使用 Azure Pipelines 部署 AWS CDK 堆栈时出错（在 CDK 中使用 python）

Question

app.py example of how my stacks are defined (with some information changed as you can imagine)

Stack1(app, "Stack1",env=cdk.Environment(account='123456789', region='eu-west-1'))

In my azure pipeline I'm trying to do a cdk deploy

- task: AWSShellScript@1
  inputs:
    awsCredentials: 'Service_connection_name'
    regionName: 'eu-west-1'
    scriptType: 'inline'
    inlineScript: |
    sudo bash -c "cdk deploy '*' -v --ci --require-approval-never"
  displayName: "Deploying CDK stacks"

but getting errors. I have the service connection to AWS configured, but the first error was

[Stack_Name] failed: Error: Need to perform AWS calls for account [Account_number], but no credentials have been configured

Stack_Name and Account_Number have been redacted

After this error, I decided to add a step to my pipeline and manually create the files .aws/config and .aws/credentials

- script: |
    echo "Preparing for CDK"
    echo "Creating directory"
    sudo bash -c "mkdir -p ~/.aws"
    echo "Writing to files"
    sudo bash -c "echo -e '[default]\nregion = $AWS_REGION\noutput = json' > ~/.aws/config"
    sudo bash -c "echo -e '[default]\naws_access_key_id = $AWS_ACCESS_KEY_ID\naws_secret_access_key = $AWS_SECRET_ACCESS_KEY' > ~/.aws/credentials"
  displayName: "Setting up files for CDK"

After this I believed the credentials would be fixed but it still failed. The verbose option revealed the following error amongst the output:

Setting "CDK_DEFAULT_REGION" environment variable to

So instead of setting the region to "eu-west-1" it is being set to nothing

I imagine I'm missing something, so please, educate me and help me get this working

Answer 1

This happens because you're launching separate instances of a shell with sudo bash , and they don't share the credential environment variables that the AWSShellScript task is populating.

To fix the credentials issue, replace the inline script with just cdk deploy '*' -v --ci --require-approval never