AWS codepipeline error when trying to deploy cross region

0
votes

I have an AWS management account and dev account.

I run my pipeline from management and it deploys resources into dev on both eu-west-2 and us-east-1 regions. As a result in my management account I have 2 artefact stores 1 for eu-west-2 and one for us-east-1.

For some reason when deploying I get this error.

ReplicationFailed Replication of artifact 'project-source' failed: Failed replicating artifact from bucketA in eu-west-2 to BucketB in us-east-1: The provided KMS ARN is not valid: 'Invalid arn s3'.

I have triple checked the arns I am using for pipeline_artefact_kms_key and that seems correct.

below are some snips of my code.

Resources:
  CodePipeline:
    Type: AWS::CodePipeline::Pipeline
    Properties:
      Name: "somepipeline"
      ArtifactStores:
        - Region: eu-west-2
          ArtifactStore:
            EncryptionKey:
              Type: KMS
              Id: !Sub "{{resolve:ssm:/${SSMNamespace}/${SystemSSMConfigId}/pipeline/artefact_encryption_key/arn:1}}"
            Location: !Sub "{{resolve:ssm:/${SSMNamespace}/${SystemSSMConfigId}/pipeline/build_bucket/name:1}}"
            Type: S3
        - Region: us-east-1
          ArtifactStore:
            EncryptionKey:
              Type: KMS
              Id: !Sub "{{resolve:ssm:/${SSMNamespace}/${SystemSSMConfigId}/mgmt/us-east-1/pipeline_artefact_kms_key/arn:1}}"
            Location: !Sub "{{resolve:ssm:/${SSMNamespace}/${SystemSSMConfigId}/mgmt/us-east-1/build_bucket/name:1}}"
            Type: S3
      RoleArn: !Sub "{{resolve:ssm:/${SSMNamespace}/${SystemSSMConfigId}/pipeline/pipeline_role_arn/mgmt:1}}"
      Stages:
        - Name: GetSource
          Actions:
            - Name: FetchProjectPipelineCode
              ActionTypeId:
                Category: Source
                Owner: ThirdParty
                Version: 1
                Provider: GitHub
              Configuration:
                Owner: !Sub "{{resolve:ssm:/${SSMNamespace}/${SystemSSMConfigId}/pipeline/github/organisation:1}}"
                Repo: !Sub "{{resolve:ssm:/${SSMNamespace}/${SystemSSMConfigId}/pipeline/github/repository:1}}"
                PollForSourceChanges: 'false'
                Branch:
                  Ref: BranchToBuild
                OAuthToken: !Sub "{{resolve:secretsmanager:/${SSMNamespace}/${SystemSSMConfigId}/pipeline/github/oauth_token:SecretString:token}}"
              OutputArtifacts:
                - Name: project-source
              RunOrder: 1
        - Name: DeployAuthLambdasToDev
          Actions:
            - Name: DeployLambdas-dev
              RoleArn: !Sub "{{resolve:ssm:/${SSMNamespace}/${SystemSSMConfigId}/pipeline/pipeline_role_arn/dev:1}}"
              ActionTypeId:
                Category: Deploy
                Owner: AWS
                Version: '1'
                Provider: CloudFormation
              InputArtifacts:
                - Name: project-source
              OutputArtifacts:
                - Name: lambdas_outputs_dev
              Configuration:
                ActionMode: REPLACE_ON_FAILURE
                Capabilities: CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND
                RoleArn: !Sub "{{resolve:ssm:/${SSMNamespace}/${SystemSSMConfigId}/pipeline/pipeline_role_arn/dev:1}}"
                StackName: !Sub "${UniqueId}-AuthLambdas"
                TemplatePath: project-source::aws/pipeline/us-east-1/dev/lambdas.cf.yaml
                TemplateConfiguration: project-source::aws/pipeline/service_config.json
                OutputFileName: stack_outputs.json
              Region: us-east-1
              RunOrder: 1
1
amazon-web-servicesamazon-cloudformationaws-codepipeline

1 Answers

0
votes

UPDATE:

I managed to solve this issue, it was something todo with the ARN. For some reason SSM was not resolving it correctly. I am not to sure why I did check the SSM with great attention to detail including the version number!