search

data-dot-all / dataall

A modern data marketplace that makes collaboration among diverse users (like business, analysts and engineers) easier, increasing efficiency and agility in data projects on AWS.
https://data-dot-all.github.io/dataall/
Apache License 2.0
232 stars 82 forks source link

cdk synth fails on tooling account - expecting deployment account credentials #135

Closed gavclark closed 2 years ago

gavclark commented 2 years ago

Hi team,

I'm trying to install and follow the steps provided. Everything seems OK until I get to step 5 - cdk synth. The steps I'm following say to run cdk synth with the tooling account credentials first and the deployment account credentials second.

image

tooling account : 000000007632 deployment account : 089637417632

when I run cdk synth with the tooling account credentials, I get the following error message:

[Error at /dall-main-cicd-stack/dall-depl7481-backend-stage/backend-stack/Vpc] Need to perform AWS calls for account 000000007481, but the current credentials are for 000000007632

I opted for a "minimal" cdk.json which is below: { "app": "python ./deploy/app.py", "context": { "@aws-cdk/aws-apigateway:usagePlanKeyOrderInsensitiveId": false, "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": false, "@aws-cdk/aws-rds:lowercaseDbIdentifier": false, "@aws-cdk/core:stackRelativeExports": false, "tooling_region": "eu-west-1", "resource_prefix": "dall", "DeploymentEnvironments": [ { "envname": "depl7481", "account": "000000007481", "region": "eu-west-1", "internet_facing": true, "prod_sizing": false } ] } }

it may well be something I'm doing wrong - but thought I'd ask the question anyway

dlpzx commented 2 years ago

Hi @gavclark, good that you ask because it is a very common question, and don't worry it is an expected error that you can ignore.

In general we run cdk synth to synthesize our stacks and make sure that our CDK stacks are correctly defined and can be deployed. In addition, it fills the context of the deployment, the cdk.context.json file with details about the AWS accounts, AWS regions, VPCs where stacks will be deployed. Since we have stacks in both the tooling account and the deployment account we need to run cdk synth with credentials for both accounts. But when running it with one account, it will also try to get the details for stacks in the other account, which will trigger the error that you are seeing. However, it is an expected CDK error and it does not affect the deployment.

We could avoid this error by specifying all stacks that we need to synthesize in each account, but it adds unnecessary complexity to the deployment commands.