diff --git a/packages/aws-cdk-lib/pipelines/lib/blueprint/stage-deployment.ts b/packages/aws-cdk-lib/pipelines/lib/blueprint/stage-deployment.ts index 8fa54c19afa8f..0ad9d60082243 100644 --- a/packages/aws-cdk-lib/pipelines/lib/blueprint/stage-deployment.ts +++ b/packages/aws-cdk-lib/pipelines/lib/blueprint/stage-deployment.ts @@ -62,7 +62,7 @@ export class StageDeployment { const stepFromArtifact = new Map(); for (const artifact of assembly.stacks) { if (artifact.assumeRoleAdditionalOptions?.Tags && artifact.assumeRoleArn) { - throw new Error(`Deployment of stack ${artifact.stackName} requires assuming the role ${artifact.assumeRoleArn} with session tags ${JSON.stringify(artifact.assumeRoleAdditionalOptions.Tags)}, but assuming roles with session tags is not supported by CodePipeline.`); + throw new Error(`Deployment of stack ${artifact.stackName} requires assuming the role ${artifact.assumeRoleArn} with session tags, but assuming roles with session tags is not supported by CodePipeline.`); } const step = StackDeployment.fromArtifact(artifact); stepFromArtifact.set(artifact, step); diff --git a/packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline.test.ts b/packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline.test.ts index 47463444a463c..28821733c27f2 100644 --- a/packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/codepipeline/codepipeline.test.ts @@ -540,7 +540,7 @@ test('throws when deploy role session tags are used', () => { }, }, }); - }).toThrow('Deployment of stack SampleStage-123456789012-us-east-1-SampleStack requires assuming the role arn:${AWS::Partition}:iam::123456789012:role/cdk-hnb659fds-deploy-role-123456789012-us-east-1 with session tags {"Departement":"Engineering"}, but assuming roles with session tags is not supported by CodePipeline.'); + }).toThrow('Deployment of stack SampleStage-123456789012-us-east-1-SampleStack requires assuming the role arn:${AWS::Partition}:iam::123456789012:role/cdk-hnb659fds-deploy-role-123456789012-us-east-1 with session tags, but assuming roles with session tags is not supported by CodePipeline.'); }); diff --git a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts index 780c4d6db5457..7e20c9b3f7492 100644 --- a/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts +++ b/packages/aws-cdk/lib/api/aws-auth/sdk-provider.ts @@ -600,7 +600,7 @@ export async function initPluginSdk(aws: SdkProvider, options: cxschema.ContextL const creds: CredentialsOptions = { assumeRoleArn: options.lookupRoleArn, - assumeRoleAdditionalOptions: options.lookupRoleAdditionalOptions, + assumeRoleAdditionalOptions: options.assumeRoleAdditionalOptions, assumeRoleExternalId: options.lookupRoleExternalId, }; diff --git a/packages/aws-cdk/lib/context-providers/index.ts b/packages/aws-cdk/lib/context-providers/index.ts index 63b26bca93e94..7c4eeee8a6789 100644 --- a/packages/aws-cdk/lib/context-providers/index.ts +++ b/packages/aws-cdk/lib/context-providers/index.ts @@ -68,12 +68,7 @@ export async function provideContextValues( lookupRoleArn: missingContext.props.lookupRoleArn, }, resolvedEnvironment, sdk); - value = await provider.getValue({ - ...missingContext.props, - lookupRoleArn: arns.lookupRoleArn, - lookupRoleExternalId: missingContext.props.lookupRoleExternalId, - assumeRoleAdditionalOptions: missingContext.props.lookupRoleAdditionalOptions, - }); + value = await provider.getValue({ ...missingContext.props, lookupRoleArn: arns.lookupRoleArn }); } catch (e: any) { // Set a specially formatted provider value which will be interpreted // as a lookup failure in the toolkit.