(codebuild): more friendly exception message related to build of Codebuild project

[HsiehShuJeng]

Description

I created a CDK application to deploy a Codebuild project. When deploying the project via cdk deploy after executing npm install, npm run build, cdk synth, and cdk diff with success, I got the following exception message:

MusesCodeBuild failed: Error [ValidationError]: Template error: Fn::Select  cannot select nonexistent value at index 5
    at Request.extractError (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/protocol/query.js:50:29)
    at Request.callListeners (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
    at Request.emit (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/request.js:688:14)
    at Request.transition (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/request.js:690:12)
    at Request.callListeners (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/sequential_executor.js:116:18) {
  code: 'ValidationError',
  time: 2021-03-26T02:39:14.857Z,
  requestId: '36065d78-492b-44cc-897d-68d17bacb2dc',
  statusCode: 400,
  retryable: false,
  retryDelay: 43.21835820358078
}
Template error: Fn::Select  cannot select nonexistent value at index 5

I searched the json template under cdk.out with Fn::Select: and finally figured out the problem is at the assignment of the role that the Codebuild project will utilize. In this case, I intended to import an external existing IAM role by Role.fromRoleArn(), and a colon is missing between iam and ACCOUNT_ID as the ARN of the IAM role.

Reproduction Steps

1. create a role for a Codebuild project whose name is similar to test01-AwsCicd-ap-northeast-1-CodeBuildRole.
2. create a CDK project for creating a Codebuild project where its role is the assignment of an existing IAM role and omit a colon between iam and ACCOUNT_ID as the ARN of the role.

// a brief example that reproduces the case
import * as codebuild from "@aws-cdk/aws-codebuild";
import * as s3 from "@aws-cdk/aws-s3";
import { Role } from "@aws-cdk/aws-iam";

const GeneralCodeBuildRoleArn = `arn:${cdk.Aws.PARTITION}:iam:${cdk.Aws.ACCOUNT_ID}:role/${process.env.DEPLOYMENT_ENV}-AwsCicd-${cdk.Aws.REGION}-CodeBuildRole`;
const musesCodeBuildProject = new codebuild.Project(this, "CodeBuildProject", {
      .
      .
      .
      .
      .                                                        
      role: Role.fromRoleArn(this, "CodeBuildRole", GeneralCodeBuildRoleArn),
      .
      .
      .
    });

What did you expect to happen?

I expect that in the error message, a more vivid message can be presented, such as something wrong is at the argument of role or something wrong related to the import of an external IAM role.

What actually happened?

MusesCodeBuild failed: Error [ValidationError]: Template error: Fn::Select  cannot select nonexistent value at index 5
    at Request.extractError (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/protocol/query.js:50:29)
    at Request.callListeners (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
    at Request.emit (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/request.js:688:14)
    at Request.transition (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/request.js:690:12)
    at Request.callListeners (/usr/local/lib/node_modules/aws-cdk/node_modules/aws-sdk/lib/sequential_executor.js:116:18) {
  code: 'ValidationError',
  time: 2021-03-26T02:39:14.857Z,
  requestId: '36065d78-492b-44cc-897d-68d17bacb2dc',
  statusCode: 400,
  retryable: false,
  retryDelay: 43.21835820358078
}
Template error: Fn::Select  cannot select nonexistent value at index 5

Environment

• CDK CLI Version : 1.95.1
• Framework Version:
• Node.js Version: v15.12.0
• OS :

ProductName:	macOS
ProductVersion:	11.2.3
BuildVersion:	20D91

• Language (Version): TypeScript (4.2.3)

Other

---

This is 🐛 Bug Report

[skinny85]

Thanks for opening the issue @HsiehShuJeng! I think you're right, I submitted a PR to fail faster for this error: #13821.

Thanks,
Adam

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.