We Keep Coding

CDK v2 update resulting in deployment error with Circle CI CI/CD pipeline

I have updated my cdk from version 1 to version 2, when I tried to do this locally using npm run cdk -- deploy --context awsEnv=dev --all --profile=dev, this works flawlessly.
However when the Circle CI CI/CD pipeline tries to deploy in the same dev environment, it throws an error
User: arn:aws:sts::xxxxxxxx:assumed-role/*******************************************************/jatinmehrotra is not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:**************:xxxxx:parameter/cdk-bootstrap/xxxxxxxxx/version because no identity-based policy allows the ssm:GetParameter action
SO basically Circle CI CI/CD pipeline for deployment assumes the roles and create temporary credentials using aws sts assume role command.
Note:- after updating to cdk v2 I can see a new role, which has the same name as the bootstrap ssm parameter. Does that have to do something with error?
As of now, I think the assume role credentials (even though it has sufficient permissions) are not able to access the bootstrap parameter.

After some troubleshooting and carefully reading the error logs, i manually updated the role's permission with full SSM parameters permission whose credentials are being used to deploy the resources.
This resolved the issue.

Cross Account CodePipeline permission error

I am trying to create cross account deployment using codepipeline and terraform. My codecommit repo is account A and codepipeline is in account B. I want to create trigger so that whenever I merge the branch it should trigger codepipeline to start in Account B.
I tried using Event bridge but it only sends notification. I also need source artifacts for codebuild project. So I tried using couple of articles from Medium such as this. But I am getting this error. Currently it doesn't even get to build stage fails before that
The service role or action role doesn’t have the permissions required to access the Amazon S3 bucket named artifacts-bucket-dev. Update the IAM role permissions, and then try again. Error: Amazon S3:AccessDenied:Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: K86ED6QM; S3 Extended Request ID: BsVDy7vYRyL2mavM+XbZNrWxR+y8Do=; Proxy: null)
I tried updating the role and actually gave administrator permission as I just wanted it work.

AWS eb create django-env error NotAuthorizedError - Operation Denied. Access Denied

I want to deploy my django project online.
I followed aws doc available at https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create-deploy-python-django.html
but when I got to eb create django-env section it gives me the following error
`ERROR: NotAuthorizedError - Operation Denied. Access Denied`
But I noticed in a tutorial in youtube https://www.youtube.com/watch?v=eZOzTFOMh0I at the point of
`eb init -p python-3.8 django-tutotrial`
the aws-access-id was entered. But on the one at aws doc there was nothing provided.
Please how can i go about that. Any help would be appreciated
Update
I have created user roles on my aws account and I already have the credentials on my local machine. but how to put the credentials on the deployment is the issue.

error 403 while building the app in AWS amplify

I was trying to build a simple serverless web app in AWS. So, I put my static files in codecommit and tried to host it through AWS Amplify.The AWS builds the amplify.yml for us by default, but it is failing in the build stage. I understood that there is something wrong in amplify.yml and am not getting how to configure it.
amplify.yml :
version: 1
frontend:
phases:
# IMPORTANT - Please verify your build commands
build:
commands: []
artifacts:
# IMPORTANT - Please verify your build output directory
baseDirectory: /
files:
- '**/*'
cache:
paths: []
error I was shown:
2021-01-23T15:01:54.840Z [INFO]: # Cloning repository: https://git-codecommit.us-east-
2.amazonaws.com/v1/repos/wildrydes-site
2021-01-23T15:01:55.176Z [INFO]: Cloning into 'wildrydes-site'...
2021-01-23T15:02:02.660Z [INFO]: fatal: unable to access 'https://git-codecommit.us-east-
2.amazonaws.com/v1/repos/wildrydes-site/': The requested URL returned error: 403

With the limited amount of information provided, the best I can offer is the issue is somewhere in your IAM privileges for your CodeCommit user. AWS components generally need to have the appropriate Group, Role, and/or Policy to complete the action.
Put another way: CodeCommit is giving a 403 Forbidden error because whatever is attempting doing the cloning doesn't have the right permissions. Give it the right permissions.

You can find the execution role that Amplify uses to run its builds by navigating to AWS Amplify > General (in the left-hand column). Under the Settings section, you'll see a value for the "Service role" field. It will look something like this: "arn:aws:iam:::role/service-role/AWSAmplifyExecutionRole-xxxx".
Once you find that, navigate to IAM > Roles and search for the service role that you just found (AWSAmplifyExecutionRole-xxxx) and click on it. Then click "Attach policies". Search for the "AWSCodeCommitReadOnly" policy and attach it to the role.
You should be able to clone your CodeCommit repository in your Amplify build now.

Error in deploying SAM script from AWS Educate account Cloud9 console

I am new to using AWS and Serverless Application Model (SAM). While following the GitHub of one of the recent AWS Virtual Workshop, I am facing problem in SAM deployment.
In particular, while following the module 1, these are the steps they provide (All these steps are performed from Cloud9 terminal):
Find the Account Id.
accountId=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .accountId)
Name the S3 bucket appending the Account Id
s3_deploy_bucket="theme-park-sam-deploys-${accountId}"
Create the s3 bucket with that name.
aws s3 mb s3://$s3_deploy_bucket
Go to the appropriate directory with SAM YAML file.
Package
sam package --output-template-file packaged.yaml --s3-bucket $s3_deploy_bucket
Deploy
sam deploy --template-file packaged.yaml --stack-name theme-park-ride-times --capabilities CAPABILITY_IAM
All the steps work well until step 5. On executing step 6, after the successful creation of a few resources, I am facing an error on a particular creation and it fails. This results in a rollback and all created resources are also deleted.
ResourceStatus: CREATE_FAILED
ResourceType: AWS::Events::Rule
LogicalResourceId': UpdateRidesUpdateRidesEvent
ResourceStatusReason: User: arn:aws:sts::969009900039:assumed-role/vocstartsoft/user810955=ameya.181co205#nitk.edu.in is not authorized to perform: events:PutRule on resource:arn:aws:events:us-east-1:969009900039:rule/theme-park-ride-times-UpdateRidesUpdateRidesEvent-1C6BYBO984UL7 with an explicit deny (Service: AmazonCloudWatchEvents; Status Code: 400; Error Code: AccessDeniedException; Request ID: c6d8162d-a3f1-405f-b6e8-2fd5437c4392)
Please let me the solution to this problem. Thanks in Advance.

Since you are using AWS Educate Starter Account, you have a lot of limitations imposed on what you can and can't do in your sandbox account.
The general list of what is allowed is:
AWS Services Supported with AWS Educate Starter Account
Also note that this is not exhaustive list:
Some services may have additional restrictions as described in the table below.
The error message you got is an explicit deny. This means that you aren't allowed to do what you are attempting due to limitations of the starter account.
An alternative to using the start account, is using having your account (an option only for educators on AWS Educate). This way, if you are educator, AWS Educate could provide you credits towards your classes. But since you use your own account, you would have full control over it.
If the error you are facing is part of a classroom or tutorial they provide, you may contact their customer support. If this deny prohibits you from completing their own tutorials or classrooms, they should be able to fix that.