9

We are developing a multi-account CDK app, and performing continuous deployment on CodeBuild. We are aware of CDK authentication issues so we use $ aws sts assume-role and set environment variables to switch AWS accounts during $ cdk deploy. This way works fine with $ cdk deploy, but $ cdk bootstrap is not. $ cdk bootstrap tries to bootstrap every account and requires multiple account credentials. Is there any simple way to provide multiple account credentials for $ cdk bootstrap? (implementing custom plugin is not "simple"...) Otherwise, is there any way to bootstrap a single account?

# with 111111111111 account credential
$ cdk bootstrap --execute=false
 ⏳  Bootstrapping environment aws://111111111111/us-east-1...
 ⏳  Bootstrapping environment aws://222222222222/us-east-1...
 ❌  Environment aws://222222222222/us-east-1 failed bootstrapping: Error: Need to perform AWS calls for account 222222222222, but no credentials found. Tried: default credentials.

import "source-map-support/register";
import * as cdk from "@aws-cdk/core";
import * as sns from "@aws-cdk/aws-sns";

class MyStack extends cdk.Stack {
  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);
    new sns.Topic(this, sns.Topic.name);
  }
}

const app = new cdk.App();
new MyStack(app, "MyStack1", {
  env: { account: "111111111111", region: "us-east-1" }
});
new MyStack(app, "MyStack2", {
  env: { account: "222222222222", region: "us-east-1" }
});
rinfield
  • 164
  • 2
  • 10

1 Answers1

10

You can pass environment as an argument to cdk bootstrap command.

cdk bootstrap [ENVIRONMENTS..]

cdk bootstrap aws://111111111111/us-east-1

So in your case, you have to switch accounts before running each bootstrap command, exactly as you do for deployments.

aws sts assume-role ...

ACCOUNT=$(aws sts get-caller-identity --query Account --output text)
REGION=$(aws configure get region)

cdk bootstrap aws://$ACCOUNT/$REGION
Vikyol
  • 5,051
  • 23
  • 24