cdklocal deploy : unable to figure out localstack presence, building stacks is failing

[accessallow]

   ~/Documents/Code/CDK_APPS/test    master ?1  cdklocal deploy  ✔  9s 

✨ Synthesis time: 2.3s

TestStack: building assets...

❌ Building assets failed: Error: Building Assets Failed: Error: Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment
at buildAllStackAssets (/usr/lib/node_modules/aws-cdk/lib/build.ts:21:11)
at processTicksAndRejections (node:internal/process/task_queues:95:5)
at CdkToolkit.deploy (/usr/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:175:7)
at initCommandLine (/usr/lib/node_modules/aws-cdk/lib/cli.ts:358:12)

Building Assets Failed: Error: Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment

cdklocal --version
2.49.0 (build 793dd76)

[yarik2215]

Same issue

cdklocal --version
2.53.0 (build 7690f43)

localstack --version
1.3.0

[terusaku]

Same trouble happens to me...
I read past some issues, but could not resolve this error. Is compatible of CDK + localstack sensitive?
ref: #39

At least, I'll try again next year.
Have a good New Year!

Pre-requirement

$ cdk --version 
2.58.1 (build 3d8df57)

$ cdklocal --version
2.58.1 (build 3d8df57)

$ localstack --version
1.3.1

# ~/.aws/config
[profile localstack]
source_profile = localstack
region = ap-northeast-1
output = json

# ~/.aws/credentials
[localstack]
aws_access_key_id=local
aws_secret_access_key=local

Error Details

• cdklocal bootstrap/deploy -v --profile localstack cause same error, "Unable to resolve AWS account to use".
  • cdk + --endpoint-url http://localhost:4566 didn't supply workaround.
• LocalStack is working, STS also looks fine.

$ awslocal sts get-caller-identity
{
    "UserId": "AKIAIOSFODNN7EXAMPLE",
    "Account": "000000000000",
    "Arn": "arn:aws:sts::000000000000:user/localstack"
}

• Env variables seems to be no error cause.

$ cdklocal doctor --profile localstack
ℹ️ CDK Version: 2.58.1 (build 3d8df57)
ℹ️ AWS environment variables:
  - AWS_STS_REGIONAL_ENDPOINTS = regional
  - AWS_NODEJS_CONNECTION_REUSE_ENABLED = 1
  - AWS_SDK_LOAD_CONFIG = 1
ℹ️ No CDK environment variables

vervose logs is below.

