Login/Register
AWS CDK Pipeline Error - No stack found matching "xxxxx"
Asked Answered
aws-cloudformationaws-cdkaws-codepipelineaws-codebuild
M

2

8

I am having a hard time with the last CDK Pipeline I have deployed.
I have followed the steps here:https://docs.aws.amazon.com/cdk/latest/guide/cdk_pipeline.html and the overall experience has been quite painful. First of all I had to manually update the S3 bucket policy to let the pipeline read/write from the bucket it as I was otherwise getting denied access 403 errors.
That part seems resolved but now, in the "UpdatePipeline" stage, I am getting failures with that error message: Error: No stack found matching 'PTPipelineStack'. Use "list" to print manifest, when clearly, the Stack exists in CloudFormation and if I run the cdk list command from the CLI I do see the PTPipelineStack. I have destroyed the pipeline and redeployed it a few times "just in case", but didn't really help. Any suggestion as to what be done to help with this?

bin/file.ts:

#!/usr/bin/env node
import * as cdk from '@aws-cdk/core'
import 'source-map-support/register'
import { MyPipelineStack } from '../lib/build-pipeline'

const app = new cdk.App()
const pipelineStack = new MyPipelineStack(app, 'PTPipelineStack', {
  env: {
    account: 'xxxxxxxxxxxx',
    region: 'eu-west-1',
  },
})


app.synth()

lib/build-pipeline.ts:

import * as codepipeline from '@aws-cdk/aws-codepipeline'
import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions'
import { Construct, Stack, StackProps, Stage, StageProps } from '@aws-cdk/core'
import { CdkPipeline, SimpleSynthAction } from '@aws-cdk/pipelines'
import { PasstimeStack } from './passtime-stack'

export class MyApplication extends Stage {
  constructor(scope: Construct, id: string, props?: StageProps) {
    super(scope, id, props)
    new PasstimeStack(this, 'Cognito')
  }
}

export class MyPipelineStack extends Stack {
  constructor(scope: Construct, id: string, props?: StackProps) {
    super(scope, id, props)

    const sourceArtifact = new codepipeline.Artifact()
    const cloudAssemblyArtifact = new codepipeline.Artifact()

    const pipeline = new CdkPipeline(this, 'Pipeline', {
      pipelineName: 'PassTimeAppPipeline',
      cloudAssemblyArtifact,

      sourceAction: new codepipeline_actions.BitBucketSourceAction({
        actionName: 'Github',
        connectionArn:
          'arn:aws:codestar-connections:eu-west-1:xxxxxxxxxxxxxxx',
        owner: 'owner',
        repo: 'repo',
        branch: 'dev',
        output: sourceArtifact,
      }),

      synthAction: SimpleSynthAction.standardNpmSynth({
        sourceArtifact,
        cloudAssemblyArtifact,

        installCommand: 'npm ci',
        environment: {
          privileged: true,
        },
      }),
    })

    pipeline.addApplicationStage(
      new MyApplication(this, 'Dev', {
        env: {
          account: 'xxxxxxxx',
          region: 'eu-west-1',
        },
      })
    )
  }
}

deps on my package.json:

"devDependencies": {
    "@aws-cdk/assert": "^1.94.1",
    "@types/jest": "^26.0.21",
    "@types/node": "14.14.35",
    "aws-cdk": "^1.94.1",
    "jest": "^26.4.2",
    "ts-jest": "^26.5.4",
    "ts-node": "^9.0.0",
    "typescript": "4.2.3"
  },
  "dependencies": {
    "@aws-cdk/aws-appsync": "^1.94.1",
    "@aws-cdk/aws-cloudfront": "^1.94.1",
    "@aws-cdk/aws-cloudfront-origins": "^1.94.1",
    "@aws-cdk/aws-codebuild": "^1.94.1",
    "@aws-cdk/aws-codepipeline": "^1.94.1",
    "@aws-cdk/aws-codepipeline-actions": "^1.94.1",
    "@aws-cdk/aws-cognito": "^1.94.1",
    "@aws-cdk/aws-dynamodb": "^1.94.1",
    "@aws-cdk/aws-iam": "^1.94.1",
    "@aws-cdk/aws-kms": "^1.94.1",
    "@aws-cdk/aws-lambda": "^1.94.1",
    "@aws-cdk/aws-lambda-nodejs": "^1.94.1",
    "@aws-cdk/aws-pinpoint": "^1.94.1",
    "@aws-cdk/aws-s3": "^1.94.1",
    "@aws-cdk/aws-s3-deployment": "^1.94.1",
    "@aws-cdk/core": "^1.94.1",
    "@aws-cdk/custom-resources": "^1.94.1",
    "@aws-cdk/pipelines": "^1.94.1",
    "@aws-sdk/s3-request-presigner": "^3.9.0",
    "source-map-support": "^0.5.16"
  }

