"AWS CDK bootstrap" action reference - Amazon CodeCatalyst

"AWS CDK bootstrap" action reference

The following is the action definition YAML reference for the AWS CDK bootstrap action. To learn how to use this action, see Adding the "AWS CDK bootstrap" action.

Note

Most of the YAML properties that follow have corresponding UI elements in the visual editor. To look up a UI element, use Ctrl+F. The element will be listed with its associated YAML property.

# The workflow definition starts here. # See Top-level properties for details. Name: MyWorkflow SchemaVersion: 1.0 Actions: # The action definition starts here. CDKBootstrapAction_nn: Identifier: aws/cdk-bootstrap@v1 DependsOn: - action-name Compute: - Type: EC2 | Lambda - Fleet: fleet-name Timeout: timeout-minutes Inputs: # Specify a source or an artifact, but not both. Sources: - source-name-1 Artifacts: - artifact-name Outputs: Artifacts: - Name: cdk_bootstrap_artifacts Files: - "cdk.out/**/*" Environment: Name: environment-name Connections: - Name: account-connection-name Role: iam-role-name Configuration: Region: us-west-2

CDKBootstrapAction

(Required)

Specify the name of the action. All action names must be unique. Action names are limited to alphanumeric characters (a-z, A-Z, 0-9), hyphens (-), and underscores (_). Spaces are not allowed. You cannot use quotation marks to enable special characters and spaces in action names.

Default: CDKBootstrapAction_nn.

Corresponding UI: Configuration tab/Action display name

Identifier

(CDKBootstrapAction/Identifier)

(Required)

Identifies the action. Do not change this property.

Default: aws/cdk-bootstrap@v1.

Corresponding UI: Workflow diagram/CDKBootstrapAction_nn/aws/cdk-bootstrap@v1 label

DependsOn

(CDKBootstrapAction/DependsOn)

(Optional)

Specify an action or action group that must run successfully in order for this action to run.

For more information about the 'depends on' functionality, see Configuring actions to depend on other actions.

Corresponding UI: Inputs tab/Depends on - optional

Compute

(CDKBootstrapAction/Compute)

(Optional)

The computing engine used to run your workflow actions. You can specify compute either at the workflow level or at the action level, but not both. When specified at the workflow level, the compute configuration applies to all actions defined in the workflow. This compute is not shared however, as a separate compute is spun up for each action.

Corresponding UI: none

Type

(CDKBootstrapAction/Compute/Type)

(Required if Compute is included)

The type of compute engine. You can use one of the following values:

  • EC2 (visual editor) or EC2 (YAML editor)

    Optimized for flexibility during action runs.

  • Lambda (visual editor) or Lambda (YAML editor)

    Optimized action start-up speeds.

For more information about compute types, see About compute types.

Corresponding UI: Configuration tab/Advanced - optional/Compute type

Fleet

(CDKBootstrapAction/Compute/Fleet)

(Optional)

Specify the machine or fleet that will run your workflow or workflow actions. With on-demand fleets, when an action starts, the workflow provisions the resources it needs, and the machines are destroyed when the action finishes. Examples of on-demand fleets: Linux.x86-64.Large, Linux.x86-64.XLarge. For more information about on-demand fleets, see On-demand fleet properties.

With provisioned fleets, you configure a set of dedicated machines to run your workflow actions. These machines remain idle, ready to process actions immediately. For more information about provisioned fleets, see Provisioned fleet properties.

If Fleet is omitted, the default is Linux.x86-64.Large.

Corresponding UI: Configuration tab/Advanced - optional/Compute fleet

Timeout

(CDKBootstrapAction/Timeout)

(Required)

Specify the amount of time in minutes (YAML editor), or hours and minutes (visual editor), that the action can run before CodeCatalyst ends the action. The minimum is 5 minutes and the maximum is 8 hours. The default is 8 hours (480 minutes).

