Incompatibility with aws-cdk v2.175.1 #102
Description
Hello,
I just recently upgraded my cdk libs from v2.171.1 to v2.175.1 and suddenly my deployments to localstack have started failing. This is the only change that I made.
It appears that some changes were made to how cdk makes API calls. I first noticed this when my CDK_DEFAULT_ACCOUNT environment variable suddenly started resolving to undefined. I dug in a little deeper and see the following in the debug logs:
infra | [19:47:18] [trace] SdkProvider#withAwsCliCompatibleDefaults()
infra | [19:47:18] Looking up AWS region in the EC2 Instance Metadata Service (IMDS).
infra | [19:47:19] Unable to retrieve AWS region from IMDS: Error: Error fetching metadata token: TimeoutError: Socket timed out without establishing a connection within 1000 ms
infra | [19:47:19] Unable to determine AWS region from environment or AWS configuration (profile: "default"), defaulting to 'us-east-1'
infra | [19:47:19] Looking up AWS region in the EC2 Instance Metadata Service (IMDS).
infra | [19:47:20] Unable to retrieve AWS region from IMDS: Error: Error fetching metadata token: TimeoutError: Socket timed out without establishing a connection within 1000 ms
infra | [19:47:20] Unable to determine AWS region from environment or AWS configuration (profile: "default"), defaulting to 'us-east-1'
infra | [19:47:20] Toolkit stack: CDKToolkit
infra | [19:47:20] Setting "CDK_DEFAULT_REGION" environment variable to us-east-1
infra | [19:47:20] [trace] SdkProvider#defaultAccount()
infra | [19:47:20] [trace] SDK#currentAccount()
infra | [19:47:22] Unable to determine the default AWS account (CredentialsProviderError): Could not load credentials from any providers
This explains why CDK_DEFAULT_ACCOUNT is undefined. So I figured, okay, let's hardcode the default account number of 000000000000 in my own code as a fallback.
When I did this, my cdklocal bootstrap call fails with:
infra | ⏳ Bootstrapping environment aws://000000000000/us-east-1...
infra | [19:47:26] [trace] SdkProvider#resolveEnvironment()
infra | [19:47:26] [trace] SdkProvider#forEnvironment()
infra | [19:47:26] [trace] SdkProvider#resolveEnvironment()
infra | [19:47:26] [trace] SdkProvider#obtainBaseCredentials()
infra | [19:47:26] [trace] SdkProvider#defaultAccount()
infra | ❌ Environment aws://000000000000/us-east-1 failed bootstrapping: _AuthenticationError: Need to perform AWS calls for account 000000000000, but no credentials have been configured
infra | at SdkProvider.forEnvironment (/usr/src/app/node_modules/aws-cdk/lib/index.js:794:624500)
infra | at async SdkProvider.methFunc (/usr/src/app/node_modules/aws-cdk-local/bin/cdklocal:414:16)
infra | at async _BootstrapStack.lookup (/usr/src/app/node_modules/aws-cdk/lib/index.js:666:8739)
infra | at async Bootstrapper.modernBootstrap (/usr/src/app/node_modules/aws-cdk/lib/index.js:667:1112)
infra | at async /usr/src/app/node_modules/aws-cdk/lib/index.js:851:1550 {
infra | type: 'authentication'
infra | }
infra | [19:47:27] Notices refreshed
infra | [19:47:27] Failed to store notices in the cache: Error: ENOENT: no such file or directory, open '/root/.cdk/cache/notices.json'
infra | Need to perform AWS calls for account 000000000000, but no credentials have been configured
I've never had to configure credentials before, so this is sort of weird.
If I set AWS_ACCESS_KEY_ID=000000000000 and AWS_SECRET_ACCESS_KEY=test in my container, then everything works fine. Is this expected behaviour? Or should cdklocal be setting these credentials up?
Thanks in advance for taking the time to look at this, I really appreciate it!