Code Build Logs:

[Container] 2021/03/19 17:43:59 Entering phase INSTALL
--
16 | [Container] 2021/03/19 17:43:59 Running command npm install -g aws-cdk
17 | /usr/local/bin/cdk -> /usr/local/lib/node_modules/aws-cdk/bin/cdk
18 | + [email protected]
19 | added 193 packages from 186 contributors in 6.404s
20 |  
21 | [Container] 2021/03/19 17:44:09 Phase complete: INSTALL State: SUCCEEDED
22 | [Container] 2021/03/19 17:44:09 Phase context status code:  Message:
23 | [Container] 2021/03/19 17:44:09 Entering phase PRE_BUILD
24 | [Container] 2021/03/19 17:44:10 Phase complete: PRE_BUILD State: SUCCEEDED
25 | [Container] 2021/03/19 17:44:10 Phase context status code:  Message:
26 | [Container] 2021/03/19 17:44:10 Entering phase BUILD
27 | [Container] 2021/03/19 17:44:10 Running command cdk -a . deploy PTPipelineStack --require-approval=never --verbose
28 | CDK toolkit version: 1.94.1 (build 60d8f91)
29 | Command line arguments: {
30 | _: [ 'deploy' ],
31 | a: '.',
32 | app: '.',
33 | 'require-approval': 'never',
34 | requireApproval: 'never',
35 | verbose: 1,
36 | v: 1,
37 | lookups: true,
38 | 'ignore-errors': false,
39 | ignoreErrors: false,
40 | json: false,
41 | j: false,
42 | debug: false,
43 | ec2creds: undefined,
44 | i: undefined,
45 | 'version-reporting': undefined,
46 | versionReporting: undefined,
47 | 'path-metadata': true,
48 | pathMetadata: true,
49 | 'asset-metadata': true,
50 | assetMetadata: true,
51 | 'role-arn': undefined,
52 | r: undefined,
53 | roleArn: undefined,
54 | staging: true,
55 | 'no-color': false,
56 | noColor: false,
57 | fail: false,
58 | all: false,
59 | 'build-exclude': [],
60 | E: [],
61 | buildExclude: [],
62 | ci: false,
63 | execute: true,
64 | force: false,
65 | f: false,
66 | parameters: [ {} ],
67 | 'previous-parameters': true,
68 | previousParameters: true,
69 | '$0': '/usr/local/bin/cdk',
70 | STACKS: [ 'PTPipelineStack' ],
71 | 'S-t-a-c-k-s': [ 'PTPipelineStack' ]
72 | }
73 | merged settings: {
74 | versionReporting: true,
75 | pathMetadata: true,
76 | output: 'cdk.out',
77 | app: '.',
78 | context: {},
79 | debug: false,
80 | assetMetadata: true,
81 | requireApproval: 'never',
82 | toolkitBucket: {},
83 | staging: true,
84 | bundlingStacks: [ '*' ],
85 | lookups: true
86 | }
87 | Toolkit stack: CDKToolkit
88 | Setting "CDK_DEFAULT_REGION" environment variable to eu-west-1
89 | Resolving default credentials
90 | Looking up default account ID from STS
91 | Default account ID: xxxxxx
92 | Setting "CDK_DEFAULT_ACCOUNT" environment variable to xxxxxxxxx
93 | context: {
94 | 'aws:cdk:enable-path-metadata': true,
95 | 'aws:cdk:enable-asset-metadata': true,
96 | 'aws:cdk:version-reporting': true,
97 | 'aws:cdk:bundling-stacks': [ '*' ]
98 | }
99 | --app points to a cloud assembly, so we bypass synth
100 | No stack found matching 'PTPipelineStack'. Use "list" to print manifest
101 | Error: No stack found matching 'PTPipelineStack'. Use "list" to print manifest
102 | at CloudAssembly.selectStacks (/usr/local/lib/node_modules/aws-cdk/lib/api/cxapp/cloud-assembly.ts:115:15)
103 | at CdkToolkit.selectStacksForDeploy (/usr/local/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:385:35)
104 | at CdkToolkit.deploy (/usr/local/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:111:20)
105 | at initCommandLine (/usr/local/lib/node_modules/aws-cdk/bin/cdk.ts:208:9)
106 |  
107 | [Container] 2021/03/19 17:44:10 Command did not exit successfully cdk -a . deploy PTPipelineStack --require-approval=never --verbose exit status 1
108 | [Container] 2021/03/19 17:44:10 Phase complete: BUILD State: FAILED
109 | [Container] 2021/03/19 17:44:10 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: cdk -a . deploy PTPipelineStack --require-approval=never --verbose. Reason: exit status 1
110 | [Container] 2021/03/19 17:44:10 Entering phase POST_BUILD
111 | [Container] 2021/03/19 17:44:10 Phase complete: POST_BUILD State: SUCCEEDED
112 | [Container] 2021/03/19 17:44:10 Phase context status code:  Message:
Micamicaela answered 20/3, 2021 at 11:2 Comment(0)
S
7

