Skip to content

(util): Cross account publishing disallowed for non-bootstraped accounts #31866

New issue
New issue
Closed
#31876
Closed
(util): Cross account publishing disallowed for non-bootstraped accounts#31866
#31876
Labels
@aws-cdk/aws-s3Related to Amazon S3bugThis issue is a bug.p1potential-regressionMarking this issue as a potential regression to be checked by team member
@mrkbabu

Description

@mrkbabu
mrkbabu
opened on Oct 23, 2024

Describe the bug

Release v2.163.0 has introduced a breaking change for customers who do not bootstrap their AWS CDK accounts and publish assets / artifacts to S3 buckets that lives a different AWS account.

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

v2.162.1

Expected Behavior

For accounts that are not bootstrapped, CDK should allow to publish assets / artifacts to S3 bucket in cross account.

Current Behavior

We do not bootstrap our target deployment accounts. We also package & publish the deploying assets / artifacts into a S3 bucket that is managed in a central account to be used during CDK deploy. The change introduced in determineAllowCrossAccountAssetPublishing as part of “disallow cross account asset publishing in some scenarios (#31623) (edd031d)” is breaking our pipelines from publishing assets cross account and eventually failing to deploy. 


Error observed

[2024-10-23T13:31:05.667Z] [09:31:05] [AWS cloudformation 400 0.371s 0 retries] describeStacks({ StackName: 'CDKToolkit' })
[2024-10-23T13:31:05.667Z] [09:31:05] [trace] SDK#makeDetailedException()
[2024-10-23T13:31:05.667Z] [09:31:05] Call failed: describeStacks({"StackName":"CDKToolkit"}) => Stack with id CDKToolkit does not exist (code=ValidationError)
[2024-10-23T13:31:05.667Z] [09:31:05] Error determining cross account asset publishing: Error: Error retrieving toolkit stack info: ValidationError: Stack with id CDKToolkit does not exist
[2024-10-23T13:31:05.667Z] [09:31:05] Defaulting to disallowing cross account asset publishing

Reproduction Steps

  • Do not bootstrap an account
  • As part of pipeline, try to publish an asset / artifact (to be eventually used during deploy) into a S3 bucket that lives in a different account

Possible Solution

This function determineAllowCrossAccountAssetPublishing should be enhanced to allow cross account publishing for customers who do not bootstrap their AWS CDK accounts.

Additional Information/Context

No response

CDK CLI Version

2.163.1

Framework Version

No response

Node.js Version

16

OS

linux

Language

TypeScript

Language Version

No response

Other information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-s3Related to Amazon S3bugThis issue is a bug.p1potential-regressionMarking this issue as a potential regression to be checked by team member

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions