(aws-cdk-lib): Deploy/Bootstrap Failed Due to Existing Roles #25121
Replies: 2 comments
-
|
Since it's just deploying a template, it will try to create roles with the names that already exist in your account + region because they haven't been deleted. You have a few options here if you still need to bootstrap your account + region: modify the template such that you change the names of the roles that are created, remove the roles from the template that have already been created, or find a way to get permission to delete the roles
When you bootstrap you are explicitly saying that you want the resources in the template to be created within your account. This is unrelated to your CDK app, so there is no role assumption or linking happening here, just resource creation. I'm converting this to a discussion as that is the best place to continue this if you have any followup questions |
Beta Was this translation helpful? Give feedback.
-
|
Can you please tell the steps to solve this problem? |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Describe the bug
After reverting CDK v2 implementation to address environment issues, when redeploying I receive an error stating that the roles created during the initial deployment already exists. I am unable to delete these policies due to our company's IAM restrictions.
Expected Behavior
If a role or another resource exists and creation fails, CDKToolkit should assume the role or link the other resource rather than failing the bootstrap and deployment.
Current Behavior
Bootstrapping environment aws://{{accountID}}/us-east-1...
Trusted accounts for deployment: (none)
Trusted accounts for lookup: (none)
Using default execution policy of 'arn:aws:iam::aws:policy/AdministratorAccess'. Pass '--cloudformation-execution-policies' to customize.
CDKToolkit: creating CloudFormation changeset...
CDKToolkit | 0/12 | 10:07:11 PM | REVIEW_IN_PROGRESS | AWS::CloudFormation::Stack | CDKToolkit User Initiated
CDKToolkit | 0/12 | 10:07:16 PM | CREATE_IN_PROGRESS | AWS::CloudFormation::Stack | CDKToolkit User Initiated
CDKToolkit | 0/12 | 10:07:21 PM | CREATE_IN_PROGRESS | AWS::IAM::Role | CloudFormationExecutionRole
CDKToolkit | 0/12 | 10:07:21 PM | CREATE_IN_PROGRESS | AWS::IAM::Role | FilePublishingRole
CDKToolkit | 0/12 | 10:07:21 PM | CREATE_IN_PROGRESS | AWS::IAM::Role | LookupRole
CDKToolkit | 0/12 | 10:07:21 PM | CREATE_IN_PROGRESS | AWS::SSM::Parameter | CdkBootstrapVersion
CDKToolkit | 0/12 | 10:07:21 PM | CREATE_IN_PROGRESS | AWS::ECR::Repository | ContainerAssetsRepository
CDKToolkit | 0/12 | 10:07:21 PM | CREATE_IN_PROGRESS | AWS::S3::Bucket | StagingBucket
CDKToolkit | 0/12 | 10:07:21 PM | CREATE_IN_PROGRESS | AWS::IAM::Role | ImagePublishingRole
CDKToolkit | 0/12 | 10:07:22 PM | CREATE_FAILED | AWS::IAM::Role | LookupRole cdk-hnb659fds-lookup-role-{{accountID}}-us-east-1 already exists
CDKToolkit | 0/12 | 10:07:22 PM | CREATE_FAILED | AWS::IAM::Role | CloudFormationExecutionRole cdk-hnb659fds-cfn-exec-role-{{accountID}}-us-east-1 already exists
CDKToolkit | 0/12 | 10:07:22 PM | CREATE_FAILED | AWS::IAM::Role | FilePublishingRole cdk-hnb659fds-file-publishing-role-{{accountID}}-us-east-1 already exists
CDKToolkit | 0/12 | 10:07:22 PM | CREATE_FAILED | AWS::IAM::Role | ImagePublishingRole cdk-hnb659fds-image-publishing-role-{{accountID}}-us-east-1 already exists
CDKToolkit | 0/12 | 10:07:22 PM | CREATE_FAILED | AWS::ECR::Repository | ContainerAssetsRepository Resource creation cancelled
CDKToolkit | 0/12 | 10:07:22 PM | CREATE_FAILED | AWS::S3::Bucket | StagingBucket Resource creation cancelled
CDKToolkit | 0/12 | 10:07:22 PM | CREATE_FAILED | AWS::SSM::Parameter | CdkBootstrapVersion Resource creation cancelled
CDKToolkit | 0/12 | 10:07:23 PM | ROLLBACK_IN_PROGRESS | AWS::CloudFormation::Stack | CDKToolkit The following resource(s) failed to create: [ImagePublishingRole, FilePublishingRole, CdkBootstrapVersion, LookupRole, StagingBucket, CloudFormationExecutionRole, ContainerAssetsRepository]. Rollback requested by user.