Corresponding UI: Configuration tab/Timeout - optional

Inputs

(CDKBootstrapAction/Inputs)

(Optional)

The Inputs section defines the data that the AWS CDK bootstrap action needs during a workflow run.

Corresponding UI: Inputs tab

Note

Only one input (either a source or an artifact) is allowed for each AWS CDK bootstrap action.

Sources

(CDKBootstrapAction/Inputs/Sources)

(Required if your AWS CDK app is stored in a source repository)

If your AWS CDK app is stored in a source repository, specify the label of that source repository. The AWS CDK bootstrap action synthesizes the app in this repository before starting the bootstrapping process. Currently, the only supported repository label is WorkflowSource.

If your AWS CDK app is not contained within a source repository, it must reside in an artifact generated by another action.

For more information about sources, see Working with sources.

Corresponding UI: Inputs tab/Sources - optional

Artifacts - input

(CDKBootstrapAction/Inputs/Artifacts)

(Required if your AWS CDK app is stored in an output artifact from a previous action)

If your AWS CDK app is contained in an artifact generated by a previous action, specify that artifact here. The AWS CDK bootstrap action synthesizes the app in the specified artifact into a CloudFormation template before starting the bootstrapping process. If your AWS CDK app is not contained within an artifact, it must reside in your source repository.

For more information about artifacts, including examples, see Working with artifacts.

Corresponding UI: Inputs tab/Artifacts - optional

Outputs

(CDKBootstrapAction/Outputs)

(Optional)

Defines the data that is output by the action during a workflow run.

Corresponding UI: Outputs tab

Artifacts - output

(CDKBootstrapAction/Outputs/Artifacts)

(Optional)

Specify the artifacts generated by the action. You can reference these artifacts as input in other actions.

For more information about artifacts, including examples, see Working with artifacts.

Corresponding UI: Outputs tab/Artifacts

Name

(CDKBootstrapAction/Outputs/Artifacts/Name)

(Required if Artifacts - output is included)

Specify the name of the artifact that will contain the AWS CloudFormation template that is synthesized by the AWS CDK bootstrap action at runtime. The default value is cdk_bootstrap_artifacts. If you do not specify an artifact, then the action synthesizes the template, but won't save it in an artifact. Consider saving the synthesized template in an artifact to preserve a record of it for testing or troubleshooting purposes.

Corresponding UI: Outputs tab/Artifacts/Add artifact/Build artifact name

Files

(CDKBootstrapAction/Outputs/Artifacts/Files)

(Required if Artifacts - output is included)

Specify the files to include in the artifact. You must specify "cdk.out/**/*" to include your AWS CDK app's synthesized AWS CloudFormation template.

Note

cdk.out is the default directory into which synthesized files are saved. If you specified an output directory other than cdk.out in your cdk.json file, specify that directory here instead of cdk.out.

Corresponding UI: Outputs tab/Artifacts/Add artifact/Files produced by build

Environment

(CDKBootstrapAction/Environment)

(Required)

Specify the CodeCatalyst environment to use with the action.

For more information about environments, see Working with environments and Creating an environment.

Corresponding UI: Configuration tab/'Environment/account/role'/Environment

Name

(CDKBootstrapAction/Environment/Name)

(Required)

Specify the name of an existing environment that you want to associate with the action.

Corresponding UI: Configuration tab/'Environment/account/role'/Environment

Connections

(CDKBootstrapAction/Environment/Connections)

(Required)

Specify the account connection to associate with the action.

For more information about account connections, see Adding AWS accounts. For information about how to associate an account connection with your environment, see Creating an environment.

Corresponding UI: Configuration tab/'Environment/account/role'/AWS account connection

Name

(CDKBootstrapAction/Environment/Connections/Name)

(Required)

Specify the name of the account connection.

