then
cdk bootstrap -- profile london
etc work as youd hope
I have the same problem. I have configured my named profile but when I try to cdk deploy
I get an error saying Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment
~/.aws/credentials
[jedrek]
AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxx
AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxx
~/.aws/config
[profile jedrek]
region = eu-central-1
output = json
cli_pager =
My app is configured to look for CDK_DEFAULT_ACCOUNT
and CDK_DEFAULT_REGION
.
new AiCaptionCraftStack(app, 'AiCaptionCraftStack', {
env: {
account: process.env.CDK_DEFAULT_ACCOUNT,
region: process.env.CDK_DEFAULT_REGION
}
});
I can list files in my S3 bucket using my named profile
aws s3 ls --profile jedrek
2022-10-31 12:47:28 cdk-hnb659fds-assets-317905390022-eu-central-1
2022-10-31 13:03:11 cdk-hnb659fds-assets-317905390022-us-east-1
2023-01-22 15:36:33 elasticbeanstalk-eu-central-1-317905390022
Even without the flag --profile
by export AWS_PROFILE=jedrek
I can list my files in S3 bucket
aws s3 ls
2022-10-31 12:47:28 cdk-hnb659fds-assets-317905390022-eu-central-1
2022-10-31 13:03:11 cdk-hnb659fds-assets-317905390022-us-east-1
2023-01-22 15:36:33 elasticbeanstalk-eu-central-1-317905390022
I console log
ed environment available for the process when I run cdk deploy
and I don't see CDK_DEFAULT_ACCOUNT
nor CDK_DEFAULT_REGION
console.log("environment variables " + JSON.stringify(process.env));
I have two other AWS accounts configured with SSO
~/.aws/credentials
[xxxxx_NonProdDeveloperAccess]
aws_access_key_id=xxxxxxxxx
aws_secret_access_key=xxxxxxxxx
aws_session_token=xxxxxxx
~/.aws/config
[profile Prod-dev]
sso_start_url = https://xxxxxx
sso_region = us-west-2
sso_account_id = xxxxxx
sso_role_name = ProductionDeveloperAccess
region = us-west-2
output = json
cli_pager=
[profile OtherNonprod-dev]
sso_start_url = https://xxxxx
sso_region = us-west-2
sso_account_id = xxxxxxxxxx
sso_role_name = NonProdDeveloperAccess
region = us-west-2
output = json
cli_pager=
I even tried setting the environment variable explicitly in my shell but no luck.
What am I missing? Why does CDK not pick up the right profile? What am I doing wrong?
I am not sure if this will solve your problem. However, I had the same issue when I tried adding a ec2.Vpc() construct. Eventually, what worked for me is the following.
I suspect either I removed some "context" sections thinking they were not needed, or over a period of time new entries were added by CDK. Good luck.
Hi @dxunix is this bug still relevant?
This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.
Hello, I can confirm this issue still exists. I notice it just got closed but it is definitely still an issue
We should not be adding response-requested
labels to issues that have not had recent responses. It is somewhat unreasonable to expect a comment within a week to keep an issue open.
Looks like the big issue here is the casing of AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. This is an issue that appears to continue to be the case in the SDK v3 so our in-progress upgrade will not immediately alleviate it. We'll either need to add custom logic to our credential provider chain or make it explicit in the documentation that these files are case sensitive and must be in lowercase.
cdk commands does not pick up the named profile from
.aws/credential
and./aws/config
. the profile is configured thruaws configure
and in the format as specified in the aws doc. (two files,[<profile name>]
in credential file and[profile <profile name>]
in config file.Reproduction Steps
create the profile specify account number and region in the stack env. run cdk synth or cdk deploy with
--profile <profile name>
Error Log
Environment
Other
Also tried to remove the [default] blocks in the .aws/ files, still same error.
This is :bug: Bug Report