(CodePipeline): shared cross-region support Stacks cause CDK Pipelines self-mutation to fail

[tobytipton]

Description

When you are define more than one pipeline stack inside of the same app all which are self-mutating and deploying across regions the support CFN stack which is created to support each of the pipelines use the same CFN stack. As a result when the pipelines get to the UpdatePipeline stage which ever pipeline gets to SelfMutate step and triggers the update of the cross region stack, causes the other pipeline(s) to fail the SelfMutate.

The SelfMutate failure will look similar to cross-region-stack-PIPELINEACCOUNTNUMBER:ap-northeast-1 (LASTPIPELINESTACKDEFINEDNAME-support-ap-northeast-1) failed: Error [ValidationError]: Stack:arn:aws:cloudformation:ap-northeast-1:PIPELINEACCOUNTNUMBER:stack/LASTPIPELINESTACKDEFINEDNAME-support-ap-northeast-1/b25adf00-2a9b-11ec-b640-0a4310995729 is in UPDATE_IN_PROGRESS state and can not be updated.

Ideally we should be able to provide a flag to leverage the pipeline stack name rather than the pipelineAccount id so that SelfMutation can occur independent on each of the pipeline stacks.

Use Case

We have quite a few places where we have one cdk App where we are defining 2 or more pipeline stacks, because this SelfMutation error it requires checking of the pipelines to ensure that all pipelines are continuing to flow.

Proposed Solution

I can understand the reason for the re-use since there is a cost associated with the KMS key for the cross region replication, however having the ability to accept that would be ideal.

Solution would be add a new flag/property like uniqueCrossRegionStackName to PipelineProps which would default to false.

If uniqueCrossRegionStackName is set to true it will update the supportStackId to be cross-region-stack-${pipelineStack.stackName}:${actionRegion}

The new flag/property would also need to be added CodePipelineProps and used when define the underlying pipeline

Other information

No response

Acknowledge

• I may be able to implement this feature request
• This feature might incur a breaking change

[skinny85]

Thanks for opening the issue @tobytipton. This is indeed a very interesting side-effect of sharing the cross-region support Stacks. This was done originally to save on the amount of extra resources we create, but I can definitely see how this becomes problematic in CDK Pipelines.

If you want to unblock yourself, you should be able to pass different Buckets for reach region when constructing the CDK CodePipeline.

@rix0rrr what do you think about this? Should the default sharing of cross-region support Stacks have actually different behavior in CDK Pipelines?