Docs incorrectly lead to belive, that cdk-hnb659fds-deploy-role is usable with newstyle synthesis #35
Comments
|
This might be fixed by this: aws/aws-cdk#14874 |
|
Indeed. |
|
My search for answers is leading me here....but it still doesnt seem to be fixed for what I'm experiencing. I have everything set up as per the docs reccomended and can deploy to accounts just fine using the deploy role, but if I have a lookup in my stack I get hit with this |
|
What do you use plugin for? I think with most recent CDK it can handle cross account deployments and lookups by itself. |
|
@redbaron I use it for cross account deployments. Most recent as in v2? |
|
Cross account should work out of the box with recent enough v1 too |
|
@redbaron So essentially there's no reason to even use this plugin anymore then? |
|
If I remove the plugin and destroy/redeploy my stack its the same error, just stumped. Only way I can get it to work is by commiting cdk.context which I'm not crazy about, but if it works it works I guess |
Recent CDK versions with new style synthesis are capable of assuming role in the destination account by itself, no plugin needed. Where plugin comes handy is with lookups, which still don't work cross account.
Documentation here points that
readOnlyRolecan be a role from bootstrap stack:But this role is not very usable, all it can do is to call cloudformation, it can't do lookups:
https://github.com/aws/aws-cdk/blob/282d242c513a9bc853e9b96ff782a7823abd5a5a/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml#L294-L365
Hence there is no much point in using it with newstyle synthesis.
The text was updated successfully, but these errors were encountered: