Update CDK Version to v2.77.0 to fix issue with CDK Pipeline role

[gmuslia]

Feature or Bugfix

• Bugfix
• Refactoring

Detail

• The AWS Cloud Development Kit (CDK) Team recently identified an issue with the CDK Pipelines construct library that may result in unintended permissions being granted to authenticated users within your account. As of April 4, 2023, we have fixed the issue in version 1.200.0 [1] for CDK v1, and version 2.77.0 [2] for CDK v2. We strongly recommend you upgrade to one of these versions as soon as possible. Please refer to the Managing Dependencies documentation [3] in the CDK Developer Guide for instructions on how to perform the upgrade.
  Starting with versions 1.158.0 and 2.26.0, released May 30, 2022, the library creates a role that allows every identity in the same account with sts:AssumeRole permissions on Resource: * to assume it. This may result in granting privileges to authenticated users in your account allowing them to take pipeline actions beyond what was intended.

Relates

• N.A

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[dlpzx]

Hi @gmuslia, thanks for the contribution!! Fromt he docs and the code it looks good, but I will validate it before approving it.

[dlpzx]

I can confirm that upgrading to 2.77.0 solves the issue on cdk permissions being to permissive.
The following screenshot comes froma deployment with version 2.61.0. After updating the warning does not come up in cdk synth.

I can also confirm that the deployment of the data.all CICD pipeline as well as the infrastructure succeeds (deploy/requirements.txt). The same for updating environment and dataset stacks (backend/requirements.txt)

[dlpzx]

lgtm, in a separate PR we can upgrade to the latest version of cdk to ensure that we are up-to-date