$ cdklocal bootstrap -v --profile localstack 
[23:36:46] CDK toolkit version: 2.58.1 (build 3d8df57)
[23:36:46] Command line arguments: {
  _: [ 'bootstrap' ],
  v: 1,
  verbose: 1,
  profile: 'localstack',
  lookups: true,
  'ignore-errors': false,
  ignoreErrors: false,
  json: false,
  j: false,
  debug: false,
  ec2creds: undefined,
  i: undefined,
  'version-reporting': undefined,
  versionReporting: undefined,
  'path-metadata': true,
  pathMetadata: true,
  'asset-metadata': true,
  assetMetadata: true,
  'role-arn': undefined,
  r: undefined,
  roleArn: undefined,
  staging: true,
  'no-color': false,
  noColor: false,
  ci: false,
  'bootstrap-bucket-name': undefined,
  b: undefined,
  'toolkit-bucket-name': undefined,
  toolkitBucketName: undefined,
  bootstrapBucketName: undefined,
  'bootstrap-kms-key-id': undefined,
  bootstrapKmsKeyId: undefined,
  'example-permissions-boundary': undefined,
  epb: undefined,
  examplePermissionsBoundary: undefined,
  'custom-permissions-boundary': undefined,
  cpb: undefined,
  customPermissionsBoundary: undefined,
  'bootstrap-customer-key': undefined,
  bootstrapCustomerKey: undefined,
  qualifier: undefined,
  'public-access-block-configuration': undefined,
  publicAccessBlockConfiguration: undefined,
  tags: [],
  t: [],
  execute: true,
  trust: [],
  'trust-for-lookup': [],
  trustForLookup: [],
  'cloudformation-execution-policies': [],
  cloudformationExecutionPolicies: [],
  force: false,
  f: false,
  'termination-protection': undefined,
  terminationProtection: undefined,
  'show-template': false,
  showTemplate: false,
  '$0': 'cdklocal'
}
[23:36:46] cdk.json: {
  "app": "node bin/sample-app.js",
  "watch": {
    "include": [
      "**"
    ],
    "exclude": [
      "README.md",
      "cdk*.json",
      "jest.config.js",
      "package*.json",
      "yarn.lock",
      "node_modules",
      "test"
    ]
  },
  "context": {
    "@aws-cdk/aws-lambda:recognizeLayerVersion": true,
    "@aws-cdk/core:checkSecretUsage": true,
    "@aws-cdk/core:target-partitions": [
      "aws",
      "aws-cn"
    ],
    "@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver": true,
    "@aws-cdk/aws-ec2:uniqueImdsv2TemplateName": true,
    "@aws-cdk/aws-ecs:arnFormatIncludesClusterName": true,
    "@aws-cdk/aws-iam:minimizePolicies": true,
    "@aws-cdk/core:validateSnapshotRemovalPolicy": true,
    "@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName": true,
    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true,
    "@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption": true,
    "@aws-cdk/aws-apigateway:disableCloudWatchRole": true,
    "@aws-cdk/core:enablePartitionLiterals": true,
    "@aws-cdk/aws-events:eventsTargetQueueSameAccount": true,
    "@aws-cdk/aws-iam:standardizedServicePrincipals": true,
    "@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker": true
  }
}
[23:36:46] merged settings: {
  versionReporting: true,
  pathMetadata: true,
  output: 'cdk.out',
  app: 'node bin/sample-app.js',
  watch: {
    include: [ '**' ],
    exclude: [
      'README.md',
      'cdk*.json',
      'jest.config.js',
      'package*.json',
      'yarn.lock',
      'node_modules',
      'test'
    ]
  },
  context: {
    '@aws-cdk/aws-lambda:recognizeLayerVersion': true,
    '@aws-cdk/core:checkSecretUsage': true,
    '@aws-cdk/core:target-partitions': [ 'aws', 'aws-cn' ],
    '@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver': true,
    '@aws-cdk/aws-ec2:uniqueImdsv2TemplateName': true,
    '@aws-cdk/aws-ecs:arnFormatIncludesClusterName': true,
    '@aws-cdk/aws-iam:minimizePolicies': true,
    '@aws-cdk/core:validateSnapshotRemovalPolicy': true,
    '@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName': true,
    '@aws-cdk/aws-s3:createDefaultLoggingPolicy': true,
    '@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption': true,
    '@aws-cdk/aws-apigateway:disableCloudWatchRole': true,
    '@aws-cdk/core:enablePartitionLiterals': true,
    '@aws-cdk/aws-events:eventsTargetQueueSameAccount': true,
    '@aws-cdk/aws-iam:standardizedServicePrincipals': true,
    '@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker': true
  },
  debug: false,
  assetMetadata: true,
  profile: 'localstack',
  toolkitBucket: {},
  staging: true,
  bundlingStacks: [],
  lookups: true
}
[23:36:46] Reading cached notices from ~/.cdk/cache/notices.json
[23:36:46] Toolkit stack: CDKToolkit
[23:36:46] Setting "CDK_DEFAULT_REGION" environment variable to ap-northeast-1
[23:36:46] Looking up default account ID from STS
[23:36:47] Unable to determine the default AWS account (UnknownEndpoint): Inaccessible host: `localhost' at port `4566'. This service may not be available in the `ap-northeast-1' region.
[23:36:47] context: {
  '@aws-cdk/aws-lambda:recognizeLayerVersion': true,
  '@aws-cdk/core:checkSecretUsage': true,
  '@aws-cdk/core:target-partitions': [ 'aws', 'aws-cn' ],
  '@aws-cdk-containers/ecs-service-extensions:enableDefaultLogDriver': true,
  '@aws-cdk/aws-ec2:uniqueImdsv2TemplateName': true,
  '@aws-cdk/aws-ecs:arnFormatIncludesClusterName': true,
  '@aws-cdk/aws-iam:minimizePolicies': true,
  '@aws-cdk/core:validateSnapshotRemovalPolicy': true,
  '@aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeResourceName': true,
  '@aws-cdk/aws-s3:createDefaultLoggingPolicy': true,
  '@aws-cdk/aws-sns-subscriptions:restrictSqsDescryption': true,
  '@aws-cdk/aws-apigateway:disableCloudWatchRole': true,
  '@aws-cdk/core:enablePartitionLiterals': true,
  '@aws-cdk/aws-events:eventsTargetQueueSameAccount': true,
  '@aws-cdk/aws-iam:standardizedServicePrincipals': true,
  '@aws-cdk/aws-ecs:disableExplicitDeploymentControllerForCircuitBreaker': true,
  'aws:cdk:enable-path-metadata': true,
  'aws:cdk:enable-asset-metadata': true,
  'aws:cdk:version-reporting': true,
  'aws:cdk:bundling-stacks': []
}
[23:36:47] outdir: cdk.out
[23:36:47] env: {
  CDK_DEFAULT_REGION: 'ap-northeast-1',
  CDK_OUTDIR: 'cdk.out',
  CDK_CLI_ASM_VERSION: '22.0.0',
  CDK_CLI_VERSION: '2.58.1'
}
[23:36:48] Reading cached notices from ~/.cdk/cache/notices.json

Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment
[23:36:48] Error: Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment
    at SdkProvider.resolveEnvironment (~/.nvm/versions/node/v18.12.1/lib/node_modules/aws-cdk/lib/api/aws-auth/sdk-provider.ts:249:13)
    at processTicksAndRejections (node:internal/process/task_queues:95:5)
    at globEnvironmentsFromStacks (~/.nvm/versions/node/v18.12.1/lib/node_modules/aws-cdk/lib/api/cxapp/environments.ts:19:20)
    at CdkToolkit.bootstrap (~/.nvm/versions/node/v18.12.1/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:645:28)
    at initCommandLine (~/.nvm/versions/node/v18.12.1/lib/node_modules/aws-cdk/lib/cli.ts:374:12)

[joe4dev]

As explained in nodejs/node#40537, Node v17 now favors IPv6 over IPv4 because it now returns IP addresses in the order they are returned from the name resolver/DNS (merged in nodejs/node#39987). Hence, CDK attempts to connect to LocalStack via IPv6 (using the loopback address ::1) when trying to detect the AWS account name during bootstrapping via the API call awslocal sts get-caller-identity. This attempt fails and leads to the Error: Unable to resolve AWS account to use.

Workaround

• export LOCALSTACK_HOSTNAME=127.0.0.1 before running cdklocal forces to use the IPv4 loopback address
• Downgrade to Node ≤ v16

Related Issues

• Closed as duplicate: Error: Need to perform AWS calls for account 000, but no credentials have been configured #39
  • originalError: Error: connect ECONNREFUSED ::1:4566 at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1161:16)
• Closed recently with reference to PR#79 : Environment aws://00000000000/eu-central-1 failed bootstrapping: UnknownEndpoint: Inaccessible host: localhost' at port 4566'. This service may not be available in the `eu-central-1' region. #78
  • Context: M1 MacOS 13.1.
• Initial issue in serverless-localstack leading to PR#205: Inaccessible host: localhost'. This service may not be available in the us-east-1' region. serverless-localstack#125
  • Still requires workaround by setting host: http://127.0.0.1 (as noted in recent comment and at least with Node >= v17)

Follow Up

We'll look into getting this fix into the wrapper itself, to make the switch between IPv4/IPv6 endpoints automatically when using Node >= v17.

Possible solutions:

• Extend the fallback detection in getLocalHost to work with Nodejs >= v17

• Bind LS to both IPv4 and IPv6

• Change the DEFAULT_HOSTNAME from localhost to 127.0.0.1 forces IPv4. It might be quite a significant change though.

• Explicitly force Nodejs >= v17 to restore the same behavior as before similar to this suggestion

  import { setDefaultResultOrder } from "dns";
  setDefaultResultOrder("ipv4first");
  

[terusaku]

@joe4dev
Thanks you a lot for careful guide.
I set LOCALSTACK_HOSTNAME, succeed to cdklocal.

Incidentally, I tried to unset ipv6 on MacOS via networksetup.
This way also works cdklocal as expected.

ipv6 is treated legacy anywhere…
I saw some issues of ipv6 driven, the other day.

[joe4dev]

@terusaku Thank you for your detailed report, which helped to triage the issue 🙏
Yes, disabling IPv6 is another workaround. Maybe a bit intrusive though.

[joe4dev]

@accessallow @yarik2215 @terusaku We just (2023-02-15T12:22:38.576Z) released a new version of aws-cdk-local 2.17.0, which implements an IPv4 fallback to fix IPv6-related issues on macOS. Can you please check with the latest version?

[terusaku]

@joe4dev
I appreciate your prompt response!!

I have done cdklocal bootstrap & cdklocal deploy on the existing project.
No error happened with unset $LOCALSTACK_HOSTNAME.

execution log;

  $ npm list --depth=0 -g | grep cdk
  ├── [email protected]
  ├── [email protected]

  $ echo $LOCALSTACK_HOSTNAME

  $ cdklocal bootstrap --profile localstack --debug
   ⏳  Bootstrapping environment aws://000000000000/ap-northeast-1...
  Trusted accounts for deployment: (none)
  Trusted accounts for lookup: (none)
  Using default execution policy of 'arn:aws:iam::aws:policy/AdministratorAccess'. Pass '--cloudformation-execution-policies' to customize.
  CDKToolkit: creating CloudFormation changeset...
   ✅  Environment aws://000000000000/ap-northeast-1 bootstrapped.

[joe4dev]

Thank you for the prompt and detailed confirmation @terusaku . We are happy it is working 🥳