I am trying to set up a cross account deployment pipeline with CDK and CodePipeline.
I built the sample CodePipeline example from the AWS Docs and was able to deploy successfully with cdk into a single account. (https://docs.aws.amazon.com/cdk/latest/guide/codepipeline_example.html)
$ cdk deploy PipelineDeployingLambdaStack --profile=111111111111
This returns successfully.
Then using the cross-account instructions in the cdk-codepipeline-actions docs, I added the account attribute to my deploy action.
(https://docs.aws.amazon.com/cdk/api/latest/docs/aws-codepipeline-actions-readme.html#cross-account-actions)
{
stageName: 'Deploy',
actions: [
new codepipeline_actions.CloudFormationCreateUpdateStackAction({
account: '222222222222', // introduce cross-account deployment
......
}),
],
},
After this change and running cdk synth again it generates a new stack called cross-account-support-stack-222222222222.template.json as expected.
So far so good.
When I try to run cdk deploy though it immediately throws a cross-account reference error:
$ cdk deploy PipelineDeployingLambdaStack --profile=111111111111
Including dependency stacks: cross-account-support-stack-222222222222
cross-account-support-stack-222222222222 (PipelineDeployingLambdaStack-support-222222222222)
cross-account-support-stack-222222222222 (PipelineDeployingLambdaStack-support-222222222222): deploying...
❌ cross-account-support-stack-222222222222 (PipelineDeployingLambdaStack-support-222222222222) failed: Error: Need to perform AWS calls for account 222222222222, but the current credentials are for 111111111111.
I don't understand how this is ever supposed to work since I can only provide one set of credentials at a time. I can't find any documentation about it which makes me think it should be obvious.
What am I missing?
