How to use aws role arn in cdk deploy command
Question
I am trying to deploy my cloud formation stack using aws cdk. I want to use different IAM role to deploy my stack as that role has more permissions in aws account. here is what I am trying
cdk deploy -r arn:aws:iam::1234567890:role/AWSCloudFormationStackSetExecutionRole
but I am getting below error
No stack found matching '–r'. Use "list" to print manifest
Can someone help me what am I doing wrong here?
3 answers
solution1
1 2021-04-20 15:41:28
The error shows that your cdk cli version thought -r as a stack so I think it depends on your cdk version
My cdk version:
cdk --version
1.94.1 (build 60d8f91)
and it works well with option -r
cdk deploy -r arn:aws:iam::123456789012:role/gitlab-runner
test-sqs: deploying...
test-sqs: creating CloudFormation changeset...
solution2
0 2021-04-19 18:51:45
Here you need to apply the -r (or --role-name ) option on to cdk itself (and not to the deploy option):
cdk --role-arn arn:aws:iam::1234567890:role/MY_ROLE_NAME deploy
cdk will generate a Cloud Formation template and deploy it using the role you specified.
solution3
-2 2020-07-07 09:21:35
As in cdk deploy , there is no such option -r. CDK thinks it is a CDK stack name.
I believe you need to use a different IAM role with different IAM permissions. Which has nothing to do with CDK itself. You need to assume role first and get an STS token. Please research assume role AWS CLI of STS.
cdk deploy [STACKS..]
Deploys the stack(s) named STACKS into your AWS account
Options:
--build-exclude, -E Do not rebuild asset with the given ID. Can be
specified multiple times. [array] [default: []]
--exclusively, -e Only deploy requested stacks, don't include
dependencies [boolean]
--require-approval What security-sensitive changes need manual approval
[string] [choices: "never", "any-change", "broadening"]
--ci Force CI detection (deprecated)
[boolean] [default: false]
--notification-arns ARNs of SNS topics that CloudFormation will notify with
stack related events [array]
--tags, -t Tags to add to the stack (KEY=VALUE) [array]
--execute Whether to execute ChangeSet (--no-execute will NOT
execute the ChangeSet) [boolean] [default: true]
--force, -f Always deploy stack even if templates are identical
[boolean] [default: false]
--parameters Additional parameters passed to CloudFormation at
deploy time (STACK:KEY=VALUE) [array] [default: {}]
--outputs-file, -O Path to file where stack outputs will be written as
JSON [string]
--previous-parameters Use previous values for existing parameters (you must
specify all parameters on every deployment if this is
disabled) [boolean] [default: true]
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.