AWS CDK Lookup one peered VPC in another account

Question

I have two VPCs(VPC_A, VPC_B) in two different accounts (AccountA, AccountB) and both VPCs are peered successfully. I have CDK code that has a pipeline stage to deploy to AccountA. I have a need to lookup VPC_B from AccountA's context and lookup & modify security group which is in VPC_B. I have below code written, but it's not working. When I do cdk synth, it gives me an error saying it cannot find VPC_B in AccountA's context.

const vpcB: IVpc = ec2.Vpc.fromLookup(this, 'VPC_B', {
        vpcId: 'VPC_B_ID'
    });

    const SG_B: ISecurityGroup = ec2.SecurityGroup.fromLookupByName(
        this,
        'SG-B',
        'SG-B_ID,
        vpcB
    );

Here is the synth step in CodePipeline

            synthCodeBuildDefaults: {
            rolePolicy: [
                new PolicyStatement({
                    actions: ["sts:AssumeRole"],
                    effect: Effect.ALLOW,
                    resources: [
                        'lookup_role_arn_for_account_a
                    ],
                }),
            ]
        }

Any help is appreciated

jhonis.souza · Accepted Answer · 2022-03-16T18:40:54.703

0

I don't think you can do this. My suggestion for you is to create another stack on the AccountB and do whatever you want there, separate from AccountA stack.

There was even an issue on their repo about this:

https://github.com/aws/aws-cdk/issues/12754#issuecomment-769786855

edited Mar 16 '22 at 18:40

answered Mar 16 '22 at 12:32

jhonis.souza

144
7

AWS CDK Lookup one peered VPC in another account

1 Answers1