Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(codepipeline): Cross-region support stacks break when their template exceeds 50kb #27196

Open
gshpychka opened this issue Sep 19, 2023 · 1 comment
Open

(codepipeline): Cross-region support stacks break when their template exceeds 50kb #27196

gshpychka opened this issue Sep 19, 2023 · 1 comment
Labels
@aws-cdk/aws-codepipeline Related to AWS CodePipeline bug This issue is a bug. effort/medium Medium work item – several days of effort p2

Comments

@gshpychka
Copy link
Contributor

Describe the bug

Currently, cross-region support stacks use the BootstraplessSynthesizer by default, reusing the pipeline environment's default execution and deploy roles and thus avoiding the requirement to bootstrap all regions you want your actions to use.

This works fine most of the time, until their template reaches the CloudFormation size limit for including the template in a request, which is 51,200 bytes. When this happens, the template needs to be uploaded to S3 as an asset instead - and this fails.

We have seen this with CDK Pipelines, and what happens in practice is that the SelfMutation Action tries to upload the template to the default asset bucket in the target region, but fails to do so (as it should, because it lacks the access to do that).

Expected Behavior

Pipeline works fine.

Current Behavior

Pipeline tries and fails to upload the support stack template to the asset bucket in the target region.

Reproduction Steps

Deploy a CDK Pipeline that deploys to a lot of accounts in another region such that the support stack reaches 50kb.

Possible Solution

Generate a descriptive error when a cross-region support stack reaches 50Kb. Add a flag that would allow us to control the synthesizer to be used in support stacks (or just an option to use the parent one).

I would be glad to open a PR, but would need some guidance on how to detect the case.

Additional Information/Context

A very hacky workaround is to add explicit statements allowing S3 access to the asset bucket in the target region to the SelfMutation Role, as well as the CDKToolkit's deploy role in the local region. The target region must be bootstrapped.

CDK CLI Version

2.94.0

Framework Version

2.94.0

Node.js Version

18.4.1

OS

MacOS

Language

Typescript, Python, .NET, Java, Go

Language Version

No response

Other information

No response
@gshpychka gshpychka added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Sep 19, 2023
@github-actions github-actions bot added the @aws-cdk/aws-codepipeline Related to AWS CodePipeline label Sep 19, 2023
@peterwoodworth peterwoodworth added p1 effort/medium Medium work item – several days of effort needs-review and removed needs-triage This issue or PR still needs to be triaged. labels Sep 19, 2023
@peterwoodworth
Copy link
Contributor

Thanks for the report @gshpychka

@github-actions github-actions bot mentioned this issue Oct 1, 2023
Closed
@pahud pahud added p2 and removed p1 labels Jun 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-codepipeline Related to AWS CodePipeline bug This issue is a bug. effort/medium Medium work item – several days of effort p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pahud @gshpychka @peterwoodworth @khushail