[Typescript] cdk deploy uses Class name instead of stackName prop for the initial DescribeStacks API call

[gustakasn0v]

When running cdk deploy, cdk calls the cloudformation:DescribeStacks API to gather data about the currently deployed stacks. If a stack name is passed (ie. via the stackName prop, or the id constructor param of Stack), cdk still uses the class name instead of this name to do that initial call.

Reproduction Steps

1. Use an IAM role/user with permissions to modify only SampleStack
2. Create a stack as follows:

another-stack.ts

export class AnotherStack extends Stack {
  ...
}

deploy.ts

const app = new cdk.App()
new AnotherStack(app, "SampleStack", {
    stackName: "SampleStack"
})

1. Run cdk deploy -a "npx ts-node deploy.ts"

Error Log

After following the steps above, I get the following error:
LambdaApiStack failed: AccessDenied: User: XXX is not authorized to perform: cloudformation:DescribeStacks on resource: arn:aws:cloudformation:eu-west-1:XXX:stack/AnotherStack/*

Environment

• CLI Version : 1.31.0
• Framework Version: 1.31.0
• OS : Codebuild, aws/codebuild/standard:3.0 build type
• Language : Typescript

Other

---

This is 🐛 Bug Report

[gustakasn0v]

Looks like a regression of #4997 since I'm using 1.31.0

[gustakasn0v]

Got an email from @shivlaks with the following:

@gustakasn0v - does your cdk.context.json contain the @aws-cdk/core:enableStackNameDuplicates key?
can you share the context from running the CLI command with the --v flag

My example doesn't have a cdk.context.json file, so I'm not setting that key. Just to be clear, do you mean running cdk deploy --v?

[shivlaks]

Got an email from @shivlaks with the following:

@gustakasn0v - does your cdk.context.json contain the @aws-cdk/core:enableStackNameDuplicates key?

can you share the context from running the CLI command with the --v flag

My example doesn't have a cdk.context.json file, so I'm not setting that key. Just to be clear, do you mean running cdk deploy --v?

yes please! particularly the context part. new projects have that key established so their behaviour is different.

you can also try adding the key and setting it to true.

[github-actions]

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

[gustakasn0v]

I hadn't noticed @SomayaB is waiting for my reply. I'll take a look soon

[gustakasn0v]

@shivlaks I couldn't reproduce this issue again. I was running npm run watch, but maybe the changes hadn't been transpiled yet? Feel free to resolve this.

In any case, here's the verbose output. I see core:enableStackNameDuplicates set to true

CDK toolkit version: 1.31.0 (build 8f3ac79)
Command line arguments: {
  _: [ 'deploy' ],
  profile: 'seoaneg',
  v: true,
  verbose: true,
  'ignore-errors': false,
  ignoreErrors: false,
  json: false,
  j: false,
  ec2creds: undefined,
  i: undefined,
  'version-reporting': undefined,
  versionReporting: undefined,
  'path-metadata': true,
  pathMetadata: true,
  'asset-metadata': true,
  assetMetadata: true,
  'role-arn': undefined,
  r: undefined,
  roleArn: undefined,
  staging: true,
  'no-color': false,
  noColor: false,
  fail: false,
  'build-exclude': [],
  E: [],
  buildExclude: [],
  ci: false,
  execute: true,
  force: false,
  f: false,
  parameters: [ {} ],
  '$0': 'cdk'
}
Determining whether we're on an EC2 instance.
Does not look like EC2 instance.
cdk.json: {
  "app": "npx ts-node bin/cdk_sample_project.ts"
}
cdk.context.json: {
  "@aws-cdk/core:enableStackNameDuplicates": "true",
  "aws-cdk:enableDiffNoFail": "true"
}
merged settings: {
  versionReporting: true,
  pathMetadata: true,
  output: 'cdk.out',
  app: 'npx ts-node bin/cdk_sample_project.ts',
  context: {},
  tags: [],
  assetMetadata: true,
  toolkitBucket: {},
  staging: true
}
Setting "CDK_DEFAULT_REGION" environment variable to eu-west-1
Resolving default credentials
Retrieved account ID XXXYYYZZZ from disk cache
Setting "CDK_DEFAULT_ACCOUNT" environment variable to XXXYYYZZZ
context: {
  '@aws-cdk/core:enableStackNameDuplicates': 'true',
  'aws-cdk:enableDiffNoFail': 'true',
  'aws:cdk:enable-path-metadata': true,
  'aws:cdk:enable-asset-metadata': true
}
outdir: cdk.out
env: {
  CDK_DEFAULT_REGION: 'eu-west-1',
  CDK_DEFAULT_ACCOUNT: 'XXXYYYZZZ',
  CDK_CONTEXT_JSON: '{"@aws-cdk/core:enableStackNameDuplicates":"true","aws-cdk:enableDiffNoFail":"true","aws:cdk:enable-path-metadata":true,"aws:cdk:enable-asset-metadata":true}',
  CDK_OUTDIR: 'cdk.out',
  CDK_CLI_ASM_VERSION: '1.21.0',
  CDK_CLI_VERSION: '1.31.0'
}
Reading existing template for stack SampleStack.
This deployment will make potentially sensitive changes according to your current security approval level (--require-approval broadening).
Please confirm you intend to make the following modifications:

IAM Statement Changes
┌───┬──────────────────────────────┬────────┬─────────────────┬───────────────────────────┬──────────────────────────────────────────────────────────────┐
│   │ Resource                     │ Effect │ Action          │ Principal                 │ Condition                                                    │
├───┼──────────────────────────────┼────────┼─────────────────┼───────────────────────────┼──────────────────────────────────────────────────────────────┤
│ + │ ${CdkSampleProjectQueue.Arn} │ Allow  │ sqs:SendMessage │ Service:sns.amazonaws.com │ "ArnEquals": {                                               │
│   │                              │        │                 │                           │   "aws:SourceArn": "${CdkSampleProjectTopic}"                │
│   │                              │        │                 │                           │ }                                                            │
└───┴──────────────────────────────┴────────┴─────────────────┴───────────────────────────┴──────────────────────────────────────────────────────────────┘
(NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)

Do you wish to deploy these changes (y/n)? y
SampleStack: deploying...
Waiting for stack CDKToolkit to finish creating or updating...
checking if we can skip this stack based on the currently deployed template and tags (use --force to override)
SampleStack: template changed, deploying...
Attempting to create ChangeSet CDK-179d8450-a5f6-44bc-b7a7-e4433852a8fc to create stack SampleStack
SampleStack: creating CloudFormation changeset...
Initiated creation of changeset: arn:aws:cloudformation:eu-west-1:XXXYYYZZZ:changeSet/CDK-179d8450-a5f6-44bc-b7a7-e4433852a8fc/1e4fc14f-e233-4e98-9501-6062afba66ae; waiting for it to finish creating...
Waiting for changeset CDK-179d8450-a5f6-44bc-b7a7-e4433852a8fc on stack SampleStack to finish creating...
Changeset CDK-179d8450-a5f6-44bc-b7a7-e4433852a8fc on stack SampleStack is still creating
Initiating execution of changeset CDK-179d8450-a5f6-44bc-b7a7-e4433852a8fc on stack SampleStack
Execution of changeset CDK-179d8450-a5f6-44bc-b7a7-e4433852a8fc on stack SampleStack has started; waiting for the update to complete...
Waiting for stack SampleStack to finish creating or updating...
Stack SampleStack is still not stable (CREATE_IN_PROGRESS (User Initiated))
 0/6 | 17:55:54 | CREATE_IN_PROGRESS   | AWS::SQS::Queue        | CdkSampleProjectQueue (CdkSampleProjectQueue75A6105F)
 0/6 | 17:55:54 | CREATE_IN_PROGRESS   | AWS::CDK::Metadata     | CDKMetadata
 0/6 | 17:55:54 | CREATE_IN_PROGRESS   | AWS::SNS::Topic        | CdkSampleProjectTopic (CdkSampleProjectTopicE7C127BC)
 0/6 | 17:55:54 | CREATE_IN_PROGRESS   | AWS::SQS::Queue        | CdkSampleProjectQueue (CdkSampleProjectQueue75A6105F) Resource creation Initiated
 0/6 | 17:55:55 | CREATE_IN_PROGRESS   | AWS::SNS::Topic        | CdkSampleProjectTopic (CdkSampleProjectTopicE7C127BC) Resource creation Initiated
