aws-cdk: pipelines: UpdatePipeline stage fails on invalid S3 policy

Describe the bug

Upgraded from v2.100.0 to v2.101.0

Upon deployment received the following message (in CodeBuild) for the UpdatePipeline stage. Currently using pipelines to facilitate creation of CodePipeline.

Resource handler returned message: "Policy has invalid action (Service: S3, Status Code: 400, Request ID: XSE075TJK1K319VC, Extended Request ID: ORsos9yz7sdctnOg4AT8QiCjo9irN0v0nBFD/vW/ZxEMW1Y2PclX9Ve0o6lCstdGxQpaHdJjZi8=)" (RequestToken: 3d521b5c-2f09-4c59-09a6-cb30ccdf294e, HandlerErrorCode: GeneralServiceException)

Expected Behavior

No difference to our CodePipeline behavior after upgrading.

Current Behavior

Deploys all the way through without issue on v2.100.0. Fails with above error on v2.101.0.

Reproduction Steps

Implement CodePipelines using cdk pipelines cdk sub-module. Deploy using v2.100.0. Upgrade to v2.101.0. Probably need some lambda assets if this is related to staging S3 assets.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.101.0

Framework Version

No response

Node.js Version

v18.18.1

OS

LInux

Language

TypeScript

Language Version

5.2.2

Other information

No response

About this issue

  • Original URL
  • State: closed
  • Created 9 months ago
  • Reactions: 18
  • Comments: 15 (1 by maintainers)

Most upvoted comments

can confirm was facing same issue in SelfMutate step but latest aws-cdk 2.101.1 appears to have fixed the issue for me, now able to release successfully.

+2
avsteel on Oct 16, 2023

Agree with @avsteel, the latest 2.101.1 resolved the issue for me.

+1
manu-remsense on Oct 17, 2023
Read more comments on GitHub
← aws-cdk: [pipelines] Metadata errors should fail synthesis (on stacks deployed in the pipeline)
aws-cdk: [rds] Database Secret broken after upgrade to 1.67 →