You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to modify that solution as little as possible, while also minimizing the number of resources I create. I created a second CDK repository that builds a CodePipeline to run the npm run deploy:xxx commands. In the Buildspec that I added to the Innovation Sandbox repo I assume the CDK deploy role before each of the 4 deploy run statements.
The problem is when the deployment runs it get the following errors
current credentials could not be used to assume 'arn:aws:iam::96xxx57:role/cdk-hnb659fds-file-publishing-role-96xxx57-us-east-1', but are for the right account. Proceeding anyway.
InnovationSandbox-AccountPool: fail: User: arn:aws:sts::96xxx57:assumed-role/cdk-hnb659fds-deploy-role-96xxx57-us-east-1/CodeBuild-Deploy-AccountPool-1769178658 is not authorized to perform: s3:PutObject on resource: "arn:aws:s3:::cdk-hnb659fds-assets-96xxx57-us-east-1/35658981a4fc9561802559f1251f57680065e5f463cc1cd95d11ca6654216d59.json" because no identity-based policy allows the s3:PutObject action
It seems like I actually need to assume both the File Publishing and the Deployment roles, but you can only assume one role at a time.
Should I just create my own roles to assume? I was just also trying to not create more resources than I need and re-use what CDK bootstrap had already setup.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
I am attempting to create a CodePipeline for a fork of the AWS Solution Innovation Sandox on AWS app https://github.com/aws-solutions/innovation-sandbox-on-aws
I am trying to modify that solution as little as possible, while also minimizing the number of resources I create. I created a second CDK repository that builds a CodePipeline to run the
npm run deploy:xxxcommands. In the Buildspec that I added to the Innovation Sandbox repo I assume the CDK deploy role before each of the 4 deploy run statements.The problem is when the deployment runs it get the following errors
It seems like I actually need to assume both the File Publishing and the Deployment roles, but you can only assume one role at a time.
Should I just create my own roles to assume? I was just also trying to not create more resources than I need and re-use what CDK bootstrap had already setup.
Beta Was this translation helpful? Give feedback.
All reactions