Fix sfn deployment (#1158)

* fixed sfn deploy role

* fixed typo

* changed assume role policy

* another typo

* remove bootstrap version rule

Author: hickeydh-aws

src/core/cdk/src/initial-setup.ts

@@ -200,12 +200,24 @@ export namespace InitialSetup {
           new iam.ServicePrincipal('codebuild.amazonaws.com'),
           new iam.ServicePrincipal('lambda.amazonaws.com'),
           new iam.ServicePrincipal('events.amazonaws.com'),
-          new iam.ArnPrincipal(roleArn),
         ),
         managedPolicies: [iam.ManagedPolicy.fromAwsManagedPolicyName('AdministratorAccess')],
         maxSessionDuration: buildTimeout,
       });
 
+      pipelineRole.assumeRolePolicy?.addStatements(
+        new iam.PolicyStatement({
+          effect: iam.Effect.ALLOW,
+          principals: [new iam.AccountPrincipal(stack.account)],
+          actions: ['sts:AssumeRole'],
+          conditions: {
+            ArnLike: {
+              'aws:PrincipalARN': `arn:aws:iam::${stack.account}:role/${roleName}`,
+            },
+          },
+        }),
+      );
+
       // S3 working bucket
       const s3WorkingBucket = new s3.Bucket(this, 'WorkingBucket', {
         blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,

src/installer/cdk/cdk.json

@@ -1,3 +1,6 @@
 {
-  "app": "pnpx ts-node src/index.ts"
-}
+  "app": "pnpx ts-node src/index.ts",
+  "context": {
+    "@aws-cdk/core:newStyleStackSynthesis": false
+  }
+}