AWS CDK管道错误-没有找到匹配"xxxxx“的堆栈

Question

我对我部署的最后一条CDK管道感到很困难。

我在这里遵循了以下步骤：pipeline.html和总体经验是相当痛苦的。首先，我必须手动更新S3桶策略，让管道从桶中读取/写入它，因为否则我会被拒绝访问403错误。

这个部分似乎已经解决了，但是现在，在"UpdatePipeline“阶段，我收到了错误消息失败：Error: No stack found matching 'PTPipelineStack'. Use "list" to print manifest，很明显，堆栈存在于CloudFormation中，如果我从CLI运行cdk list命令，则会看到PTPipelineStack。我已经摧毁了管道，并重新部署了几次“以防万一”，但并没有真正的帮助。对于如何帮助这一点，有什么建议吗？

bin/file.ts:

#!/usr/bin/env node
import * as cdk from '@aws-cdk/core'
import 'source-map-support/register'
import { MyPipelineStack } from '../lib/build-pipeline'

const app = new cdk.App()
const pipelineStack = new MyPipelineStack(app, 'PTPipelineStack', {
  env: {
    account: 'xxxxxxxxxxxx',
    region: 'eu-west-1',
  },
})


app.synth()

lib/build-pipeline.ts:

import * as codepipeline from '@aws-cdk/aws-codepipeline'
import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions'
import { Construct, Stack, StackProps, Stage, StageProps } from '@aws-cdk/core'
import { CdkPipeline, SimpleSynthAction } from '@aws-cdk/pipelines'
import { PasstimeStack } from './passtime-stack'

export class MyApplication extends Stage {
  constructor(scope: Construct, id: string, props?: StageProps) {
    super(scope, id, props)
    new PasstimeStack(this, 'Cognito')
  }
}

export class MyPipelineStack extends Stack {
  constructor(scope: Construct, id: string, props?: StackProps) {
    super(scope, id, props)

    const sourceArtifact = new codepipeline.Artifact()
    const cloudAssemblyArtifact = new codepipeline.Artifact()

    const pipeline = new CdkPipeline(this, 'Pipeline', {
      pipelineName: 'PassTimeAppPipeline',
      cloudAssemblyArtifact,

      sourceAction: new codepipeline_actions.BitBucketSourceAction({
        actionName: 'Github',
        connectionArn:
          'arn:aws:codestar-connections:eu-west-1:xxxxxxxxxxxxxxx',
        owner: 'owner',
        repo: 'repo',
        branch: 'dev',
        output: sourceArtifact,
      }),

      synthAction: SimpleSynthAction.standardNpmSynth({
        sourceArtifact,
        cloudAssemblyArtifact,

        installCommand: 'npm ci',
        environment: {
          privileged: true,
        },
      }),
    })

    pipeline.addApplicationStage(
      new MyApplication(this, 'Dev', {
        env: {
          account: 'xxxxxxxx',
          region: 'eu-west-1',
        },
      })
    )
  }
}

在我的package.json:上

"devDependencies": {
    "@aws-cdk/assert": "^1.94.1",
    "@types/jest": "^26.0.21",
    "@types/node": "14.14.35",
    "aws-cdk": "^1.94.1",
    "jest": "^26.4.2",
    "ts-jest": "^26.5.4",
    "ts-node": "^9.0.0",
    "typescript": "4.2.3"
  },
  "dependencies": {
    "@aws-cdk/aws-appsync": "^1.94.1",
    "@aws-cdk/aws-cloudfront": "^1.94.1",
    "@aws-cdk/aws-cloudfront-origins": "^1.94.1",
    "@aws-cdk/aws-codebuild": "^1.94.1",
    "@aws-cdk/aws-codepipeline": "^1.94.1",
    "@aws-cdk/aws-codepipeline-actions": "^1.94.1",
    "@aws-cdk/aws-cognito": "^1.94.1",
    "@aws-cdk/aws-dynamodb": "^1.94.1",
    "@aws-cdk/aws-iam": "^1.94.1",
    "@aws-cdk/aws-kms": "^1.94.1",
    "@aws-cdk/aws-lambda": "^1.94.1",
    "@aws-cdk/aws-lambda-nodejs": "^1.94.1",
    "@aws-cdk/aws-pinpoint": "^1.94.1",
    "@aws-cdk/aws-s3": "^1.94.1",
    "@aws-cdk/aws-s3-deployment": "^1.94.1",
    "@aws-cdk/core": "^1.94.1",
    "@aws-cdk/custom-resources": "^1.94.1",
    "@aws-cdk/pipelines": "^1.94.1",
    "@aws-sdk/s3-request-presigner": "^3.9.0",
    "source-map-support": "^0.5.16"
  }

