TimeoutError: read ECONNRESET since CDK CLI >= 2.167.0 #32208
Description
Describe the bug
CDK commands that access an actual AWS account (e.g. diff, deploy) fails after updating CDK CLI to a version between 2.167.0 and 2.167.2 (the current latest). The commands fails even when running against a pre-synthed cdk.out directory, and so CDK library version should not matter.
Regression Issue
- Select this option if this issue appears to be a regression.
Last Known Working CDK Version
2.166.0
Expected Behavior
CDK command succeeds and returns the expected output.
Current Behavior
CDK command fails with the following error:
Need to perform AWS calls for account 12345678910, but no credentials have been configured
Reproduction Steps
Given an arbitrary CDK app,
cdk synth # succeeds, and so programming language / CDK library version should not matter
cdk --profile [PROFILE_NAME] --debug -v diff --no-change-set -a cdk.out [STAGE NAME]/*
Note that this reproduction was done inside a corporate environment, where a HTTP proxy server is used with TLS MITM.
AWS_CA_BUNDLE=[PATH_TO_INTERNAL_CA_CERTIFICATE_FILE]
AWS_DEFAULT_REGION=ap-northeast-1
AWS_DEFAULT_SSO_REGION=ap-northeast-1
AWS_DEFAULT_SSO_START_URL=https://[...].awsapps.com/start
HTTPS_PROXY=http://[PROXY SERVER DOMAIN]
HTTP_PROXY=http://[PROXY SERVER DOMAIN]
NO_PROXY=127.0.0.1,localhost,.local,.internal,[...]
Here is an example of the AWS profile I personally use:
[default]
sso_session = sec
sso_role_name = [ROLE_NAME]
region = ap-northeast-1
output = json
[sso-session sec]
sso_start_url = https://[...].awsapps.com/start
sso_region = ap-northeast-1
sso_registration_scopes = sso:account:access
[profile PROFILE_NAME]
sso_session = sec
sso_account_id = 12345678910
sso_role_name = [ROLE_NAME]
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.167.2
Framework Version
No response
Node.js Version
v22.6.0
OS
Ubuntu 22.04.4 LTS
Language
Python
Language Version
No response
Other information
No response