Having issues when running cdk diff <stack> it is extremely slow and sometimes it does not finish at all.
- OS: macOS Monterey 12.5.1
- CPU: Apple M1 Max
- CDK version: 2.40.0 (build 56ba2ab)
- NPM: 8.15.0
- node.js version: 18.9.0
- CDK stack language: Python
Running cdk --verbose --debug diff <stackname> gives the following:
Stack example_stack
Retrieved account ID XXXXXXXXXXXX from disk cache
Assuming role 'arn:aws:iam::YYYYYYYYYYYY:role/cdk-ppppppppp-lookup-role-YYYYYYYYYYYY-us-east-1'.
[AWS ssm undefined 13.838s 6 retries] getParameter({ Name: '/cdk-bootstrap/ppppppppp/version' })
Call failed: getParameter({"Name":"/cdk-bootstrap/ppppppppp/version"}) => Inaccessible host: `ssm.us-east-1.amazonaws.com' at port `undefined'. This service may not be available in the `us-east-1' region.: write EPROTO 8045C80901000000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:../deps/openssl/openssl/ssl/statem/extensions.c:908:
(code=UnknownEndpoint)
UnknownEndpoint: Inaccessible host: `ssm.us-east-1.amazonaws.com' at port `undefined'. This service may not be available in the `us-east-1' region.: write EPROTO 8045C80901000000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:../deps/openssl/openssl/ssl/statem/extensions.c:908:
at Request.ENOTFOUND_ERROR (/Users/exampleuser/.nvm/versions/node/v18.9.0/lib/node_modules/aws-sdk/lib/event_listeners.js:576:46)
at Request.callListeners (/Users/exampleuser/.nvm/versions/node/v18.9.0/lib/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/Users/exampleuser/.nvm/versions/node/v18.9.0/lib/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/Users/exampleuser/.nvm/versions/node/v18.9.0/lib/node_modules/aws-sdk/lib/request.js:686:14)
at error2 (/Users/exampleuser/.nvm/versions/node/v18.9.0/lib/node_modules/aws-sdk/lib/event_listeners.js:408:22)
at ClientRequest.<anonymous> (/Users/exampleuser/.nvm/versions/node/v18.9.0/lib/node_modules/aws-sdk/lib/http/node.js:99:9)
at ClientRequest.emit (node:events:513:28)
at ClientRequest.emit (node:domain:489:12)
at TLSSocket.socketErrorListener (node:_http_client:494:9)
at TLSSocket.emit (node:events:513:28) {
code: 'UnknownEndpoint',
region: 'us-east-1',
hostname: 'ssm.us-east-1.amazonaws.com',
retryable: true,
originalError: Error: write EPROTO 8045C80901000000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:../deps/openssl/openssl/ssl/statem/extensions.c:908:
at WriteWrap.onWriteComplete [as oncomplete] (node:internal/stream_base_commons:94:16) {
errno: -100,
code: 'NetworkingError',
syscall: 'write',
region: 'us-east-1',
hostname: 'ssm.us-east-1.amazonaws.com',
retryable: true,
time: 2022-10-17T07:28:53.319Z
},
time: 2022-10-17T07:28:53.319Z
}
Could not assume arn:aws:iam::YYYYYYYYYYYY:role/cdk-ppppppppp-lookup-role-YYYYYYYYYYYY-us-east-1, proceeding anyway.
(To get rid of this warning, please upgrade to bootstrap version >= 8)
Retrieved account ID XXXXXXXXXXXX from disk cache
Assuming role 'arn:aws:iam::YYYYYYYYYYYY:role/cdk-ppppppppp-deploy-role-YYYYYYYYYYYY-us-east-1'.
Assuming role failed: Inaccessible host: `sts.us-east-1.amazonaws.com' at port `undefined'. This service may not be available in the `us-east-1' region.
Reading cached notices from /Users/exampleuser/.cdk/cache/notices.json
Could not assume role in target account using current credentials (which are for account XXXXXXXXXXXX) Inaccessible host: `sts.us-east-1.amazonaws.com' at port `undefined'. This service may not be available in the `us-east-1' region. . Please make sure that this role exists in the account. If it doesn't exist, (re)-bootstrap the environment with the right '--trust', using the latest version of the CDK CLI.
Error: Could not assume role in target account using current credentials (which are for account XXXXXXXXXXXX) Inaccessible host: `sts.us-east-1.amazonaws.com' at port `undefined'. This service may not be available in the `us-east-1' region. . Please make sure that this role exists in the account. If it doesn't exist, (re)-bootstrap the environment with the right '--trust', using the latest version of the CDK CLI.
at _SDK.forceCredentialRetrieval (/Users/exampleuser/.nvm/versions/node/v18.9.0/lib/node_modules/aws-cdk/lib/api/aws-auth/sdk.ts:261:13)
at processTicksAndRejections (node:internal/process/task_queues:95:5)
at SdkProvider.forEnvironment (/Users/exampleuser/.nvm/versions/node/v18.9.0/lib/node_modules/aws-cdk/lib/api/aws-auth/sdk-provider.ts:199:7)
at CloudFormationDeployments.prepareSdkFor (/Users/exampleuser/.nvm/versions/node/v18.9.0/lib/node_modules/aws-cdk/lib/api/cloudformation-deployments.ts:481:22)
at CloudFormationDeployments.readCurrentTemplateWithNestedStacks (/Users/exampleuser/.nvm/versions/node/v18.9.0/lib/node_modules/aws-cdk/lib/api/cloudformation-deployments.ts:336:18)
at CdkToolkit.diff (/Users/exampleuser/.nvm/versions/node/v18.9.0/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:118:33)
at initCommandLine (/Users/exampleuser/.nvm/versions/node/v18.9.0/lib/node_modules/aws-cdk/lib/cli.ts:349:12)
Usually what happens is that cdk gets stuck on either ssm/sts/cloudformation calls as seen with: [AWS ssm undefined 13.838s 6 retries]. Sometimes it works directly and sometimes it does not work at all.
Solution: Downgrade node.js to v16.17
