我们正在开发一个多帐户CDK应用程序,并在CodeBuild上进行连续部署。我们知道CDK authentication issues,因此我们使用$ aws sts assume-role并设置环境变量来在$ cdk deploy期间切换AWS账户。这种方式对$ cdk deploy可以正常工作,而$ cdk bootstrap则不能。 $ cdk bootstrap尝试引导每个帐户,并且需要多个帐户凭据。有没有简单的方法可以为$ cdk bootstrap提供多个帐户凭据? (实现自定义插件不是“简单” ...)否则,是否有任何方法可以引导单个帐户?
# with 111111111111 account credential
$ cdk bootstrap --execute=false
⏳ Bootstrapping environment aws://111111111111/us-east-1...
⏳ Bootstrapping environment aws://222222222222/us-east-1...
❌ Environment aws://222222222222/us-east-1 failed bootstrapping: Error: Need to perform AWS calls for account 222222222222, but no credentials found. Tried: default credentials.
import "source-map-support/register";
import * as cdk from "@aws-cdk/core";
import * as sns from "@aws-cdk/aws-sns";
class MyStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
new sns.Topic(this, sns.Topic.name);
}
}
const app = new cdk.App();
new MyStack(app, "MyStack1", {
env: { account: "111111111111", region: "us-east-1" }
});
new MyStack(app, "MyStack2", {
env: { account: "222222222222", region: "us-east-1" }
});
答案 0 :(得分:1)
您可以将环境作为参数传递给cdk bootstrap命令。
cdk引导程序[环境..]
cdk bootstrap aws://111111111111/us-east-1
因此,在您的情况下,必须完全像在部署中那样在运行每个引导程序命令之前切换帐户。
aws sts assume-role ...
ACCOUNT=$(aws sts get-caller-identity --query Account --output text)
REGION=$(aws configure get region)
cdk bootstrap aws://$ACCOUNT/$REGION