CodeBuild failing to run CDK synth

Question

I'm having a problem running cdk synth on codebuild, it just says: You are not authorized to perform this operation.

It's a CDK application to provision some infrastructure using @aws-cdk/app-delivery dependency to create the CI/CD pipeline. The codebuild image I'm using is: aws/codebuild/nodejs:10.1.0

The buildspec.yml is a standard one that app-delivery shares in their readme, just adding --loglevel verbose to have a better understanding of what's happenning

phases:
  install:
    commands:
      # Installs the npm dependencies as defined by the `package.json` file
      # present in the root directory of the package
      # (`cdk init app --language=typescript` would have created one for you)
      - npm install
  build:
    commands:
      # Builds the CDK App so it can be synthesized
      - npm run build
      # Synthesizes the CDK App and puts the resulting artifacts into `dist`
      - npm run cdk synth --loglevel verbose -- -o dist
artifacts:
  # The output artifact is all the files in the `dist` directory
  base-directory: dist
  files: '**/*'

And here are the codebuild logs:

[Container] 2019/06/06 19:20:11 Running command npm run cdk synth --loglevel verbose -- -o dist 
npm info it worked if it ends with ok 
npm verb cli [ '/usr/local/bin/node', 
npm verb cli   '/usr/local/bin/npm', 
npm verb cli   'run', 
npm verb cli   'cdk', 
npm verb cli   'synth', 
npm verb cli   '--loglevel', 
npm verb cli   'verbose', 
npm verb cli   '--', 
npm verb cli   '-o', 
npm verb cli   'dist' ] 
npm info using [email protected] 
npm info using [email protected] 
npm verb run-script [ 'precdk', 'cdk', 'postcdk' ] 
npm info lifecycle [email protected]~precdk: [email protected] 
npm info lifecycle [email protected]~cdk: [email protected] 

> [email protected] cdk /codebuild/output/src891487954/src 
> cdk "synth" "-o" "dist" 

You are not authorized to perform this operation. 
npm verb lifecycle [email protected]~cdk: unsafe-perm in lifecycle true 
npm verb lifecycle [email protected]~cdk: PATH: /usr/local/lib/node_modules/npm/node_modules/npm-lifecycle/node-gyp-bin:/codebuild/output/src891487954/src/node_modules/.bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 
npm verb lifecycle [email protected]~cdk: CWD: /codebuild/output/src891487954/src 
npm info lifecycle [email protected]~cdk: Failed to exec cdk script 
npm verb stack Error: [email protected] cdk: `cdk "synth" "-o" "dist"` 
npm verb stack Exit status 1 
npm verb stack     at EventEmitter.<anonymous> (/usr/local/lib/node_modules/npm/node_modules/npm-lifecycle/index.js:285:16) 
npm verb stack     at EventEmitter.emit (events.js:182:13) 
npm verb stack     at ChildProcess.<anonymous> (/usr/local/lib/node_modules/npm/node_modules/npm-lifecycle/lib/spawn.js:55:14) 
npm verb stack     at ChildProcess.emit (events.js:182:13) 
npm verb stack     at maybeClose (internal/child_process.js:957:16) 
npm verb stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:246:5) 
npm verb pkgid [email protected] 
npm verb cwd /codebuild/output/src891487954/src 
npm verb Linux 4.14.114-83.126.amzn1.x86_64 
npm verb argv "/usr/local/bin/node" "/usr/local/bin/npm" "run" "cdk" "synth" "--loglevel" "verbose" "--" "-o" "dist" 
npm verb node v10.1.0 
npm verb npm  v5.6.0 
npm ERR! code ELIFECYCLE 
npm ERR! errno 1 
npm ERR! [email protected] cdk: `cdk "synth" "-o" "dist"` 
npm ERR! Exit status 1 
npm ERR!  
npm ERR! Failed at the [email protected] cdk script. 
npm ERR! This is probably not a problem with npm. There is likely additional logging output above. 
npm verb exit [ 1, true ] 

npm ERR! A complete log of this run can be found in: 
npm ERR!     /root/.npm/_logs/2019-06-06T19_20_13_082Z-debug.log 

[Container] 2019/06/06 19:20:13 Command did not exit successfully npm run cdk synth --loglevel verbose -- -o dist exit status 1 
[Container] 2019/06/06 19:20:13 Phase complete: BUILD State: FAILED 
[Container] 2019/06/06 19:20:13 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: npm run cdk synth --loglevel verbose -- -o dist. Reason: exit status 1 

Answer 1

I've been able to check which was the error by running npm run cdk synth -- -v -o dist command in my buildspec.yml. With that I got the following error:

Some context information is missing. Fetching... 
Reading AZs for 244496089465:us-west-2 
Using default AWS SDK credentials for account 244496089465 
You are not authorized to perform this operation. 
UnauthorizedOperation: You are not authorized to perform this operation. 
    at Request.extractError (/codebuild/output/src133069252/src/node_modules/aws-sdk/lib/services/ec2.js:50:35) 
    at Request.callListeners (/codebuild/output/src133069252/src/node_modules/aws-sdk/lib/sequential_executor.js:106:20) 
    at Request.emit (/codebuild/output/src133069252/src/node_modules/aws-sdk/lib/sequential_executor.js:78:10) 
    at Request.emit (/codebuild/output/src133069252/src/node_modules/aws-sdk/lib/request.js:683:14) 
    at Request.transition (/codebuild/output/src133069252/src/node_modules/aws-sdk/lib/request.js:22:10) 
    at AcceptorStateMachine.runTo (/codebuild/output/src133069252/src/node_modules/aws-sdk/lib/state_machine.js:14:12) 
    at /codebuild/output/src133069252/src/node_modules/aws-sdk/lib/state_machine.js:26:10 
    at Request.<anonymous> (/codebuild/output/src133069252/src/node_modules/aws-sdk/lib/request.js:38:9) 
    at Request.<anonymous> (/codebuild/output/src133069252/src/node_modules/aws-sdk/lib/request.js:685:12) 
    at Request.callListeners (/codebuild/output/src133069252/src/node_modules/aws-sdk/lib/sequential_executor.js:116:18)

So, by adding the following permission ec2:DescribeAvailabilityZones into the codebuild role solved my problem