I have a CDK pipeline (aws-cdk-lib : 2.99.1) and I will be creating lot of CDK pipelines (25+ repositories, each will have their own pipeline ). I have created some custom roles (CodeBuildRole, CodePipelineRole, CodeDeployRole, CodePipelineEventsRole ) to set permission s for each pipeline at once.
I have configured some of the custom roles.
- CodeBuildStep -> CodeBuildStepProps -> actionRole
- CodeBuildStep -> CodeBuildStepProps -> role
- CodeBuildStep -> CodeBuildStepProps -> input -> CodePipelineSource -> CodeCommitSourceOptions -> eventRole
- CodePipeline -> CodePipelineProps -> role
But when I deploy the pipeline, cdk will create another 4 roles. Is there a way to stop generating those roles and tell CDK to reuse existing ones ?
AWS:${cdk-codepipeline-XX/UpdatePipeline/SelfMutation/Role}
AWS:${cdk-codepipeline-XX/Assets/FileRole}
AWS:${cdk-codepipeline-XX/Pipeline/Source/source-change/CodePipelineActionRole}
AWS:${cdk-codepipeline-XX/CodeBuildActionRole}
String codePipeline = "cdk-codepipeline-" + repoName; CodePipeline pipeline = new CodePipeline( this, codePipeline, CodePipelineProps.builder() .pipelineName(codePipeline) .selfMutation(Boolean.TRUE) .role(codePipelineRole) .synth(synthStep) .crossAccountKeys(Boolean.TRUE) .artifactBucket(getArtifactBucket()) .synthCodeBuildDefaults( CodeBuildOptions .builder() .cache(codebuildCache) .rolePolicy(List.of(policyStatement)) .buildEnvironment(buildEnvironment) .build() ) .codeBuildDefaults( CodeBuildOptions .builder() .cache(codebuildCache) .rolePolicy(List.of(policyStatement)) .buildEnvironment(buildEnvironment) .build() ) .selfMutationCodeBuildDefaults( CodeBuildOptions .builder() .cache(codebuildCache) .rolePolicy(List.of(policyStatement)) .buildEnvironment(buildEnvironment) .build() ) .assetPublishingCodeBuildDefaults( CodeBuildOptions .builder() .cache(codebuildCache) .rolePolicy(List.of(policyStatement)) .buildEnvironment(buildEnvironment) .build() ) .build() ); String functionName = "dev-" + repoName; pipeline.addStage( new LambdaPipelineStage( this, repoName + "-dev-deploy", StageProps .builder() .stageName(repoName + "-dev-deploy") .build(), functionName, Constants.DEVELOPMENT_ENV ) ); String codeBuildName = "cdk-" + repoName + "-codebuild"; CodeBuildStep synthStep = new CodeBuildStep( codeBuildName, CodeBuildStepProps .builder() .projectName(codeBuildName) .cache(codebuildCache) .input( CodePipelineSource.codeCommit( codeCommitRepository, "master", CodeCommitSourceOptions .builder() .eventRole(codePipelineEventRole) .actionName("source-change") .build() ) ) .partialBuildSpec(getPartialBuildSpec()) .installCommands(getInstallCommands()) .commands(getBuildCommands()) .primaryOutputDirectory("${CODEBUILD_SRC_DIR}/cdk/cdk.out") .buildEnvironment(buildEnvironment) .actionRole(codePipelineRole) .role(codeBuildRole) .rolePolicyStatements(List.of(policyStatement)) .build() );