Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
Repo info
    Dzmitry Martavoi
    how to properly create a nested stack?
    in one of mine stacks I tried to create another stack but it seems generated output doesn't have an appropriate Stack resource to reference what I just created
    Ishan Jain
    I have a CDK stack that I can synthesize locally just fine

    but when I try to do the same thing in codebuild, I get errors like, Cannot find module '@aws-cdk/cloud-assembly-schema'

    so I added this particular module to npm dev dependencies

    now when I run it again, I get Cannot find module 'constructs'
    I have never seen these missing modules issues when I try to build the project locally?
    > mw-auth@0.9.6 cdk /codebuild/output/src982291460/src
    > cdk "synth" "-o" "dist"
    Cannot find module 'constructs'
    Require stack:
    - /codebuild/output/src982291460/src/node_modules/@aws-cdk/core/lib/annotations.js
    - /codebuild/output/src982291460/src/node_modules/@aws-cdk/core/lib/tag-aspect.js
    - /codebuild/output/src982291460/src/node_modules/@aws-cdk/core/lib/index.js
    - /codebuild/output/src982291460/src/bin/mw-auth-cdk.ts
    Ishan Jain
    It just keeps asking me to add more modules to the dependencies list.. even the modules that I am not using in my code.
    And none of this happens when I run cdk synth locally
    Shamail Saidi
    @ishanjain:matrix.org I'm having the same issue, a bug has been reported here: aws/aws-cdk#13541 if you don't mind, give that issue a bump so that this issue can get more attention.
    @ishanjain:matrix.org going back to aws-cdk@1.87.1, deleting my package-lock and node_modules and installing again resolved the issue.
    Ishan Jain
    @Shamail: For me, Updating npm version before running npm install fixed the issue. I am using 1.93.1 version in all aws-cdk related dependencies.
    And even though they say, codebuild supports npm 14, It clearly doesn't. Because If I set runtime-version to nodejs: 14, It says valid values are 10,12
    Roy Keene
    I had to go back to a lockfileVersion 1 style package-lock.json (generated from NPMv6) to resolve this
    Minh H. Nguyen

    question regarding cdk bootstrap with the modern bootstrap template

    if i bootstrap with --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess, are there any benefits to limiting the user that will be executing cdk deploy to only be able to assume the CDK roles? or does it not matter since the user can deploy anything via cloudformation?

    in other words, which is more secure

    • user with only assume role permission that can only assume CDK roles (which has administrator access)
    • or user with administrator access
    • or both are pretty much the same in term of security is concern

    npx cdk synth runs fine locally in my project and generates the cdk.out folder. in AWS CodePipeline i dont get much error details to go on. Just:

    [Container] 2021/03/20 15:35:27 Phase complete: POST_BUILD State: SUCCEEDED
    [Container] 2021/03/20 15:35:27 Phase context status code: Message:
    [Container] 2021/03/20 15:35:27 Expanding base directory path: cdk.out
    [Container] 2021/03/20 15:35:27 Assembling file list
    [Container] 2021/03/20 15:35:27 Expanding cdk.out
    [Container] 2021/03/20 15:35:27 Skipping invalid file path cdk.out
    [Container] 2021/03/20 15:35:27 Phase complete: UPLOAD_ARTIFACTS State: FAILED
    [Container] 2021/03/20 15:35:27 Phase context status code: CLIENT_ERROR Message: no matching base directory path found for cdk.out

    How do i troubleshoot this failure
    about to give up on this
    5 replies

    Hi, I'm having some trouble passing an output variable from a buildAction to pipeline.addApplicationStage as there's no way to define parameters set during deploy time.

        const imageTag = buildAction.variable('imageTag');
        const stage = pipeline.addApplicationStage(new ApiDeployStagingStage(this, 'Deploy', {
          env: { account: 'acc', region: 'region' },
          vars: {
            imageTag, // How do I pass this variable?