I ran into the same issue and I'm not sure exactly how I fixed it, but here's some things to try:

  1. Make sure you have your dev branch pushed to Github and not just correctly locally because that's what your pipeline is pointing to. (this was my problem)
  2. I was using 1.94.1 but swapped to 1.94.0 - not sure if this helped
  3. I make my CDK versions all fixed so I remove the ^, so they don't conflict with different versions at some point
Sewell answered 21/3, 2021 at 5:22 Comment(3)
Hi @Bryan Hunter, thanks but I am still getting this. I have deleted by package lock, downgraded the package to 1.94.0, re-installed, re bootstrapped, redeployed, same. I am still stuck. I have also upgraded my version of node, removed any tags policies associated to my OU, downgraded some deps (ts-node etc.) to match the version with what the CDK ships today. Nothing.Micamicaela
Thanks, pushing latest changes to the remote branch fixed the Error: No stack found matching 'stack_name'. Use "list" to print manifest error for me.Rik
First suggestion fixed the issue for me! Pushing to Github.Verecund
M
1

I finally had a breakthrough yesterday.
The issue I outlined above was a consequence of an issue that started earlier in the pipeline, that was in fact lacking permissions to access the artifacts s3 bucket. The original error message that appeared at the Source stage:

Upload to S3 failed with the following error: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: xxxx; S3 Extended Request ID: xxxx; Proxy: null) (Service: null; Status Code: 0; Error Code: null; Request ID: null; S3 Extended Request ID: null; Proxy: null) (Service: null; Status Code: 0; Error Code: null; Request ID: null; S3 Extended Request ID: null; Proxy: null)

I had unblocked the pipeline by creating a bucket policy on the artifact bucket but as stated previously that actually only pushed the issue further down the line. But focusing on the original issue I actually realised that the CDK was not granting sufficient permissions to one of the roles it created.

As of today, in order to use a Github repo with an organisation one needs to use the "Github v2" integration, that relies on CodeStar. (v1 = access tokens = private repos).

Currently the only way to set this up with the CDK is to use the BitBucketSourceAction as seen in my code above.

Interestingly, when deploying a new pipeline stack, the CDK creates the dedicated IAM role and grants the following permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "codestar-connections:UseConnection",
            "Resource": "arn:aws:codestar-connections:eu-west-1:xxxxx:connection/xxxx",xx
            "Effect": "Allow"
        },
        {
            "Action": [
                "s3:GetObject*",
                "s3:GetBucket*",
                "s3:List*",
                "s3:DeleteObject*",
                "s3:PutObject",
                "s3:Abort*"
            ],
            "Resource": [
                "arn:aws:s3:::bucket",
                "arn:aws:s3:::bucket/*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
            ],
            "Resource": "arn:aws:kms:eu-west-1:xxxxxxx:key/xxxxx",
            "Effect": "Allow"
        }
    ]
}

This looks ok at first but turns out to not be sufficient for the pipeline to access the bucket and go through the stages. I suspect that it is missing PutBucketPolicy permissions. I have currently fixed it by replacing the specific actions with a s3:*, but that should be fine tuned.

In the end I am using the latest and greatest 1.94.1, it is not a deps issue but a CDK one. I will raise an issue with the aws-cdk gang. 👍

Micamicaela answered 24/3, 2021 at 9:21 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.