代码构建日志：

[Container] 2021/03/19 17:43:59 Entering phase INSTALL
--
16 | [Container] 2021/03/19 17:43:59 Running command npm install -g aws-cdk
17 | /usr/local/bin/cdk -> /usr/local/lib/node_modules/aws-cdk/bin/cdk
18 | + aws-cdk@1.94.1
19 | added 193 packages from 186 contributors in 6.404s
20 |  
21 | [Container] 2021/03/19 17:44:09 Phase complete: INSTALL State: SUCCEEDED
22 | [Container] 2021/03/19 17:44:09 Phase context status code:  Message:
23 | [Container] 2021/03/19 17:44:09 Entering phase PRE_BUILD
24 | [Container] 2021/03/19 17:44:10 Phase complete: PRE_BUILD State: SUCCEEDED
25 | [Container] 2021/03/19 17:44:10 Phase context status code:  Message:
26 | [Container] 2021/03/19 17:44:10 Entering phase BUILD
27 | [Container] 2021/03/19 17:44:10 Running command cdk -a . deploy PTPipelineStack --require-approval=never --verbose
28 | CDK toolkit version: 1.94.1 (build 60d8f91)
29 | Command line arguments: {
30 | _: [ 'deploy' ],
31 | a: '.',
32 | app: '.',
33 | 'require-approval': 'never',
34 | requireApproval: 'never',
35 | verbose: 1,
36 | v: 1,
37 | lookups: true,
38 | 'ignore-errors': false,
39 | ignoreErrors: false,
40 | json: false,
41 | j: false,
42 | debug: false,
43 | ec2creds: undefined,
44 | i: undefined,
45 | 'version-reporting': undefined,
46 | versionReporting: undefined,
47 | 'path-metadata': true,
48 | pathMetadata: true,
49 | 'asset-metadata': true,
50 | assetMetadata: true,
51 | 'role-arn': undefined,
52 | r: undefined,
53 | roleArn: undefined,
54 | staging: true,
55 | 'no-color': false,
56 | noColor: false,
57 | fail: false,
58 | all: false,
59 | 'build-exclude': [],
60 | E: [],
61 | buildExclude: [],
62 | ci: false,
63 | execute: true,
64 | force: false,
65 | f: false,
66 | parameters: [ {} ],
67 | 'previous-parameters': true,
68 | previousParameters: true,
69 | '$0': '/usr/local/bin/cdk',
70 | STACKS: [ 'PTPipelineStack' ],
71 | 'S-t-a-c-k-s': [ 'PTPipelineStack' ]
72 | }
73 | merged settings: {
74 | versionReporting: true,
75 | pathMetadata: true,
76 | output: 'cdk.out',
77 | app: '.',
78 | context: {},
79 | debug: false,
80 | assetMetadata: true,
81 | requireApproval: 'never',
82 | toolkitBucket: {},
83 | staging: true,
84 | bundlingStacks: [ '*' ],
85 | lookups: true
86 | }
87 | Toolkit stack: CDKToolkit
88 | Setting "CDK_DEFAULT_REGION" environment variable to eu-west-1
89 | Resolving default credentials
90 | Looking up default account ID from STS
91 | Default account ID: xxxxxx
92 | Setting "CDK_DEFAULT_ACCOUNT" environment variable to xxxxxxxxx
93 | context: {
94 | 'aws:cdk:enable-path-metadata': true,
95 | 'aws:cdk:enable-asset-metadata': true,
96 | 'aws:cdk:version-reporting': true,
97 | 'aws:cdk:bundling-stacks': [ '*' ]
98 | }
99 | --app points to a cloud assembly, so we bypass synth
100 | No stack found matching 'PTPipelineStack'. Use "list" to print manifest
101 | Error: No stack found matching 'PTPipelineStack'. Use "list" to print manifest
102 | at CloudAssembly.selectStacks (/usr/local/lib/node_modules/aws-cdk/lib/api/cxapp/cloud-assembly.ts:115:15)
103 | at CdkToolkit.selectStacksForDeploy (/usr/local/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:385:35)
104 | at CdkToolkit.deploy (/usr/local/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:111:20)
105 | at initCommandLine (/usr/local/lib/node_modules/aws-cdk/bin/cdk.ts:208:9)
106 |  
107 | [Container] 2021/03/19 17:44:10 Command did not exit successfully cdk -a . deploy PTPipelineStack --require-approval=never --verbose exit status 1
108 | [Container] 2021/03/19 17:44:10 Phase complete: BUILD State: FAILED
109 | [Container] 2021/03/19 17:44:10 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: cdk -a . deploy PTPipelineStack --require-approval=never --verbose. Reason: exit status 1
110 | [Container] 2021/03/19 17:44:10 Entering phase POST_BUILD
111 | [Container] 2021/03/19 17:44:10 Phase complete: POST_BUILD State: SUCCEEDED
112 | [Container] 2021/03/19 17:44:10 Phase context status code:  Message:

