aws-cdk: cli: unable to resolve AWS account to use with CLI with SSO

Describe the bug

Approximately in 25% of npx cdk deploy --all --require-approval never runs, I’m getting this error:

~/rep/myproject/cdk> npx cdk deploy --all --require-approval never
Bundling asset MyData/keyGenerator/Code/Stage...
Bundling asset MyApi/statusFunction/Code/Stage...
Bundling asset MyApi/importFunction/Code/Stage...
Bundling asset MyApi/getReportFunction/Code/Stage...
Bundling asset MyApi/getMetricsFunction/Code/Stage...
[WARNING] aws-cdk-lib.aws_apigateway.RestApiProps#minimumCompressionSize is deprecated.
  - superseded by `minCompressionSize`
  This API will be removed in the next major release.

✨  Synthesis time: 7.83s

MyData: building assets...

MyApi: building assets...


 ❌ Building assets failed: Error: Building Assets Failed: Error: Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment, Error: Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment
    at buildAllStackAssets (/Users/me/rep/myproject/cdk/node_modules/.pnpm/aws-cdk@2.69.0/node_modules/aws-cdk/lib/index.js:374:115279)
    at async CdkToolkit.deploy (/Users/me/rep/myproject/cdk/node_modules/.pnpm/aws-cdk@2.69.0/node_modules/aws-cdk/lib/index.js:374:143496)
    at async exec4 (/Users/me/rep/myproject/cdk/node_modules/.pnpm/aws-cdk@2.69.0/node_modules/aws-cdk/lib/index.js:429:51795)

Building Assets Failed: Error: Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment, Error: Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment

I’ve started to experience this after changing my env to the following:

~/.aws/config

[profile sandbox]
sso_session = sandbox
sso_account_id = 111111111111111
sso_role_name = AdministratorAccess
region = us-east-1
[sso-session sandbox]
sso_start_url = https://example.com/start
sso_region = eu-central-1
sso_registration_scopes = sso:account:access
[profile staging]
sso_session = staging
sso_account_id = 222222222222
sso_role_name = AdministratorAccess
region = us-east-1
[sso-session staging]
sso_start_url = https://example.com/start
sso_region = eu-central-1
sso_registration_scopes = sso:account:access

~/.aws/credentials - empty file

~/.zshrc

export AWS_DEFAULT_PROFILE=sandbox

This setup works perfectly for me, because I can switch profiles with only AWS_DEFAULT_PROFILE env variable. AWS SDK understands it and works perfectly.

For whatever reason, CDK tool sometimes fails in the middle of the deployment. After repeating the same command immediately, it succeeds.

Expected Behavior

Not to fail.

Current Behavior

Failure (sometimes)

Reproduction Steps

Didn’t do, but I’m seeing this in different totally independent projects on same machine.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.69.0 (build 60a5b2a)

Framework Version

No response

Node.js Version

v16.19.1

OS

macOS Ventura 13.2.1

Language

Typescript

Language Version

TypeScript (4.9.5)

Other information

No response

About this issue

  • Original URL
  • State: open
  • Created a year ago
  • Reactions: 13
  • Comments: 21 (4 by maintainers)

Most upvoted comments

I just wanted to add that in my case, it looks like it has something to do with the browser: When it happens (that my SSO session expired, but randomly seem not to be able to re-login), copy-pasting the URL in another browser and completing the login cycle there seems to solve the problem.

+4
m6a-UdS on Oct 3, 2023

I have been trying to resolve this for a few hours now and almost tried everything said/suggested in different Github issues and Tickets.

  1. Combined the .aws/config and .aws/credentials file
  2. Matched the profile name between both files
  3. Removed the default profile entirely from both files
  4. added profile keyword into the cdk.json
  5. Reinstalled aws-cdk
  6. tried directly running cdk bootstrap ACCOUNTNO/REGION
  7. Tried setting NODE_TLS_REJECT_UNAUTHORIZED=0.

I don’t remember spending this much time just for authentication so far in any of the tools.

awscli version - aws-cli/2.13.3 Python/3.11.4 Darwin/22.1.0 exe/x86_64 prompt/off cdk npm version - 2.96.2 (build 3edd240)

CDK was supposed to help me automate things and reduce my load but now am spending lot of time in setting up the CDK itself 👎 😒

+3
SaravEasy on Sep 16, 2023

I just wanted to add that in my case, it looks like it has something to do with the browser: When it happens (that my SSO session expired, but randomly seem not to be able to re-login), copy-pasting the URL in another browser and completing the login cycle there seems to solve the problem.

I have the same results. My SSO session has expired, so I login via the browser again, restart vs code, and everything seems to work.

+1
jwholme2 on Oct 9, 2023
Read more comments on GitHub
← aws-cdk: (cli): Unable to recover from UPDATE_ROLLBACK_COMPLETE
aws-cdk: CloudFormation Error using Certificate in some regions: "ValidationDomain cannot be used with DNS validation" →