Hello all. I updated SST to 0.69 along with all my other packages. Everything was working well until then. I'm running into this erorr upon sst start :

current credentials could not be used to assume 'arn:aws:iam::055101007100:role/cdk-hnb659fds-deploy-role-XXX-us-west-2', but are for the right account. Proceeding anyway.

❌  DEV-ERIK-dwam-back-debug-stack failed: Error: DEV-ERIK-dwam-back-debug-stack: User: arn:aws:iam::XXX:user/dev_admin is not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:us-west-2:XXX:parameter/cdk-bootstrap/hnb659fds/version because no identity-based policy allows the ssm:GetParameter action

I am already passing a --role-arn parameter to sst start which has that ssm permission and it worked well using that role to build the debug stack but it's apparently not using it for deploying. Based on the first line I have also tried to give the iam:passRole also to that CDK role but that didn't change anything either... Any help is appreciated.

Hey @Erik Robertson, did this started happening after updating to 0.69.0?

Yes @Frank that is correct

I see. Which version were u on that worked?

I see that the last time I updated sst was on Jan 5th, so whatever was latest back then. And here's my sst start call (which worked perfectly in the past BTW): sst start --role-arn arnawsiamXXXrole/DWAM-SST-CloudFormation-Role(XXX is my account #)

Ah I see. So we moved from using CDK v1 to CDK v2 in 0.59.0, which was released on Jan 13. So you were most likely on CDK v1 before.

Indeed I did already do a number of changes earlier today in regards to CDK V2. Until that error, all had gone well (to build the stack) by doing those changes in the role only. I will test your recommendation tomorrow (1.30am over here and in bed!) and I imagine it will work but would have liked to avoid user level changes... Will let you know.