Corresponding UI: Configuration tab/'Environment/account/role'/AWS account connection

Role

(CDKBootstrapAction/Environment/Connections/Role)

(Required)

Specify the name of the IAM role that the AWS CDK bootstrap action uses to access AWS and add the bootstrap stack. Make sure that this role includes the following policies:

Note

The permissions shown in the following permissions policy are those required by the cdk bootstrap command to perform its bootstrapping. These permissions may change if the AWS CDK changes its bootstrap command.

Warning

Only use this role with the AWS CDK bootstrap action. It is very permissive, and using it with other actions might pose a security risk.

  • The following permissions policy:

    Warning

    Limit the permissions to those shown in the following policy. Using a role with broader permissions might pose a security risk.

    { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "iam:GetRole", "ssm:GetParameterHistory", "ecr:PutImageScanningConfiguration", "cloudformation:*", "iam:CreateRole", "iam:AttachRolePolicy", "ssm:GetParameters", "iam:PutRolePolicy", "ssm:GetParameter", "ssm:DeleteParameters", "ecr:DeleteRepository", "ssm:PutParameter", "ssm:DeleteParameter", "iam:PassRole", "ecr:SetRepositoryPolicy", "ssm:GetParametersByPath", "ecr:DescribeRepositories", "ecr:GetLifecyclePolicy" ], "Resource": [ "arn:aws:ssm:aws-region:aws-account:parameter/cdk-bootstrap/*", "arn:aws:cloudformation:aws-region:aws-account:stack/CDKToolkit/*", "arn:aws:ecr:aws-region:aws-account:repository/cdk-*", "arn:aws:iam::aws-account:role/cdk-*" ] }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "cloudformation:RegisterType", "cloudformation:CreateUploadBucket", "cloudformation:ListExports", "cloudformation:DescribeStackDriftDetectionStatus", "cloudformation:SetTypeDefaultVersion", "cloudformation:RegisterPublisher", "cloudformation:ActivateType", "cloudformation:ListTypes", "cloudformation:DeactivateType", "cloudformation:SetTypeConfiguration", "cloudformation:DeregisterType", "cloudformation:ListTypeRegistrations", "cloudformation:EstimateTemplateCost", "cloudformation:DescribeAccountLimits", "cloudformation:BatchDescribeTypeConfigurations", "cloudformation:CreateStackSet", "cloudformation:ListStacks", "cloudformation:DescribeType", "cloudformation:ListImports", "s3:*", "cloudformation:PublishType", "ecr:CreateRepository", "cloudformation:DescribePublisher", "cloudformation:DescribeTypeRegistration", "cloudformation:TestType", "cloudformation:ValidateTemplate", "cloudformation:ListTypeVersions" ], "Resource": "*" } ] }
    Note

    The first time the role is used, use the following wildcard in the resource policy statement and then scope down the policy with the resource name after it is available.

    "Resource": "*"
  • The following custom trust policy:

    { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": [ "codecatalyst-runner.amazonaws.com", "codecatalyst.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }

Make sure that this role is added to your account connection. To learn more about adding an IAM role to an account connection, see Adding the codecatalyst-dev-admin-spaceName role or existing IAM roles to account connections.

Note

You can specify the name of the codecatalyst-dev-admin-spaceName role here, if you'd like. For more information about this role, see Creating the codecatalyst-dev-admin-spaceName role for your account and space. Understand that the codecatalyst-dev-admin-spaceName role has very broad permissions which may pose a security risk. We recommend that you only use this role in tutorials and scenarios where security is less of a concern.

Corresponding UI: Configuration tab/'Environment/account/role'/Role

Configuration

(CDKBootstrapAction/Configuration)

(Required)

A section where you can define the configuration properties of the action.

Corresponding UI: Configuration tab

Region

(CDKBootstrapAction/Configuration/Region)

(Required)

Specify the AWS Region into which the bootstrap stack will be deployed. This Region should match the one into which your AWS CDK app is deployed. For a list of Region codes, see Regional endpoints.

Corresponding UI: Configuration tab/Region