From 595a422a614daecf386bde96f4cefeb4f7473815 Mon Sep 17 00:00:00 2001
From: Rico Hermans <rix0rrr@gmail.com>
Date: Tue, 22 Oct 2024 17:04:51 +0200
Subject: [PATCH] fix: 'Need to perform AWS calls for account' when doing
 cross-account deployments (#31846)

Fixes #31845

Manually verified that cross-account access is possible again. Will follow up with a PR for more tests.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
 packages/aws-cdk/lib/api/deployments.ts | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/packages/aws-cdk/lib/api/deployments.ts b/packages/aws-cdk/lib/api/deployments.ts
index 788c42796be36..a2e729ce30689 100644
--- a/packages/aws-cdk/lib/api/deployments.ts
+++ b/packages/aws-cdk/lib/api/deployments.ts
@@ -812,7 +812,7 @@ export class Deployments {
     const { manifest, stackEnv } = await this.prepareAndValidateAssets(asset, options);
     await publishAssets(manifest, this.sdkProvider, stackEnv, {
       ...options.publishOptions,
-      allowCrossAccount: await this.allowCrossAccountAssetPublishingForEnv(stackEnv),
+      allowCrossAccount: await this.allowCrossAccountAssetPublishingForEnv(options.stack),
     });
   }
 
@@ -852,15 +852,15 @@ export class Deployments {
     // No need to validate anymore, we already did that during build
     const publisher = this.cachedPublisher(assetManifest, stackEnv, options.stackName);
     // eslint-disable-next-line no-console
-    await publisher.publishEntry(asset, { allowCrossAccount: await this.allowCrossAccountAssetPublishingForEnv(stackEnv) });
+    await publisher.publishEntry(asset, { allowCrossAccount: await this.allowCrossAccountAssetPublishingForEnv(options.stack) });
     if (publisher.hasFailures) {
       throw new Error(`Failed to publish asset ${asset.id}`);
     }
   }
 
-  private async allowCrossAccountAssetPublishingForEnv(env: cxapi.Environment): Promise<boolean> {
+  private async allowCrossAccountAssetPublishingForEnv(stack: cxapi.CloudFormationStackArtifact): Promise<boolean> {
     if (this._allowCrossAccountAssetPublishing === undefined) {
-      const sdk = (await this.cachedSdkForEnvironment(env, Mode.ForReading)).sdk;
+      const { stackSdk: sdk } = await this.prepareSdkFor(stack, undefined, Mode.ForReading);
       this._allowCrossAccountAssetPublishing = await determineAllowCrossAccountAssetPublishing(sdk, this.props.toolkitStackName);
     }
     return this._allowCrossAccountAssetPublishing;