'AWS CDK bootstrap' action YAML
The following is the YAML definition of the AWS CDK bootstrap action. To learn how to use this action, see Bootstrapping an AWS CDK app with a workflow.
This action definition exists as a section within a broader workflow definition file. For more information about this file, see Workflow YAML definition.
Note
Most of the YAML properties that follow have corresponding UI elements in the visual editor. To look up a UI element, use Ctrl+F. The element will be listed with its associated YAML property.
# The workflow definition starts here.
# See Top-level properties for details.
Name: MyWorkflow
SchemaVersion: 1.0
Actions:
# The action definition starts here.
CDKBootstrapAction_nn:
Identifier: aws/cdk-bootstrap@v2
DependsOn:
- action-name
Compute:
Type: EC2 | Lambda
Fleet: fleet-name
Timeout: timeout-minutes
Inputs:
# Specify a source or an artifact, but not both.
Sources:
- source-name-1
Artifacts:
- artifact-name
Outputs:
Artifacts:
- Name: cdk_bootstrap_artifacts
Files:
- "cdk.out/**/*"
Environment:
Name: environment-name
Connections:
- Name: account-connection-name
Role: iam-role-name
Configuration:
Region: us-west-2
CdkCliVersion: versionCDKBootstrapAction
(Required)
Specify the name of the action. All action names must be unique within the workflow. Action names are limited to alphanumeric characters (a-z, A-Z, 0-9), hyphens (-), and underscores (_). Spaces are not allowed. You cannot use quotation marks to enable special characters and spaces in action names.
Default: CDKBootstrapAction_nn.
Corresponding UI: Configuration tab/Action display name
Identifier
(CDKBootstrapAction/Identifier)
(Required)
Identifies the action. Do not change this property unless you want to change the version. For more information, see Specifying the action version to use.
Note
Specifying aws/cdk-bootstrap@v2 causes the action to run on the March 2024 image which includes newer tooling such as
Node.js 18. Specifying aws/cdk-bootstrap@v1 causes the action to run on the November 2022 image which includes older tooling such
as Node.js 16.
Default: aws/cdk-bootstrap@v2.
Corresponding UI: Workflow diagram/CDKBootstrapAction_nn/aws/cdk-bootstrap@v2 label
DependsOn
(CDKBootstrapAction/DependsOn)
(Optional)
Specify an action, action group, or gate that must run successfully in order for this action to run.
For more information about the 'depends on' functionality, see Sequencing actions.
Corresponding UI: Inputs tab/Depends on - optional
Compute
(CDKBootstrapAction/Compute)
(Optional)
The computing engine used to run your workflow actions. You can specify compute either at the workflow level or at the action level, but not both. When specified at the workflow level, the compute configuration applies to all actions defined in the workflow. At the workflow level, you can also run multiple actions on the same instance. For more information, see Sharing compute across actions.
Corresponding UI: none
Type
(CDKBootstrapAction/Compute/Type)
(Required if Compute is included)
The type of compute engine. You can use one of the following values:
-
EC2 (visual editor) or
EC2(YAML editor)Optimized for flexibility during action runs.
-
Lambda (visual editor) or
Lambda(YAML editor)Optimized action start-up speeds.
For more information about compute types, see Compute types.
Corresponding UI: Configuration tab/Advanced - optional/Compute type
Fleet
(CDKBootstrapAction/Compute/Fleet)
(Optional)
Specify the machine or fleet that will run your workflow or workflow actions. With on-demand fleets, when an action starts, the workflow provisions the resources it needs, and the machines are destroyed when the action finishes. Examples of on-demand fleets: Linux.x86-64.Large, Linux.x86-64.XLarge. For more information about on-demand fleets, see On-demand fleet properties.
With provisioned fleets, you configure a set of dedicated machines to run your workflow actions. These machines remain idle, ready to process actions immediately. For more information about provisioned fleets, see Provisioned fleet properties.
If Fleet is omitted, the default is Linux.x86-64.Large.
Corresponding UI: Configuration tab/Advanced - optional/Compute fleet
Timeout
(CDKBootstrapAction/Timeout)
(Required)
Specify the amount of time in minutes (YAML editor), or hours and minutes (visual editor), that the action can run before CodeCatalyst ends the action. The minimum is 5 minutes and the maximum is described in Quotas for workflows in CodeCatalyst. The default timeout is the same as the maximum timeout.
Corresponding UI: Configuration tab/Timeout - optional
Inputs
(CDKBootstrapAction/Inputs)
(Optional)
The Inputs section defines the data that the AWS CDK
bootstrap action needs during a workflow run.
Corresponding UI: Inputs tab
Note
Only one input (either a source or an artifact) is allowed for each AWS CDK bootstrap action.
