如何解决AWS CDK 管道错误 - 找不到匹配“xxxxx”的堆栈
我在部署最后一个 CDK 管道时遇到了困难。
我已按照此处的步骤操作:https://docs.aws.amazon.com/cdk/latest/guide/cdk_pipeline.html 并且总体体验非常痛苦。
首先,我必须手动更新 S3 存储桶策略以让管道从存储桶读取/写入它,否则我会收到拒绝访问 403 错误。
这部分似乎已解决,但现在,在“UpdatePipeline”阶段,我收到错误消息失败:Error: No stack found matching 'PTPipelinestack'. Use "list" to print manifest
,显然,堆栈存在于 CloudFormation 中,如果我从CLI 我确实看到了 PTPipelinestack。我已经摧毁了管道并“以防万一”重新部署了几次,但并没有真正的帮助。
有什么建议可以帮助解决这个问题吗?
bin/file.ts:
cdk list
lib/build-pipeline.ts:
#!/usr/bin/env node
import * as cdk from '@aws-cdk/core'
import 'source-map-support/register'
import { MyPipelinestack } from '../lib/build-pipeline'
const app = new cdk.App()
const pipelinestack = new MyPipelinestack(app,'PTPipelinestack',{
env: {
account: 'xxxxxxxxxxxx',region: 'eu-west-1',},})
app.synth()
依赖于我的 package.json:
import * as codepipeline from '@aws-cdk/aws-codepipeline'
import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions'
import { Construct,Stack,StackProps,Stage,StageProps } from '@aws-cdk/core'
import { CdkPipeline,SimpleSynthAction } from '@aws-cdk/pipelines'
import { PasstimeStack } from './passtime-stack'
export class MyApplication extends Stage {
constructor(scope: Construct,id: string,props?: StageProps) {
super(scope,id,props)
new PasstimeStack(this,'Cognito')
}
}
export class MyPipelinestack extends Stack {
constructor(scope: Construct,props?: StackProps) {
super(scope,props)
const sourceArtifact = new codepipeline.Artifact()
const cloudAssemblyArtifact = new codepipeline.Artifact()
const pipeline = new CdkPipeline(this,'Pipeline',{
pipelineName: 'PasstimeAppPipeline',cloudAssemblyArtifact,sourceAction: new codepipeline_actions.BitBucketSourceAction({
actionName: 'Github',connectionArn:
'arn:aws:codestar-connections:eu-west-1:xxxxxxxxxxxxxxx',owner: 'owner',repo: 'repo',branch: 'dev',output: sourceArtifact,}),synthAction: SimpleSynthAction.standardNpmSynth({
sourceArtifact,installCommand: 'npm ci',environment: {
privileged: true,})
pipeline.addApplicationStage(
new MyApplication(this,'Dev',{
env: {
account: 'xxxxxxxx',})
)
}
}
代码构建日志:
"devDependencies": {
"@aws-cdk/assert": "^1.94.1","@types/jest": "^26.0.21","@types/node": "14.14.35","aws-cdk": "^1.94.1","jest": "^26.4.2","ts-jest": "^26.5.4","ts-node": "^9.0.0","typescript": "4.2.3"
},"dependencies": {
"@aws-cdk/aws-appsync": "^1.94.1","@aws-cdk/aws-cloudfront": "^1.94.1","@aws-cdk/aws-cloudfront-origins": "^1.94.1","@aws-cdk/aws-codebuild": "^1.94.1","@aws-cdk/aws-codepipeline": "^1.94.1","@aws-cdk/aws-codepipeline-actions": "^1.94.1","@aws-cdk/aws-cognito": "^1.94.1","@aws-cdk/aws-dynamodb": "^1.94.1","@aws-cdk/aws-iam": "^1.94.1","@aws-cdk/aws-kms": "^1.94.1","@aws-cdk/aws-lambda": "^1.94.1","@aws-cdk/aws-lambda-nodejs": "^1.94.1","@aws-cdk/aws-pinpoint": "^1.94.1","@aws-cdk/aws-s3": "^1.94.1","@aws-cdk/aws-s3-deployment": "^1.94.1","@aws-cdk/core": "^1.94.1","@aws-cdk/custom-resources": "^1.94.1","@aws-cdk/pipelines": "^1.94.1","@aws-sdk/s3-request-presigner": "^3.9.0","source-map-support": "^0.5.16"
}
解决方法
我遇到了同样的问题,我不确定我是如何修复它的,但可以尝试以下几点:
- 确保您将
dev
分支推送到 Github,而不仅仅是在本地正确推送,因为这就是您的管道指向的内容。 (这是我的问题) - 我使用的是 1.94.1,但换到了 1.94.0 - 不确定这是否有帮助
- 我修复了所有 CDK 版本,因此删除了
^
,因此它们在某些时候不会与不同版本发生冲突
昨天我终于取得了突破。
我上面概述的问题是早先在管道中出现的问题的结果,该问题实际上缺乏访问工件 s3 存储桶的权限。 Source阶段出现的原始错误信息:
Upload to S3 failed with the following error: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: xxxx; S3 Extended Request ID: xxxx; Proxy: null) (Service: null; Status Code: 0; Error Code: null; Request ID: null; S3 Extended Request ID: null; Proxy: null) (Service: null; Status Code: 0; Error Code: null; Request ID: null; S3 Extended Request ID: null; Proxy: null)
我通过在工件存储桶上创建存储桶策略来解除对管道的阻塞,但如前所述,这实际上只会将问题推向更远的地方。但在关注最初的问题时,我实际上意识到 CDK 没有为其创建的角色之一授予足够的权限。
截至今天,为了在组织中使用 Github 存储库,需要使用依赖于 CodeStar 的“Github v2”集成。 (v1 = 访问令牌 = 私有存储库)。
目前使用 CDK 进行设置的唯一方法是使用 BitBucketSourceAction
,如我上面的代码所示。
有趣的是,在部署新的管道堆栈时,CDK 会创建专用的 IAM 角色并授予以下权限:
{
"Version": "2012-10-17","Statement": [
{
"Action": "codestar-connections:UseConnection","Resource": "arn:aws:codestar-connections:eu-west-1:xxxxx:connection/xxxx",xx
"Effect": "Allow"
},{
"Action": [
"s3:GetObject*","s3:GetBucket*","s3:List*","s3:DeleteObject*","s3:PutObject","s3:Abort*"
],"Resource": [
"arn:aws:s3:::bucket","arn:aws:s3:::bucket/*"
],"Effect": "Allow"
},{
"Action": [
"kms:Decrypt","kms:DescribeKey","kms:Encrypt","kms:ReEncrypt*","kms:GenerateDataKey*"
],"Resource": "arn:aws:kms:eu-west-1:xxxxxxx:key/xxxxx","Effect": "Allow"
}
]
}
这起初看起来不错,但结果不足以让管道访问存储桶并通过各个阶段。我怀疑它缺少 PutBucketPolicy
权限。我目前已通过用 s3:*
替换特定操作来修复它,但这应该进行微调。
最后我使用的是最新最好的 1.94.1
,这不是 deps 问题,而是 CDK 问题。我将向 aws-cdk 团伙提出问题。 ?
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。