    How should I go about passing the imageTag from earlier action into addApplicationStage?

    Andrew Blakey

    I've got an EC2 instance whose security group allows all outbound. But it cannot connect to my RDS instance unless I set:

                instance, aws_ec2.Port.tcp(5432), description="Allow RDS to accept incoming connections from EC2."

    Because I need the database to allow incoming connections. But doing this gives me this warning:

    [Warning at /stack-devel/Ec2SecurityGroup] Ignoring Egress rule since 'allowAllOutbound' is set to true; To add customize rules, set allowAllOutbound=false on the SecurityGroup

    I'd rather the warning go away than ignore it. Is there some more proper way to tell RDS to allow incoming connections from the EC2 instance?

    anyone have experience with a centralized code CICD account, with the need to create amplify deployed environments in cross accounts ( dev/test/prod ) accounts, and builds kicked off and deployed from the central account? Thinking I need to create the amplify console in the CICD account, and figure out deploying to the dev/test/prod accounts
    1 reply
    using CDK
    Sourabh Cheedella
    what's a sensible way to layout a git repository for managing lambda functions with the CDK? Trying to use (python) virtual environments for both the cdk and function code and having that work nice with pyright
    hey can someone help me with a code build issue
    Error: Cannot find module '@aws-cdk/cloud-assembly-schema'
    I am getting this for no apparent reason I have a similar code build setup in another account with no issues
    I can do everything locally no issues
    and I can't find anything on why this would occur
    I can't even install cdk globally and just do a cdk list it fails with this.
    Ishan Jain
    @thekevshow: Lock your setup to use to 1.89.x version of aws-cdk
    1.95 has something weird going on
    Hello! Is there anyway I can execute cdk deploy without actually waiting for the progress to finish? I'm asking to save on build minutes when running in CI/CD mode. Thanks!
    Thank you ishan Jain. Your know won’t let me @ you but I had downgraded versions. Def things are broken. I was also looking at release notes. They are skipping tests with codebuild. For anyone else that comes across these issues.

    Hi - looking for some help breaking out of a paradox around information passing between stack and stages.

    Goal: A project where I use a mutating CDK pipeline to build a web architecture. Once the architecture is built I want to deploy the react code to the www bucket.

    1) have a standard CDK Pipeline (including a source artifact for the whole project)
    2) It creates some infrastructure including a bucket (as a stage)
    3) once the bucket is created I run a codebuild project to compile some source (react) and deploy it to the bucket

    Have tried 4-5 different methods but am having difficulties structuring this so I don't violate passing any information out of a stage.

    I am not allowed to pass the (source) Artifact from the Stack holding the CDKPipeline to the Stage which creates the bucket
    I am not allowed to pass the Bucket created by the Stage out of the stage for use with a Codebuild project
    Was thinking of duplicating the entire Codepipeline within the stage but dont think that is going to work either

    Any pointers much appreciated.

    1 reply
    Dmytro Plantus
    Hi all. What permissions needed for bootstrapping & deployment w/ AWS CDK? Thanks in advance!
    Josh Jay
    Hi - I have a question about - DockerImageAsset. I want to be able to pick an ECR repo to push to. I keep getting this message, but I'm not sure how to fix it. #[Warning at /cdke-2048-fargate-ecs/DockerImage] DockerImageAsset.repositoryName is deprecated. Override "core.Stack.addDockerImageAsset" to control asset locations
    Sourabh Cheedella

    Anyone else see these kind of type errors with python:

