如何向 `cdk bootstrap` 提供多个帐户凭据?
How to provide multiple account credentials to `cdk bootstrap`?
我们正在开发多账户 CDK 应用程序,并在 CodeBuild 上进行持续部署。我们知道 CDK authentication issues,因此我们使用 $ aws sts assume-role
并设置环境变量以在 $ cdk deploy
期间切换 AWS 帐户。这种方式适用于 $ cdk deploy
,但 $ cdk bootstrap
不行。 $ cdk bootstrap
尝试 bootstrap 每个帐户并需要多个帐户凭据。有什么简单的方法可以为 $ cdk bootstrap
提供多个帐户凭据吗? (实现自定义插件不是"simple"...)不然有什么办法bootstrap一个账号吗?
# with 111111111111 account credential
$ cdk bootstrap --execute=false
⏳ Bootstrapping environment aws://111111111111/us-east-1...
⏳ Bootstrapping environment aws://222222222222/us-east-1...
❌ Environment aws://222222222222/us-east-1 failed bootstrapping: Error: Need to perform AWS calls for account 222222222222, but no credentials found. Tried: default credentials.
import "source-map-support/register";
import * as cdk from "@aws-cdk/core";
import * as sns from "@aws-cdk/aws-sns";
class MyStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
new sns.Topic(this, sns.Topic.name);
}
}
const app = new cdk.App();
new MyStack(app, "MyStack1", {
env: { account: "111111111111", region: "us-east-1" }
});
new MyStack(app, "MyStack2", {
env: { account: "222222222222", region: "us-east-1" }
});
您可以将环境作为参数传递给 cdk bootstrap
命令。
cdk bootstrap [ENVIRONMENTS..]
cdk bootstrap aws://111111111111/us-east-1
所以在你的情况下,你必须在 运行 每个 bootstrap 命令之前切换帐户,就像你对部署所做的那样。
aws sts assume-role ...
ACCOUNT=$(aws sts get-caller-identity --query Account --output text)
REGION=$(aws configure get region)
cdk bootstrap aws://$ACCOUNT/$REGION
我们正在开发多账户 CDK 应用程序,并在 CodeBuild 上进行持续部署。我们知道 CDK authentication issues,因此我们使用 $ aws sts assume-role
并设置环境变量以在 $ cdk deploy
期间切换 AWS 帐户。这种方式适用于 $ cdk deploy
,但 $ cdk bootstrap
不行。 $ cdk bootstrap
尝试 bootstrap 每个帐户并需要多个帐户凭据。有什么简单的方法可以为 $ cdk bootstrap
提供多个帐户凭据吗? (实现自定义插件不是"simple"...)不然有什么办法bootstrap一个账号吗?
# with 111111111111 account credential
$ cdk bootstrap --execute=false
⏳ Bootstrapping environment aws://111111111111/us-east-1...
⏳ Bootstrapping environment aws://222222222222/us-east-1...
❌ Environment aws://222222222222/us-east-1 failed bootstrapping: Error: Need to perform AWS calls for account 222222222222, but no credentials found. Tried: default credentials.
import "source-map-support/register";
import * as cdk from "@aws-cdk/core";
import * as sns from "@aws-cdk/aws-sns";
class MyStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
new sns.Topic(this, sns.Topic.name);
}
}
const app = new cdk.App();
new MyStack(app, "MyStack1", {
env: { account: "111111111111", region: "us-east-1" }
});
new MyStack(app, "MyStack2", {
env: { account: "222222222222", region: "us-east-1" }
});
您可以将环境作为参数传递给 cdk bootstrap
命令。
cdk bootstrap [ENVIRONMENTS..]
cdk bootstrap aws://111111111111/us-east-1
所以在你的情况下,你必须在 运行 每个 bootstrap 命令之前切换帐户,就像你对部署所做的那样。
aws sts assume-role ...
ACCOUNT=$(aws sts get-caller-identity --query Account --output text)
REGION=$(aws configure get region)
cdk bootstrap aws://$ACCOUNT/$REGION