Hello everyone,
I currently have a CDK project and accounts with the following structure: Main Account has multiple sub accounts: dev, provision account, etc.
CDK application references these accounts directly. Within the calls themselves they are targeting specific resources within the accounts.
I followed the Localstack tutorials and ran cdklocal bootstrap aws://000000000000/us-east-1. The environment gets initialized but when I run cdklocal deploy. I am receiving a 400 response when the cdk tries to create s3 bucket in the specific sub accounts. I am also receiving an error from an SSM Get-Parameter: Deployment failed: Error: SSM parameter /cdk-bootstrap/foo/version not found. Has the environment been bootstrapped? Please run 'cdk bootstrap' (see https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html).
I have multiple questions:
- Is the current way our cdk app is architected with the sub-account structure preventing us from using Localstack?
- Why am I receiving the SSM error when I have already bootstrapped the project with
cdklocal?
Hi @wcrawford,
Thanks for reaching out.
As you have not attached any code I took the liberty to create a simple sample in Python myself to investigate your issue. To address your questions:
- No it’s not. You can use CDK with multi-account setups. The following way:
Create trust between accounts, ie in my case I had 000000000000 as main account and 000000000001 and 000000000002 as sub accounts. To create a trust relationship I used the CDK cli at bootstrap the following way (ofc this is not the only solution to do it, but perhaps this is the simplest)
AWS_ACCESS_KEY_ID=000000000002 AWS_SECRET_ACCESS_KEY=test cdklocal bootstrap aws://000000000002/us-east-1 --trust 000000000000 --cloudformation-execution-policies "arn:aws:iam::aws:policy/AdministratorAccess"
More information about the multi-account behaviour of LocalStack you can find it here.
Then your app.py looks something similar:
...
app = cdk.App()
CdkMainAccountStack(app, "CdkMainAccountStack",
env=cdk.Environment(account='000000000000', region='us-east-1'),
)
CdkSubAccountStack(app, "CdkSubAccountStack-000000000001",
env=cdk.Environment(account='000000000001', region='us-east-1'),
)
CdkSubAccountStack(app, "CdkSubAccountStack-000000000002",
env=cdk.Environment(account='000000000002', region='us-east-1'),
)
app.synth()
- Regarding the SSM error. Can you please verify that you are adding the parameter and not looking it up (Get-Parameter)? In my case this looked like this:
ssm_parameter = ssm.StringParameter(self, "Version",
parameter_name="/cdk-bootstrap/foo/version",
string_value="v1.0"
)
Please let us know if any of this helped or you have further questions.