Sources
(CDKBootstrapAction/Inputs/Sources)
(Required if your AWS CDK app is stored in a source repository)
If your AWS CDK app is stored in a source repository, specify the label of that source
repository. The AWS CDK bootstrap action synthesizes the app in this
repository before starting the bootstrapping process. Currently, the only supported repository
label is WorkflowSource.
If your AWS CDK app is not contained within a source repository, it must reside in an artifact generated by another action.
For more information about sources, see Connecting source repositories to workflows.
Corresponding UI: Inputs tab/Sources - optional
Artifacts - input
(CDKBootstrapAction/Inputs/Artifacts)
(Required if your AWS CDK app is stored in an output artifact from a previous action)
If your AWS CDK app is contained in an artifact generated by a previous action, specify that artifact here. The AWS CDK bootstrap action synthesizes the app in the specified artifact into a CloudFormation template before starting the bootstrapping process. If your AWS CDK app is not contained within an artifact, it must reside in your source repository.
For more information about artifacts, including examples, see Sharing artifacts and files between actions.
Corresponding UI: Inputs tab/Artifacts - optional
Outputs
(CDKBootstrapAction/Outputs)
(Optional)
Defines the data that is output by the action during a workflow run.
Corresponding UI: Outputs tab
Artifacts - output
(CDKBootstrapAction/Outputs/Artifacts)
(Optional)
Specify the artifacts generated by the action. You can reference these artifacts as input in other actions.
For more information about artifacts, including examples, see Sharing artifacts and files between actions.
Corresponding UI: Outputs tab/Artifacts
Name
(CDKBootstrapAction/Outputs/Artifacts/Name)
(Required if Artifacts - output is included)
Specify the name of the artifact that will contain the AWS CloudFormation template that is synthesized by
the AWS CDK bootstrap action at runtime. The default value is
cdk_bootstrap_artifacts. If you do not specify an artifact, then the action
synthesizes the template, but won't save it in an artifact.
Consider saving the
synthesized template in an artifact to preserve a record of it for testing or troubleshooting
purposes.
Corresponding UI: Outputs tab/Artifacts/Add artifact/Build artifact name
Files
(CDKBootstrapAction/Outputs/Artifacts/Files)
(Required if Artifacts - output is included)
Specify the files to include in the artifact. You must specify
"cdk.out/**/*" to include your AWS CDK app's synthesized AWS CloudFormation template.
Note
cdk.out is the default directory into which
synthesized files are saved. If you specified an output directory other than cdk.out in your
cdk.json file, specify that directory here instead of
cdk.out.
Corresponding UI: Outputs tab/Artifacts/Add artifact/Files produced by build
Environment
(CDKBootstrapAction/Environment)
(Required)
Specify the CodeCatalyst environment to use with the action. The action connects to the AWS account and optional Amazon VPC specified in the chosen environment. The action uses the default IAM role specified in the environment to connect to the AWS account, and uses the IAM role specified in the Amazon VPC connection to connect to the Amazon VPC.
Note
If the default IAM role does not have the permissions required by the action, you can configure the action to use a different role. For more information, see Changing the IAM role of an action.
For more information about environments, see Deploying into AWS accounts and VPCs and Creating an environment.
Corresponding UI: Configuration tab/Environment
Name
(CDKBootstrapAction/Environment/Name)
(Required if Environment is included)
Specify the name of an existing environment that you want to associate with the action.
Corresponding UI: Configuration tab/Environment
Connections
(CDKBootstrapAction/Environment/Connections)
(Optional in newer versions of the action; required in older versions)
Specify the account connection to associate with the action. You can specify a maximum of
one account connection under Environment.
If you do not specify an account connection:
-
The action uses the AWS account connection and default IAM role specified in the environment in the CodeCatalyst console. For information about adding an account connection and default IAM role to environment, see Creating an environment.
-
The default IAM role must include the policies and permissions required by the action. To determine what those policies and permissions are, see the description of the Role property in the action's YAML definition documentation.
For more information about account connections, see Allowing access to AWS resources with connected AWS accounts. For information about adding an account connection to an environment, see Creating an environment.
Corresponding UI: One of the following depending on the action version:
-
(Newer versions) Configuration tab/Environment/What's in
my-environment?/three dot menu/Switch role -
(Older versions) Configuration tab/'Environment/account/role'/AWS account connection
Name
(CDKBootstrapAction/Environment/Connections/Name)
(Required if Connections is included)
Specify the name of the account connection.
Corresponding UI: One of the following depending on the action version:
-
(Newer versions) Configuration tab/Environment/What's in
my-environment?/three dot menu/Switch role -
(Older versions) Configuration tab/'Environment/account/role'/AWS account connection
Role
(CDKBootstrapAction/Environment/Connections/Role)
(Required if Connections is included)
Specify the name of the IAM role that the AWS CDK bootstrap action uses to access AWS and add the bootstrap stack. Make sure that you have added the role to your CodeCatalyst space, and that the role includes the following policies.
