CodePipeline: Maximum policy size of 10240 bytes exceeded for role xxx #19243
Labels
@aws-cdk/aws-codepipeline
Related to AWS CodePipeline
bug
This issue is a bug.
duplicate
This issue is a duplicate.
What is the problem?
We have a CDK pipeline that creates several other CodePipelines during its execution. Most of the pipelines it creates deploy one or two CloudFormation stacks to various accounts. However, we recently attempted to add a new pipeline that deploys 5 CloudFormation stacks. Afterward we encountered the following error with the Logical ID xxxRoleDefaultPolicyxxx:
It seems that more AssumeRole statements are added to the role as we add stacks to the pipeline until the stack update is cancelled due to exceeding the maximum policy size.
The following are a few examples of the PolicyDocument statements added automatically:
It seems that there are some policies created by CDK pipeline that grow in proportion to the number of resources in the child pipeline, so that after a certain point there is no way to deploy the CDK pipeline.
This has caused us not to be able to deploy all the stacks from a single stage in this wave, which resulted in extra engineer effort for the deployment.
Is there any way to prevent the policy from growing unbounded like this?
Please let us know if you need additional snippets from the generated template or anything else.
Reproduction Steps
--
What did you expect to happen?
The new CodePipeline that deploys 5 CloudFormation stacks in our CDK pipeline gets executed without any issues.
What actually happened?
Some policies created by CDK pipeline that grow in proportion to the number of resources in the child pipeline, so that after a certain point there is no way to deploy the CDK pipeline.
CDK CLI Version
2.4.0
Framework Version
No response
Node.js Version
--
OS
--
Language
Typescript
Language Version
4.4.2
Other information
No response
The text was updated successfully, but these errors were encountered: