我想在CDK中导入一个角色,以使用它来配置新的CodeBuild项目。
const role1 = Role.import(this, "service-role", {
roleArn: "arn:aws:iam::1234567890:role/service-role/codebuild-manualproject-service-role" ,
});
注意:为了安全起见,我更改了Arn中的Account Ref。
这是用于创建代码构建项目的代码。
// Create build
// note: now that there is one bucket per build project it is not necessary to have a prefix/subdirectory in the bucket for storing cache items
const project = new codebuild.Project(this, CODEBUILD_PROJECT_NAME, {
// render url for build badge
badge: true,
cacheBucket: cacheBucket,
cacheDir: "Cache",
description: "An AWS codebuild project for repo: " + REPO + ", created: " + Date(),
// note will use standard buildspec.yml
// set the environment
environment: {
buildImage: CODEBUILD_IMAGE,
computeType: CODEBUILD_COMPUTETYPE,
},
projectName: CODEBUILD_PROJECT_NAME,
role: role1,
// add in source control
source: source,
// set timeout - mins
timeout: 30,
vpc: vpc,
securityGroups: [securityGroup]
});
我跑..
npm run build
没有错误
然后我运行
cdk synth
得到了错误..
Error: Validation failed with the following errors:
[Quicktest2Stack/frontend-v3-codebuild/PolicyDocument] Policy must be attached to at least one principal: user, group or role
at Synthesizer.synthesize (C:\scratch\CDKTest\quicktest2\node_modules\@aws-cdk\cdk\lib\synthesis.js:22:23)
at App.run (C:\scratch\CDKTest\quicktest2\node_modules\@aws-cdk\cdk\lib\app.js:44:31)
at process.<anonymous> (C:\scratch\CDKTest\quicktest2\node_modules\@aws-cdk\cdk\lib\app.js:24:51)
at Object.onceWrapper (events.js:284:20)
at process.emit (events.js:196:13)
Subprocess exited with error 1
因此,如果我“导入” CDK中的角色并尝试将其绑定到新的CodeBuild项目,那么它将失败(cdk合成器)
但是我允许CDK在构建新的CodeBuild项目时创建它自己的角色,然后cdk synth起作用,并且可以部署堆栈,但是codebuild项目失败。
如果我接受CodeBuild项目,然后手动将角色更改为我尝试导入的初始字符-那么所有工作都很好并且可以进行构建。
我需要能够创建CodeBuild项目并通过CDK绑定到该角色。
CDK版本:0.28.0
非常感谢您的帮助。
答案 0 :(得分:0)
将CDK升级到0.31.0后,我发现此问题消失了。