If you do not specify an IAM role, then the action uses the default IAM role listed in the environment in the CodeCatalyst console. If you use the default role in the environment, make sure it has the following policies.
Note
The permissions shown in the following permissions policy are those required by the
cdk bootstrap command to perform its bootstrapping at the time of writing.
These permissions may change if the AWS CDK changes its bootstrap command.
Warning
Only use this role with the AWS CDK bootstrap action. It is very permissive, and using it with other actions might pose a security risk.
-
The following permissions policy:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "iam:GetRole", "ssm:GetParameterHistory", "ecr:PutImageScanningConfiguration", "cloudformation:*", "iam:CreateRole", "iam:AttachRolePolicy", "ssm:GetParameters", "iam:PutRolePolicy", "ssm:GetParameter", "ssm:DeleteParameters", "ecr:DeleteRepository", "ssm:PutParameter", "ssm:DeleteParameter", "iam:PassRole", "ecr:SetRepositoryPolicy", "ssm:GetParametersByPath", "ecr:DescribeRepositories", "ecr:GetLifecyclePolicy" ], "Resource": [ "arn:aws:ssm:aws-region:aws-account:parameter/cdk-bootstrap/*", "arn:aws:cloudformation:aws-region:aws-account:stack/CDKToolkit/*", "arn:aws:ecr:aws-region:aws-account:repository/cdk-*", "arn:aws:iam::aws-account:role/cdk-*" ] }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "cloudformation:RegisterType", "cloudformation:CreateUploadBucket", "cloudformation:ListExports", "cloudformation:DescribeStackDriftDetectionStatus", "cloudformation:SetTypeDefaultVersion", "cloudformation:RegisterPublisher", "cloudformation:ActivateType", "cloudformation:ListTypes", "cloudformation:DeactivateType", "cloudformation:SetTypeConfiguration", "cloudformation:DeregisterType", "cloudformation:ListTypeRegistrations", "cloudformation:EstimateTemplateCost", "cloudformation:DescribeAccountLimits", "cloudformation:BatchDescribeTypeConfigurations", "cloudformation:CreateStackSet", "cloudformation:ListStacks", "cloudformation:DescribeType", "cloudformation:ListImports", "s3:*", "cloudformation:PublishType", "ecr:CreateRepository", "cloudformation:DescribePublisher", "cloudformation:DescribeTypeRegistration", "cloudformation:TestType", "cloudformation:ValidateTemplate", "cloudformation:ListTypeVersions" ], "Resource": "*" } ] }Note
The first time the role is used, use the following wildcard in the resource policy statement and then scope down the policy with the resource name after it is available.
"Resource": "*" -
The following custom trust policy:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": [ "codecatalyst-runner.amazonaws.com", "codecatalyst.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }
Note
You can use the CodeCatalystWorkflowDevelopmentRole- role with this action, if you'd like.
For more information about this role, see Creating the CodeCatalystWorkflowDevelopmentRole-spaceName role for your account
and space. Understand that the spaceNameCodeCatalystWorkflowDevelopmentRole- role has
full access permissions which may pose a security risk. We recommend that you only use this
role in tutorials and scenarios where security is less of a concern. spaceName
Corresponding UI: One of the following depending on the action version:
-
(Newer versions) Configuration tab/Environment/What's in
my-environment?/three dot menu/Switch role -
(Older versions) Configuration tab/'Environment/account/role'/Role
Configuration
(CDKBootstrapAction/Configuration)
(Required)
A section where you can define the configuration properties of the action.
Corresponding UI: Configuration tab
Region
(CDKBootstrapAction/Configuration/Region)
(Required)
Specify the AWS Region into which the bootstrap stack will be deployed. This Region should match the one into which your AWS CDK app is deployed. For a list of Region codes, see Regional endpoints.
Corresponding UI: Configuration tab/Region
CdkCliVersion
(CDKBootstrapAction/Configuration/CdkCliVersion)
(Optional)
This property is available with version 1.0.13 or later of the AWS CDK deploy action, and version 1.0.8 or later of the AWS CDK bootstrap action.
Specify one of the following:
-
The full version of the AWS Cloud Development Kit (AWS CDK) Command Line Interface (CLI) (also called the AWS CDK Toolkit) that you want this action to use. Example:
2.102.1. Consider specifying a full version to ensure consistency and stability when building and deploying your application.Or
-
latest. Consider specifyinglatestto take advantage of the latest features and fixes of the CDK CLI.
The action will download the specified version (or the latest version) of the AWS CDK CLI to the CodeCatalyst build image, and then use this version to run the commands necessary to deploy your CDK application or bootstrap your AWS environment.
For a list of supported CDK CLI versions you can use, see AWS CDK Versions.
If you omit this property, the action uses a default AWS CDK CLI version described in one of the following topics:
Corresponding UI: Configuration tab/AWS CDK CLI version