    Argument of type "ServicePrincipal" cannot be assigned to parameter "assumed_by" of type "IPrincipal" in function "__init__"
      "__jsii_proxy_class__" is an incompatible type
        Type "() -> Type[_PrincipalBaseProxy]" cannot be assigned to type "() -> Type[_IPrincipalProxy]"
          Function return type "Type[_PrincipalBaseProxy]" is incompatible with type "Type[_IPrincipalProxy]"
            Type "Type[_PrincipalBaseProxy]" cannot be assigned to type "Type[_IPrincipalProxy]"
              "Type[_PrincipalBaseProxy]" is incompatible with "Type[_IPrincipalProxy]"
              Type "Type[_PrincipalBaseProxy]" cannot be assigned to type "Type[_IPrincipalProxy]"
      "__jsii_proxy_class__" is an incompatible type
        Type "() -> Type[_PrincipalBaseProxy]" cannot be assigned to type "() -> Type[_IGrantableProxy]" error reportGeneralTypeIssues nil 46 72)

    The stack runs fine, but it's hard to tell real errors when I have these littered all over my stack class.

    Michael Fecher #BlackLivesMatter

    does anyone uses lambda aliases successfully? :D
    I'm facing huge issues with it, e.g.
    A version for this Lambda function exists. Modify the function to create a new version.

    I also added the description like mentioned here: aws/aws-cdk#5334 to make sure every time a new version is generated.
    That change caused probably another issue on my SQS:
    An event source mapping with SQS arn and function already exists.
    The mapping (SQS -> Lambda Alias Trigger) looks like this:

    Somanshu Singla
    Can someone help with this error
    $ yarn run build
    Debugger attached.
    yarn run v1.22.10
    $ cdk-build
    Debugger attached.
    Waiting for the debugger to disconnect...
      throw err;
    Error: Cannot find module './cdk-build.js'
    When using CDK to build components and recipes, do I have to update the "version" by hand every time I make a change to a component? seems a bit clunky as I am developing. CDK/CloudFormation does not seem to update the Component to the new one without a new version created.
    David Julia

    @austinbv_twitter Didn't know you were using CDK dude, me too! I'm gonna want to chat with you about how you're setting up your nested stacks.

    I think I've gone a bit stack-crazy and have run into very annoying cross-stack dependency issues. Eg when I added a security group to an LB in my AppPlatformStack (fargate cluster + rabbitmq) , I have an application stack that then adds itself as a listener rule to the ALB in the AppPlatformStack, and hell ensued when I tried to give the ALB an explicit security group.

    Mathieu Meylan
    Anyone else experiencing errors Lambda function failed to stabilize since it is in InProgress state failing their cdk deployments ? It happens to me for a lambda container function that we don't seem to have touched
    Durwasa Chakraborty

    I have a Cfn.Role in which the property name assumedRolePolicyDocument has a FederatedPrincipal that allows request to be made by only a specific static URL. This URL (oidc provided URL) is static and therefore this assumedRolePolicy will not change. But logical decision(s) aside is there a way I can directly inject a JSON object in a key value?

          "Version": "2012-10-17",
          "Statement": [
                  "Effect": "Allow",
                  "Principal": {
                    "Federated": "arn:aws:iam::${AWS::AccountId}:oidc-provider/${ClusterOIDCURL}"
                  "Action": "sts:AssumeRoleWithWebIdentity",
                  "Condition": {
                    "StringEquals": {
                      "${ClusterOIDCURL}:sub": "system:serviceaccount:test-namespace:test-service-account"
    const role = new iam.CfnRole(this, "some-role", {
          assumeRolePolicyDocument: "", // TODO: inject here
          managedPolicyArns: [policy.managedPolicyArn.toString()],

    CfnInclude is promising but wanted to know if there is a way to use the JSON object directly for just a property.

    Also is there a place where I can find some literature about how these props? and defined const are serialized and deserialized ?

    Secrets manager GitHub access token
    Chris Fife
    Hello CDK community!
    AWS is conducting a survey to get your feedback on the CDK. It will take about 10 minutes to answer just a few questions. We look forward to hearing from you! https://amazonmr.au1.qualtrics.com/jfe/form/SV_cHJeiokPMsScdV4
    1 reply
    Sree Vaddi
    Sree Vaddi
    any aws employees available now ?