I recently got this error and I couldn’t figure it out: My CDK deploy kept failing because:

fail: Need to perform AWS calls for account 111111111111, but the current credentials are for 22222222222

My deployment job had been working perfectly for months until this error above showed up.

REASON: While troubleshooting a CloudFormation stack issue, I had deleted all the resources used in the CloudFormation Stack which included a reference to an assets zip file stored in a bucket called:

bucket s3://cdk-hnb659fds-assets-222222222222-eu-west-1/

I thought — I just deleted this one too.

#TLDR: Confirm that you didn’t delete the AWS bucket used by CDK itself.



When setting up the default_arguments:

— extra-py-files means Python Library Path in the AWS Glue Console/UI.

  • This should be a full path to an S3 zip file

— extra-files means Referenced files path in the AWS Glue Console UI

  • This should be a full path to an S3 file s3://bucket/folder/file.py



I’m using the boto3 client to copy RDS Snapshots and the CopyTags documentation is not clear on the following.

But if your source snapshot has tags and you want to copy then, then you cannot add tags with the Tags=[ … some tags ] at the same time.

If you use both the CopyTags and the Tags properties, only the Tags one will be applied.



Today I had been debugging and building my docker based lambda. All of the sudden, I start getting this error

failed to solve with frontend dockerfile.v0: failed to create LLB definition: unexpected status code [manifests 3.8]: 400 Bad Request

I googled it without success. I closed VS Code. Nada.

I closed and restarted Docker Desktop. Nada.

I noticed I had a pending update on the Docker Desktop notifications. I completed the update. Then…

I shut down my mac. Restarted it and bam! It started working again.

hope this helps.



How can I view the logs of a docker container running in the background?

So I had a Jenkins job that was building a Lambda function docker image and testing it. The tests worked locally but some how they were failing when Jenkins was running them.

The Jenkins job didn’t show me the docker image logs so I use this below:

I use this to test the lambda

TEST_RESPONSE=$(curl -XPOST “http://localhost:9000/2015-03-31/functions/function/invocations" -d @”$TEST_FILE”)

Then after catching the response, I had jenkins output the docker logs

docker container logs — details $(docker ps -aqf “ancestor=$image”)

Hope this helps you out.



Today I needed to add a permissions policy to an ECR repository but couldn’t really figure out where to add the policy.

I thought I would select the repository and click on the Edit property but that’s not it.

Instead once select and click onto your ECR repository, on the left side column, you’ll see “Images” and “Permissions” options. That’s how you get to the Permissions tab where you can edit the Policy JSON.

Hope this helps you out!



In order to filter SNS Subscription messages, your message must have a “MessageAttributes” attribute.

If you are creating the messages, then this is no problem.

In my case, I’m using CloudWatch event rules to publish to an SNS topic and I don’t have a way to add the MessageAttributes property…



I just came across a goofy problem. I created a lambda function and it appeared to me as if nothing was happening. Like it wasn’t being triggered.

I couldn’t find any errors in CloudWatch. Nada.

Then I thought — I wonder if it is failing but not able to tell me so because the Lambda needs access to CloudWatch Logs. And indeed.

Remember to Add CloudWatch Logs permissions.

p.s. Back to my lambda to fix some json property mishap!

keywords: sns call lambda cross-region but lambda not being triggered