Aws-cdk: Unable to create multiple CodeBuild stages in CodePipeline using CDK

Created on 20 Dec 2019  路  7Comments  路  Source: aws/aws-cdk

I am trying to create two codebuild.PipelineProject objects to add as stages to a codepipeline.Pipeline object. I am using the same service role for both CodeBuilds. When creating a new CodeBuild project, it tries to add VPC required permissions in the addVpcRequiredPermissions method in project.ts with the hardcoded name CodeBuildEC2Policy. The problem is that I am using the same role, so CDK tries to attach two policies to the same role (one for each CodeBuild) with the same hardcoded name and it fails with the error stating A policy named "CodeBuildEC2Policy" is already attached.

I know through AWS Console or CloudFormation templates I can use the same role for multiple CodeBuilds, so we shouldn't be forced to create multiple roles for CDK to work. I believe in the addVpcRequiredPermissions method the policy name should have a unique ID attached to it so clashing policy names shouldn't happen. Or at the very least check if there already exists a policy with the same permissions attached to the role.

Reproduction Steps

let build1 = new codebuild.PipelineProject(
  // ...
  role: this.codeBuildRole
);
let build2 = new codebuild.PipelineProject(
  // ...
  role: this.codeBuildRole
);

Error Log

A policy named "CodeBuildEC2Policy" is already attached

C:\Users\user\<redacted>\node_modules\@aws-cdk\core\lib\construct.ts:53
          throw new Error(`Validation failed with the following errors:\n  ${errorList}`);
                ^
Error: Validation failed with the following errors:
  [<redacted>/PolicyDocument] Policy must be attached to at least one principal: user, group or role
    at Function.synth (C:\Users\user\<redacted>\node_modules\@aws-cdk\core\lib\construct.ts:53:17)
    at App.synth (C:\Users\user\<redacted>\node_modules\@aws-cdk\core\lib\app.ts:128:36)
    at process.App.process.once (C:\Users\user\<redacted>\node_modules\@aws-cdk\core\lib\app.ts:111:45)
    at Object.onceWrapper (events.js:277:13)
    at process.emit (events.js:189:13)
    at process.EventEmitter.emit (domain.js:441:20)
    at process.emit (C:\Users\user\<redacted>\node_modules\source-map-support\source-map-support.js:465:21)
    at process.topLevelDomainCallback (domain.js:120:23)
Subprocess exited with error 1

Environment

  • CDK CLI Version : CDK version
  • Angular CLI : 1.6.0, Angular CI: 7.3.8
  • OS : Windows 10
  • Language : Typescript

This is :bug: Bug Report

@aws-cdaws-codebuild bug
Source
picture NamiKimTR
👍1

All 7 comments

Thank for reporting @NamiKimTR . It is indeed a miss on our side.

skinny85 picture skinny85 on 20 Dec 2019

Actually, I believe this has been already fixed in #5385. That fix should be included in 1.20.0, which will be released early next week.

skinny85 picture skinny85 on 20 Dec 2019
1

That's great news! Thank you @skinny85 . I will close this issue.

NamiKimTR picture NamiKimTR on 22 Dec 2019

Hi @skinny85, do you have the ETA for the fix by any chance? Thank you.

NamiKimTR picture NamiKimTR on 27 Dec 2019

Hey @NamiKimTR , version 1.20.0 of the CDK (including the fix in #5385 ) should be released next week.

skinny85 picture skinny85 on 27 Dec 2019
🎉1

Just tested with 1.20.0 and verified that it's working now. I was able to create multiple CodeBuildActions and no longer getting this error message. Thanks!

redi-kilicb picture redi-kilicb on 9 Jan 2020
👍1

That's great to hear @redi-kilicb, glad we were able to get you unblocked!

skinny85 picture skinny85 on 9 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

v-do picture v-do  路  3Comments
PaulMaddox picture PaulMaddox  路  3Comments
schof picture schof  路  3Comments
Kent1 picture Kent1  路  3Comments
eladb picture eladb  路  3Comments