Answer 1

我遇到了同样的问题，我不知道我是如何解决这个问题的，但以下是一些值得尝试的地方：

1. 确保将您的dev分支推送到Github，而不仅仅是在本地正确，因为这正是您的管道所指向的。(这是我的问题)
2. 我使用的是1.94.1，但换到了1.94.0 -不确定这是否有帮助
3. 我使我的CDK版本都是固定的，所以我删除了^，这样它们就不会在某个时候与不同的版本发生冲突。

Answer 2

我终于昨天有了一个突破。

我上面描述的问题是一个问题的结果，这个问题在管道的早期就开始了，实际上缺乏访问工件s3桶的权限。在源阶段出现的原始错误消息：

Upload to S3 failed with the following error: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: xxxx; S3 Extended Request ID: xxxx; Proxy: null) (Service: null; Status Code: 0; Error Code: null; Request ID: null; S3 Extended Request ID: null; Proxy: null) (Service: null; Status Code: 0; Error Code: null; Request ID: null; S3 Extended Request ID: null; Proxy: null)

我在工件桶上创建了一个桶策略，从而解除了管道的阻塞，但正如前面所述，实际上只是进一步推动了问题。但专注于最初的问题，我实际上意识到，CDK并没有为它创建的角色授予足够的权限。

到今天为止，要想在一个组织中使用Github v2回购，就需要使用“CodeStar”集成，它依赖于CodeStar。(v1 =访问令牌=私有repos)。

目前，使用CDK设置这一功能的唯一方法是使用BitBucketSourceAction，如上面的代码所示。

有趣的是，在部署新的管道堆栈时，CDK将创建专用的IAM角色，并授予以下权限：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "codestar-connections:UseConnection",
            "Resource": "arn:aws:codestar-connections:eu-west-1:xxxxx:connection/xxxx",xx
            "Effect": "Allow"
        },
        {
            "Action": [
                "s3:GetObject*",
                "s3:GetBucket*",
                "s3:List*",
                "s3:DeleteObject*",
                "s3:PutObject",
                "s3:Abort*"
            ],
            "Resource": [
                "arn:aws:s3:::bucket",
                "arn:aws:s3:::bucket/*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
            ],
            "Resource": "arn:aws:kms:eu-west-1:xxxxxxx:key/xxxxx",
            "Effect": "Allow"
        }
    ]
}

这在一开始看上去还可以，但是对于管道来说，它不足以访问桶并通过各个阶段。我怀疑它缺少PutBucketPolicy权限。我目前已经通过用一个s3:*替换特定的操作来修复它，但是这应该是微调的。

最后，我使用的是最新的、最伟大的1.94.1，它不是deps问题，而是CDK问题。我会跟aws-cdk帮派提出一个问题。