Open tranhl opened 1 week ago
Turns out the issue is that AWS::AccountId
and AWS::Region
won't have an actual value in the CDK assembly unless we explicitly pass a value to props.env
on all our stacks during synthesis. The action worked after env
was provided.
Having a bit of trouble getting this action to work. Using the following configuration:
I get the following error:
Seems like the issue is that
AWS::AccountId
andAWS::Region
isn't templating correctly when assuming the CDK lookup role? Not exactly sure why that would be the case. I've included the full error logs, happy to provide additional information needed.Full error log
Error performing stack diff: AccessDenied: User: arn:aws:sts::***:assumed-role/github-action/monorepoCISession is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region} at throwDefaultError (/home/runner/work/_actions/corymhall/cdk-diff-action/v1/node_modules/@smithy/smithy-client/dist-cjs/index.js:838:1) Error: User: arn:aws:sts::***:assumed-role/github-action/monorepoCISession is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region} at /home/runner/work/_actions/corymhall/cdk-diff-action/v1/node_modules/@smithy/smithy-client/dist-cjs/index.js:847:1 at de_CommandError (/home/runner/work/_actions/corymhall/cdk-diff-action/v1/node_modules/@aws-sdk/client-sts/dist-cjs/index.js:478:1) at processTicksAndRejections (node:internal/process/task_queues:95:5) at /home/runner/work/_actions/corymhall/cdk-diff-action/v1/node_modules/@smithy/middleware-serde/dist-cjs/index.js:35:1 at /home/runner/work/_actions/corymhall/cdk-diff-action/v1/node_modules/@smithy/core/dist-cjs/index.js:165:1 at /home/runner/work/_actions/corymhall/cdk-diff-action/v1/node_modules/@smithy/middleware-retry/dist-cjs/index.js:3[20](https://github.com/