Incorrect Bootstrap Warning

[Joe-Zer0]

Describe the bug

Running cdk diff with a profile that does not have permission to assume cdk-<guid>-deploy-role causes the warning (To get rid of this warning, please upgrade to bootstrap version >= 8) to be displayed.

Running cdk diff with a profile that can assume cdk-<guid>-deploy-role does not display the warning.
The account is bootstrapped with the latest version (20 currently).

This warning is dumped to the logs twice, once before and after the diff results are displayed.
Before:

[time] Assuming role 'arn:aws:iam::XXXXX:role/cdk-<guid>-lookup-role-XXXXX-us-east-1'.
[time] Assuming role failed: User: arn:aws:sts::XXXXX:assumed-role/Dev_Team_Role/aws-sdk-js-1706295393223 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::XXXXX:role/cdk-<guid>-lookup-role-XXXXX-us-east-1
[time] Could not assume role in target account using current credentials User: arn:aws:sts::XXXXX:assumed-role/Dev_Team_Role/aws-sdk-js-1706295393223 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::XXXXX:role/cdk-<guid>-lookup-role-XXXXX-us-east-1 . Please make sure that this role exists in the account. If it doesn't exist, (re)-bootstrap the environment with the right '--trust', using the latest version of the CDK CLI.
current credentials could not be used to assume 'arn:aws:iam::XXXXX:role/cdk-<guid>-lookup-role-XXXXX-us-east-1', but are for the right account. Proceeding anyway.
(To get rid of this warning, please upgrade to bootstrap version >= 8)

After:

[time] Retrieved account ID XXXXX from disk cache
(To get rid of this warning, please upgrade to bootstrap version >= 8)
[time] Retrieved account ID XXXXX from disk cache
[time] Retrieved account ID XXXXX from disk cache
[time] Assuming role 'arn:aws:iam::XXXXX:role/cdk-<guid>-deploy-role-XXXXX-us-east-1'.
[time] Assuming role failed: User: arn:aws:sts::XXXXX:assumed-role/Dev_Team_Role/aws-sdk-js-1706295393223 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::XXXXX:role/cdk-<guid>-deploy-role-XXXXX-us-east-1
[time] Could not assume role in target account using current credentials User: arn:aws:sts::XXXXX:assumed-role/Dev_Team_Role/aws-sdk-js-1706295393223 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::XXXXX:role/cdk-<guid>-deploy-role-XXXXX-us-east-1 . Please make sure that this role exists in the account. If it doesn't exist, (re)-bootstrap the environment with the right '--trust', using the latest version of the CDK CLI.
current credentials could not be used to assume 'arn:aws:iam::XXXXX:role/cdk-<guid>-deploy-role-XXXXX-us-east-1', but are for the right account. Proceeding anyway.

We do not want the dev teams to directly deploy outside of the CI/CD pipeline. So they are correctly prevented from assuming the cdk deploy role. But we do want them to be able to run a diff. This warning however, is causing confusion. I'm also confused as to why it mentions bootstrap version 8. Seeing as the stack was deployed on version 19 and we are currently on version 20.

Expected Behavior

I expect to not get this warning message: (To get rid of this warning, please upgrade to bootstrap version >= 8).

Current Behavior

It currently displays this warning message: (To get rid of this warning, please upgrade to bootstrap version >= 8).

Reproduction Steps

Run a cdk diff using a profile that does not have permission to assume cdk-<guid>-deploy-role.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.123.0 (build a594112)

Framework Version

No response

Node.js Version

v20.10.0

OS

Windows 10

Language

Python

Language Version

Python 3.12.1

Other information

No response

[pahud]

Yes that could be a little bit confusing.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.