Make a personal GitHub access token and stick it in a fulltext SecretsManager
Secret with the name my-github-token, or set GITHUB_TOKEN to the name
of it.
$ yarn install --frozen-lockfile
$ yarn build
$ env CDK_NEW_BOOTSTRAP=1 npx cdk bootstrap --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess --trust 355421412380
$ (optional) export GITHUB_TOKEN=other-github-token-name
$ (optional) export BRANCH=$(git rev-parse --abbrev-ref HEAD)
$ npx cdk deploy -e MeertkatsCodePipelineStack
If you see the following error:
CREATE_FAILED | AWS::CodePipeline::Pipeline | Pipeline/Pipeline (Pipeline9850B417) Internal Failure
There's something wrong with your GitHub access token.
This branch needs prerelease features from aws-cdk repo, and they need to be available in the CodeBuild project
as well. That's why we vendor in tarballs of the CDK repo into the current repo.
To update them with a newer version, do the following:
aws-cdk$ git checkout feat/convmode
aws-cdk$ yarn build # Make sure everything you need has been built
...
meerkats$ yarn vendor-in /path/to/aws-cdk
# The next build will install the vendored deps.
This is pretty magical! Toggle "Debugger: Auto Attach" in VSCode, and then from the VSCode terminal run:
env NODE_OPTIONS=--inspect-brk cdk deploy
Wuuuut!
- Retries:
- ChangeSet cannot be retried, and a previous successful step cannot be retried either. Must restart whole pipeline to retry a failed step.
- Stack that failed to create cannot be retried.
- Bootstrap:
- Deploying the pipeline stack by hand will immediately start deploying the referenced GitHub repository, which by that point might not have the same source in it that you just deployed, so the pipeline might overwrite itself with something else!
CREATE_FAILED | AWS::KMS::Key | Pipeline/Pipeline/ArtifactsBucketEncryptionKey (PipelineArtifactsBucketEncryptionKeyF5BF0670) Policy contains a statement with one or more invalid principals. (Service: AWSKMS; Status Code: 400; Error Code: MalformedPolicyDocumentException; Request ID: 20827aab-3e89-41d4-ba7f-b87115a55e36)
You need to bootstrap the target account+environment pair.