-
Notifications
You must be signed in to change notification settings - Fork 9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS CodePipeline: CloudFormation Deploy CreateChangeSet, role_arn empty #13121
Comments
Apparently for this there are no checks in place, to get the role_arn applied the stage needs a ChangeSetName parameter like this: action {
name = "CreateChangeSet"
category = "Deploy"
owner = "AWS"
provider = "CloudFormation"
input_artifacts = ["build"]
role_arn = module.iam_cloudformation.role_arn
version = 1
run_order = 1
configuration = {
ActionMode = "CHANGE_SET_REPLACE"
Capabilities = "CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND"
OutputFileName = "ChangeSetOutput.json"
StackName = var.stack_name
TemplatePath = "build::templated.yaml"
ChangeSetName = "${var.stack_name}-deploy"
}
} Then it will work |
I thought it worked, it's inconsistent. I've changed the pipeline a few times and now done a complete redeployment and the role_arn does not get applied "Action execution failed updated the original bug report with an example when you update the stack, Terraform removes the role_arn configuration |
I fixed the issue by setting the RoleArn in the configuration block as well, that makes the role_arn in the action block completely useless. Which should, if I'm not mistaken, be the only role_arn you need to set to make this work. action {
name = "CreateChangeSet"
category = "Deploy"
owner = "AWS"
provider = "CloudFormation"
input_artifacts = ["build"]
role_arn = module.iam_cloudformation.role_arn
version = 1
run_order = 1
configuration = {
ActionMode = "CHANGE_SET_REPLACE"
Capabilities = "CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND"
OutputFileName = "ChangeSetOutput.json"
RoleArn = module.iam_cloudformation.role_arn
StackName = var.stack_name
TemplatePath = "build::packaged.yaml"
ChangeSetName = "${var.stack_name}-deploy"
TemplateConfiguration = "build::configuration.json"
}
} |
@rpstreef I encountered the same problem but the way I read it, the |
I still face the same issue. Is there any fix for this? role_arn was not picked by stage. |
Is there an equivalent action of "DeploymentTargets" for configuration? so that I can deploy in a different account. |
Hey all 👋 Thank you for filing this issue, and for the continued discussion around it. It looks like the answer for the original issue was provided above, so I'm going to go ahead and close this issue out. If you have additional questions, we would ask that you either open a separate issue (if what you're experiencing seems to be a bug), or submit a new topic in the AWS provider section of Discuss. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Terraform Version
Terraform v0.12.24
Affected Resource(s)
Terraform Configuration Files
The module that tries to execute a CloudFormation change set and then execute:
https://github.com/rpstreef/terraform-aws-codepipeline-sam
Expected Behavior
The CloudFormation Role ARN should have been applied to the Deploy stage, action "CreateChangeSet"
Actual Behavior
The role arn is not applied to the CloudFormation Deploy CreateChangeSet stage, and at execution it will fail.
When you update the stack, it actively removes the
role_arn
, but the configuration has not changed:Steps to Reproduce
./env/dev/dev.tfvars
to fit your own environment (e.g. the profile should point to your own AWS profile). and setup theremote-backend.tf
, create or reuse an S3 bucket.The text was updated successfully, but these errors were encountered: