[Fix] Added a step to bootstrap cdk template into AWS account

[pedropnaves]

I tried to follow the StackSpot deploy-aws documentation to deploy an example of React application but an error was generated.

Error stack (I replaced my AWS AccountId from logs to 000000000000):

stk deploy dev
> Verifying deploy requirements...
> Executing deploy...
npm WARN [email protected] No repository field.
npm WARN [email protected] No license field.

audited 526 packages in 1.802s

28 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities


✨  Synthesis time: 3.17s

current credentials could not be used to assume 'arn:aws:iam::000000000000:role/cdk-hnb659fds-lookup-role-000000000000-sa-east-1', but are for the right account. Proceeding anyway.
(To get rid of this warning, please upgrade to bootstrap version >= 8)
current credentials could not be used to assume 'arn:aws:iam::000000000000:role/cdk-hnb659fds-deploy-role-000000000000-sa-east-1', but are for the right account. Proceeding anyway.
This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:

IAM Statement Changes
┌───┬────────────────────────────┬────────┬──────────────┬───────────────────────────────────────────────────────────────────────────┬───────────┐
│   │ Resource                   │ Effect │ Action       │ Principal                                                                 │ Condition │
├───┼────────────────────────────┼────────┼──────────────┼───────────────────────────────────────────────────────────────────────────┼───────────┤
│ + │ ${MyApp-main-bucket.Arn}/* │ Allow  │ s3:GetObject │ CanonicalUser:${MyApp-cloudfront-dist/Origin1/S3Origin.S3CanonicalUserId} │           │
└───┴────────────────────────────┴────────┴──────────────┴───────────────────────────────────────────────────────────────────────────┴───────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

Do you wish to deploy these changes (y/n)?
Do you wish to deploy these changes (y/n)? y
MyAppStack: deploying...
current credentials could not be used to assume 'arn:aws:iam::000000000000:role/cdk-hnb659fds-deploy-role-000000000000-sa-east-1', but are for the right account. Proceeding anyway.

 ❌  MyAppStack failed: Error: MyAppStack: SSM parameter /cdk-bootstrap/hnb659fds/version not found. Has the environment been bootstrapped? Please run 'cdk bootstrap' (see https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html)
    at CloudFormationDeployments.validateBootstrapStackVersion (/Users/pedronaves/projects/stackspot/myApp/infra/node_modules/aws-cdk/lib/api/cloudformation-deployments.ts:436:13)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at CloudFormationDeployments.publishStackAssets (/Users/pedronaves/projects/stackspot/myApp/infra/node_modules/aws-cdk/lib/api/cloudformation-deployments.ts:411:7)
    at CloudFormationDeployments.deployStack (/Users/pedronaves/projects/stackspot/myApp/infra/node_modules/aws-cdk/lib/api/cloudformation-deployments.ts:299:5)
    at CdkToolkit.deploy (/Users/pedronaves/projects/stackspot/myApp/infra/node_modules/aws-cdk/lib/cdk-toolkit.ts:208:24)
    at initCommandLine (/Users/pedronaves/projects/stackspot/myApp/infra/node_modules/aws-cdk/lib/cli.ts:312:12)

MyAppStack: SSM parameter /cdk-bootstrap/hnb659fds/version not found. Has the environment been bootstrapped? Please run 'cdk bootstrap' (see https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html)
ERROR: Error executing deploy commands for plugin matter-web-react/web-react-deploy!

OS:

sw_vers
ProductName:	macOS
ProductVersion:	12.4
BuildVersion:	21F79

Following the aws cdk documentation, was necessary to run the CDK bootstrap command before CDK deploy command.

I did this and the deployment was successful

npx cdk bootstrap
$ cdk bootstrap
 ⏳  Bootstrapping environment aws://000000000000/sa-east-1...
Trusted accounts for deployment: (none)
Trusted accounts for lookup: (none)
Using default execution policy of 'arn:aws:iam::aws:policy/AdministratorAccess'. Pass '--cloudformation-execution-policies' to customize.
CDKToolkit: creating CloudFormation changeset...

 ✅  Environment aws://000000000000/sa-east-1 bootstrapped.

✨  Done in 93.38s.

and after that the stk deploy command runs smoothly

stk deploy dev
> Verifying deploy requirements...
> Executing deploy...
npm WARN rm not removing /Users/pedronaves/projects/stackspot/myApp/infra/node_modules/.bin/semver as it wasn't installed by /Users/pedronaves/projects/stackspot/myApp/infra/node_modules/semver
npm WARN [email protected] No repository field.
npm WARN [email protected] No license field.

added 41 packages from 16 contributors, removed 61 packages, updated 484 packages and audited 526 packages in 10.144s

28 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities


✨  Synthesis time: 2.83s

This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:

IAM Statement Changes
┌───┬────────────────────────────┬────────┬──────────────┬───────────────────────────────────────────────────────────────────────────┬───────────┐
│   │ Resource                   │ Effect │ Action       │ Principal                                                                 │ Condition │
├───┼────────────────────────────┼────────┼──────────────┼───────────────────────────────────────────────────────────────────────────┼───────────┤
│ + │ ${MyApp-main-bucket.Arn}/* │ Allow  │ s3:GetObject │ CanonicalUser:${MyApp-cloudfront-dist/Origin1/S3Origin.S3CanonicalUserId} │           │
└───┴────────────────────────────┴────────┴──────────────┴───────────────────────────────────────────────────────────────────────────┴───────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

Do you wish to deploy these changes (y/n)? y
MyAppStack: deploying...
[0%] start: Publishing 434a5c2d16d20e0c69fd50b3c71f53cd28b5fa230deac31490573bb01e305429:800361718504-sa-east-1
[100%] success: Published 434a5c2d16d20e0c69fd50b3c71f53cd28b5fa230deac31490573bb01e305429:800361718504-sa-east-1
MyAppStack: creating CloudFormation changeset...

 ✅  MyAppStack

✨  Deployment time: 207.55s

Stack ARN:
arn:aws:cloudformation:sa-east-1:000000000000:stack/MyAppStack/8059ac10-f71f-11ec-9d28-06b9ca4bf496

✨  Total time: 210.38s

So, I changed the infra template to run CDK bootstrap command before CDK deploy command.
PS: I think that is not a problem to run CDK bootstrap multiple times, CDK knows how to manage that and skip if doesn't have any changes.

stk deploy dev
> Verifying deploy requirements...
> Executing deploy...
npm WARN [email protected] No repository field.
npm WARN [email protected] No license field.

removed 2 packages and audited 526 packages in 1.444s

28 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

 ⏳  Bootstrapping environment aws://000000000000/sa-east-1...
Trusted accounts for deployment: (none)
Trusted accounts for lookup: (none)
Using default execution policy of 'arn:aws:iam::aws:policy/AdministratorAccess'. Pass '--cloudformation-execution-policies' to customize.
 ✅  Environment aws://000000000000/sa-east-1 bootstrapped (no changes).


✨  Synthesis time: 2.59s

MyAppStack: deploying...
[0%] start: Publishing 434a5c2d16d20e0c69fd50b3c71f53cd28b5fa230deac31490573bb01e305429:800361718504-sa-east-1
[100%] success: Published 434a5c2d16d20e0c69fd50b3c71f53cd28b5fa230deac31490573bb01e305429:800361718504-sa-east-1

 ✅  MyAppStack (no changes)

✨  Deployment time: 0.97s

Stack ARN:
arn:aws:cloudformation:sa-east-1:000000000000:stack/MyAppStack/8059ac10-f71f-11ec-9d28-06b9ca4bf496

✨  Total time: 3.56s

[arthurribeirozup]

The PR looks good. I have only one question.

[arthurribeirozup]

Looks good, I have one question. Which aws account/region will this bootstrap happen? I'm thinking it will happen on the default account on the user computer, but I'm not sure. I've taken a look at the docs and I think it will be necessary to use the stage info in this command.
cdk bootstrap aws://ACCOUNT-NUMBER-1/REGION-1

[pedropnaves]

You are correct.

When we run the bootstrap command, it uses these variables to deploy the CDK stack into the cloud formation in the region provided by the AWS_DEFAULT_REGION environment variable.

The problem is that the bootstrap command doesn't have a good way to override/extends the configurations as we do in /bin/infra.ts

I have only seen one way passing the --profile parameter, but it would take more configuration to create these profiles.

What do you think? Do you see any way to pass these variables dynamically to the bootstrap command?