CDKToolkit | 1/12 | 10:07:28 PM | DELETE_COMPLETE | AWS::IAM::Role | ImagePublishingRole
CDKToolkit | 2/12 | 10:07:28 PM | DELETE_COMPLETE | AWS::IAM::Role | LookupRole
CDKToolkit | 3/12 | 10:07:28 PM | DELETE_COMPLETE | AWS::IAM::Role | CloudFormationExecutionRole
CDKToolkit | 4/12 | 10:07:28 PM | DELETE_COMPLETE | AWS::IAM::Role | FilePublishingRole
CDKToolkit | 5/12 | 10:07:28 PM | DELETE_COMPLETE | AWS::ECR::Repository | ContainerAssetsRepository
CDKToolkit | 5/12 | 10:07:28 PM | DELETE_SKIPPED | AWS::S3::Bucket | StagingBucket
CDKToolkit | 6/12 | 10:07:28 PM | DELETE_COMPLETE | AWS::SSM::Parameter | CdkBootstrapVersion
CDKToolkit | 7/12 | 10:07:29 PM | ROLLBACK_COMPLETE | AWS::CloudFormation::Stack | CDKToolkit
Failed resources:
CDKToolkit | 10:07:22 PM | CREATE_FAILED | AWS::IAM::Role | LookupRole cdk-hnb659fds-lookup-role-{{accountID}}-us-east-1 already exists
CDKToolkit | 10:07:22 PM | CREATE_FAILED | AWS::IAM::Role | CloudFormationExecutionRole cdk-hnb659fds-cfn-exec-role-{{accountID}}-us-east-1 already exists
CDKToolkit | 10:07:22 PM | CREATE_FAILED | AWS::IAM::Role | FilePublishingRole cdk-hnb659fds-file-publishing-role-{{accountID}}-us-east-1 already exists
CDKToolkit | 10:07:22 PM | CREATE_FAILED | AWS::IAM::Role | ImagePublishingRole cdk-hnb659fds-image-publishing-role-{{accountID}}-us-east-1 already exists
❌ Environment aws://{{accountID}}/us-east-1 failed bootstrapping: Error: The stack named CDKToolkit failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: cdk-hnb659fds-lookup-role-{{accountID}}-us-east-1 already exists, cdk-hnb659fds-cfn-exec-role-{{accountID}}-us-east-1 already exists, cdk-hnb659fds-file-publishing-role-{{accountID}}-us-east-1 already exists, cdk-hnb659fds-image-publishing-role-{{accountID}}-us-east-1 already exists
at FullCloudFormationDeployment.monitorDeployment (/builds/{{projectPath}}/infra/node_modules/aws-cdk/lib/index.js:371:10236)
at processTicksAndRejections (internal/process/task_queues.js:95:5)
at async /builds/{{projectPath}}/infra/node_modules/aws-cdk/lib/index.js:376:2104
at async Promise.all (index 0)
at async CdkToolkit.bootstrap (/builds/{{projectPath}}/infra/node_modules/aws-cdk/lib/index.js:376:1949)
at async exec4 (/builds/{{projectPath}}/infra/node_modules/aws-cdk/lib/index.js:429:51795)
The stack named CDKToolkit failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: cdk-hnb659fds-lookup-role-{{accountID}}-us-east-1 already exists, cdk-hnb659fds-cfn-exec-role-{{accountID}}-us-east-1 already exists, cdk-hnb659fds-file-publishing-role-{{accountID}}-us-east-1 already exists, cdk-hnb659fds-image-publishing-role-{{accountID}}-us-east-1 already exists
npm ERR! code ELIFECYCLE
Reproduction Steps
Deploy and bootstrap using CDK v2, revert changes, and redeploy.
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.70.0
Framework Version
No response
Node.js Version
16.20.0
OS
Amazon Linux
Language
Typescript
Language Version
TypeScript (4.9.5)
Other information
No response
Beta Was this translation helpful? Give feedback.
All reactions