generated content (using cdk synth) in cdk.out cannot be reused for deploying infrastructure in another region

[ttais2017]

Describe the bug

generated content in cdk.out cannot be reused for deploying infrastructure in another region.

Expected Behavior

With the generated content within cdk.out should be also possible to deploy the App (Intrastrukture) in another Region.

Current Behavior

I have a simple Infrastrukture with nested stacks. Its deployment from console is possible, using cdk deploy.

I uploaded the content of cdk.out into a s3-bucket. This contains all files, template and assets.

From the AWS-Console in Cloud Formation (located in another region), I try to deploy/create a stack with the S3 URL of that template . But I get the error "S3 error: Access Denied For more information check http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html".

The S3 bucket allows public access and the full content of cdk.out was uploaded in that bucket

Reproduction Steps

Using the creation of a new stack from CloudFormation:

Try with the S3 URL of the bucket where is located the content of cdk.out.zip

cdk.out.zip

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

aws-cli/2.13.12 Python/3.11.4 Windows/10 exe/AMD64 prompt/off

Framework Version

No response

Node.js Version

9.5.1

OS

Windows

Language

Java

Language Version

Java 17

Other information

No response

[peterwoodworth]

I'm not sure why you would expect this to work. Do we have any documentation on this topic?

[ttais2017]

I would expect it, because looking into the s3 bucket (created by bootstrap), each time I deployed, the whole directory cdk.out will be uploaded to the s3 bucket and from there, CloudFormation references the resources, creating my whole scenario.

Or perhaps I 'm assuming to much ?. :\

[peterwoodworth]

It's probably close to working, I've just never heard of the use case and am not sure if this is supposed to work. When you get the S3 error: Access Denied error, is that showing up after deployment has started? Or can you not start deployment at all? (A screenshot would be helpful)

[peterwoodworth]

This thread seems to be related https://stackoverflow.com/questions/64720224/s3-error-access-denied-when-deploying-cfn-template-with-nested-stacks

[peterwoodworth]

OK, I think what you're encountering is that you're uploading the assets directly as they are to S3. The names of the assets in the CloudFormation template differ from as they appear in cdk.out, so you're probably encountering S3 error: Access Denied because it cannot find the filenames specified in the template.

[ttais2017]

CloudFormation starts the deployment and in sometime later comes the error:

[ttais2017]

I followed some steps for testing the deployment based on cdk.out.

• I deployed my project as always with cdk deploy. The resources were uploaded on the s3 (bootstrap) and cloud formation started the deployment as always, successfully.

• I destroyed the stack and everything was removed. Also Ok.

• After that, I used the URL of the template (located on the s3-bootstrap) and I called from AWS-Console - Cloud Formation the function "Create Stack" from a URL.
  The deployment was also successful

• Next Step: I tested from another region the deployment from AWS-Console/Cloud-Formation : CreateStack. This time with error :( 400

I think this kind of deployment could be considered as near new feature. Projects with IaC should also be available via Marketplace. For this, the user gets normally an URL of the related cloud template and the infrastructure will be by the used deployed.