https://serverless-stack.com/ logo
Join Slack
Powered by
hey guys, i have 2 questions - how would we go abo...
# help
h
hey guys, i have 2 questions • how would we go about specifying a bootstrap stack? would 
sst cdk deploy --toolkit-stack-name mystackname
work as expected? • is there any way for lambas running in the sst runtime to have their output logged to stdout/stderr as well?
a
SST handles the CDK bootstrap for you, transparently.
h
i am trialing sst with an org that requires devs to use their bootstrap stack instead of deploying their own
f
@Hans Song can you clarify by 
use their bootstrap stack
, do you mean: • bootstrapping with a different stack name; or • bootstrapping with custom resources (ie. override the bucket name in the bootstrap stack); or • they have previously bootstrapped, and they want SST to talk to the existing bootstrap stack to deploy
h
Hi Frank, the third option
f
I see, if they used a custom bootstrap template, you’d have to specify where to find the bootstrapped resources when creating Stacks. For example in your index.js:
Copy code
export default function main(app) {
  new MySampleStack(app, "sample", {
    synthesizer: new DefaultStackSynthesizer({
      fileAssetsBucketName: 'my-orgs-asset-bucket',
    }),
  });
}
Does that make sense?
h
you’re saying to recreate the existing bootstrap stack as a synthesizer construct?
f
No no. When you deploy, CDK looks for the bootstrap stack and resources in the bootstrap stack by pre-defined names. Ie. the bootstrap stack’s default name is 
CDKToolkit
.
h
i think i’ll need to do a little more reading, i’m not that familiar with the inner workings of cdk (fairly new to aws in general) but this gives me a good starting point to research, thank you 🙂
f
However, when you bootstrap, you can use customize some of the resources in the bootstrap stack. ie. to bootstrap with a custom s3 bucket name
Copy code
cdk bootstrap --bootstrap-bucket-name my-custom-bootstrap-bucket
Yeah, let me layout a couple of scenarios: 1. The org has 
not
bootstrapped before, and they want to bootstrap the 
default
stack 2. The org has 
not
bootstrapped before, and they want to bootstrap a 
custom
stack 3. The org has 
already
bootstrapped the 
default
stack before, and they want the SST app to use the default stack 4. The org has 
already
bootstrapped a 
custom
stack before, and they want the SST app to use the custom stack Lemme know which scenario it is. And we can go from there.
h
so the role of this synthesizer construct is to act as a replacement for those cli args which would mimic using 
--toolkit-stack-name
? i see now the contents of the existing bootstrap stack mostly matches up with those props
f
Oh i see. So they have previously bootstrapped, and they used the default bootstrap template, with just a custom bootstrap name?
h
I’m not too sure about the differences, at the very least I know that some roles have restricted permissions.
f
I see. If you just run 
sst deploy
, do u get an error?
h
without doing anything, i get this error
Copy code
AccessDenied: User: arn;aws:sts:...:assumed-role/... is is not authorized to perform: cloudformation:CreateChangeSet on resource arn:aws:cloudformation:...:stack/CDKToolkit/* because no identity-based policy allows the cloudformation:CreateChangeSet action
...
Error: There was an error bootstrapping your AWS account.
f
Can you share the full output?
h
sure, here you go
f
I see.. so the IAM role you are using does not have the 
cloudformation:CreateChangeSet
permission to create the bootstrap stack.
Did you say there is an existing bootstrap stack with a custom name in the same region (ie. 
ap-southeast-2
) same account?
h
hey @Frank, sorry i didn’t see your message, yep, there is an existing stack deployed as 
cdk-bootstrap-retail
in 
ap-southeast-2
with resources such as deployment roles, lambda boundaries, cloudformation execution roles, etc
f
Got it! Can you give this a quick try: • go to 
node_modules/@serverless-stack/core/dist/index.js
• search for 
--require-approval
• insert two lines above it
Copy code
"--toolkit-stack-name",
"cdk-bootstrap-retail",
"--require-approval", // insert above this line
And then try running running 
sst start
or 
sst deploy
.
Let me know if it works for you. I will add the 
--toolkit-stack-name
flag to SST CLI.
h
hey @Frank, sorry for such a late followup, this ended up getting pushed back due to other priorities
so using 
npx sst cdk --toolkit-stack-name ...
and the method you suggested both ended up working but due to security limitations we had a bunch of other requirements (out of sst scope)
f
sounds good. Let me know if this every becomes a blocker.
4 Views
Open in Slack
PreviousNext
Powered by