 0/6 | 17:55:55 | CREATE_IN_PROGRESS   | AWS::CDK::Metadata     | CDKMetadata Resource creation Initiated
 1/6 | 17:55:56 | CREATE_COMPLETE      | AWS::CDK::Metadata     | CDKMetadata
 2/6 | 17:55:56 | CREATE_COMPLETE      | AWS::SQS::Queue        | CdkSampleProjectQueue (CdkSampleProjectQueue75A6105F)
Stack SampleStack is still not stable (CREATE_IN_PROGRESS)
Stack SampleStack is still not stable (CREATE_IN_PROGRESS)
 3/6 | 17:56:05 | CREATE_COMPLETE      | AWS::SNS::Topic        | CdkSampleProjectTopic (CdkSampleProjectTopicE7C127BC)
Stack SampleStack is still not stable (CREATE_IN_PROGRESS)
 3/6 | 17:56:07 | CREATE_IN_PROGRESS   | AWS::SNS::Subscription | CdkSampleProjectQueue/SampleStackCdkSampleProjectTopic2EA28217 (CdkSampleProjectQueueSampleStackCdkSampleProjectTopic2EA282179C9C3419)
 3/6 | 17:56:07 | CREATE_IN_PROGRESS   | AWS::SQS::QueuePolicy  | CdkSampleProjectQueue/Policy (CdkSampleProjectQueuePolicy6A171CCB)
 3/6 | 17:56:07 | CREATE_IN_PROGRESS   | AWS::SQS::QueuePolicy  | CdkSampleProjectQueue/Policy (CdkSampleProjectQueuePolicy6A171CCB) Resource creation Initiated
 3/6 | 17:56:07 | CREATE_IN_PROGRESS   | AWS::SNS::Subscription | CdkSampleProjectQueue/SampleStackCdkSampleProjectTopic2EA28217 (CdkSampleProjectQueueSampleStackCdkSampleProjectTopic2EA282179C9C3419) Resource creation Initiated
 4/6 | 17:56:07 | CREATE_COMPLETE      | AWS::SQS::QueuePolicy  | CdkSampleProjectQueue/Policy (CdkSampleProjectQueuePolicy6A171CCB)
 5/6 | 17:56:08 | CREATE_COMPLETE      | AWS::SNS::Subscription | CdkSampleProjectQueue/SampleStackCdkSampleProjectTopic2EA28217 (CdkSampleProjectQueueSampleStackCdkSampleProjectTopic2EA282179C9C3419)
 6/6 | 17:56:09 | CREATE_COMPLETE      | AWS::CloudFormation::Stack | SampleStack
Stack SampleStack has completed updating

 ✅  SampleStack

Stack ARN:
arn:aws:cloudformation:eu-west-1:XXXYYYZZZ:stack/SampleStack/c2427a20-914c-11ea-89db-026197c942fe

[shivlaks]

@gustakasn0v thanks for the update! if you do end up running into the issue again, feel free to repoen and we can pick up investigation again.

closing for now.

[stevenalowe]

reopening with apparent regression in version 1.62.1 -

in a codepipeline (deployed by another codepipeline earlier, if that matters) I see

...
cdk -a assembly-InfraPipelineStack-InfraPreProdStage deploy InfraPreProdStage-DockerPipelineStack
     --require-approval=never --verbose
...
STACKS: [ 'InfraPreProdStage-DockerPipelineStack' ],
...
Error: No stack found matching 'InfraPreProdStage-DockerPipelineStack'. Use "list" to print manifest
    at CloudAssembly.selectStacks (/usr/local/lib/node_modules/aws-cdk/lib/api/cxapp/cloud-assembly.ts:114:15)
    at CdkToolkit.selectStacksForDeploy (/usr/local/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:382:35)
    at CdkToolkit.deploy (/usr/local/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:112:20)
    at initCommandLine (/usr/local/lib/node_modules/aws-cdk/bin/cdk.ts:197:9)

the name of the stack is apparently correct and seems to exist... ?

thanks! will post more if i find a workaround