fix(codepipeline): cannot deploy pipeline stack with crossAccountKeys twice (under feature flag) (#19418)

When multiple copies of the same pipeline are deployed in separate stacks, the alias name for the KMS key is the same, causing the deployment to fail. This hcange fixes that using the stack name instead of the stack ID to create a stack safe uniqueId for the alias name. This fix is behind the following feature flag:
    
    @aws-cdk/aws-codepipeline:crossAccountKeyAliasStackSafeUniqueId
    
Fixes issue #18828.


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: TheRealAmazonKendra

packages/@aws-cdk/aws-codepipeline-actions/test/cfn-template-from-repo.lit.integ.snapshot/aws-cdk-codepipeline-cloudformation.template.json

@@ -44,7 +44,7 @@
   "PipelineArtifactsBucketEncryptionKeyAlias5C510EEE": {
    "Type": "AWS::KMS::Alias",
    "Properties": {
-    "AliasName": "alias/codepipeline-awscdkcodepipelinecloudformationpipeline7dbde619",
+    "AliasName": "alias/codepipeline-aws-cdk-codepipeline-cloudformation-pipeline-7dbde619",
     "TargetKeyId": {
      "Fn::GetAtt": [
       "PipelineArtifactsBucketEncryptionKey01D58D69",

packages/@aws-cdk/aws-codepipeline-actions/test/lambda-deployed-through-codepipeline.lit.integ.snapshot/PipelineStack.template.json

@@ -38,7 +38,7 @@
   "PipelineArtifactsBucketEncryptionKeyAlias5C510EEE": {
    "Type": "AWS::KMS::Alias",
    "Properties": {
-    "AliasName": "alias/codepipeline-pipelinestackpipeline9db740af",
+    "AliasName": "alias/codepipeline-pipelinestack-pipeline-9db740af",
     "TargetKeyId": {
      "Fn::GetAtt": [
       "PipelineArtifactsBucketEncryptionKey01D58D69",

packages/@aws-cdk/aws-codepipeline-actions/test/lambda-pipeline.integ.snapshot/aws-cdk-codepipeline-lambda.template.json

@@ -38,7 +38,7 @@
   "PipelineArtifactsBucketEncryptionKeyAlias5C510EEE": {
    "Type": "AWS::KMS::Alias",
    "Properties": {
-    "AliasName": "alias/codepipeline-awscdkcodepipelinelambdapipeline87a4b3d3",
+    "AliasName": "alias/codepipeline-aws-cdk-codepipeline-lambda-pipeline-87a4b3d3",
     "TargetKeyId": {
      "Fn::GetAtt": [
       "PipelineArtifactsBucketEncryptionKey01D58D69",

packages/@aws-cdk/aws-codepipeline-actions/test/pipeline-alexa-deploy.integ.snapshot/aws-cdk-codepipeline-alexa-deploy.template.json

@@ -48,7 +48,7 @@
   "PipelineArtifactsBucketEncryptionKeyAlias5C510EEE": {
    "Type": "AWS::KMS::Alias",
    "Properties": {
-    "AliasName": "alias/codepipeline-awscdkcodepipelinealexadeploypipeline961107f5",
+    "AliasName": "alias/codepipeline-aws-cdk-codepipeline-alexa-deploy-pipeline-961107f5",
     "TargetKeyId": {
      "Fn::GetAtt": [
       "PipelineArtifactsBucketEncryptionKey01D58D69",

packages/@aws-cdk/aws-codepipeline-actions/test/pipeline-cfn.integ.snapshot/aws-cdk-codepipeline-cloudformation.template.json

@@ -38,7 +38,7 @@
   "PipelineArtifactsBucketEncryptionKeyAlias5C510EEE": {
    "Type": "AWS::KMS::Alias",
    "Properties": {
-    "AliasName": "alias/codepipeline-awscdkcodepipelinecloudformationpipeline7dbde619",
+    "AliasName": "alias/codepipeline-aws-cdk-codepipeline-cloudformation-pipeline-7dbde619",
     "TargetKeyId": {
      "Fn::GetAtt": [
       "PipelineArtifactsBucketEncryptionKey01D58D69",

packages/@aws-cdk/aws-codepipeline-actions/test/pipeline-code-commit-build.integ.snapshot/aws-cdk-codepipeline-codecommit-codebuild.template.json

@@ -244,7 +244,7 @@
   "PipelineArtifactsBucketEncryptionKeyAlias5C510EEE": {
    "Type": "AWS::KMS::Alias",
    "Properties": {
-    "AliasName": "alias/codepipeline-awscdkcodepipelinecodecommitcodebuildpipeline9540e1f5",
+    "AliasName": "alias/codepipeline-aws-cdk-codepipeline-codecommit-codebuild-pipeline-9540e1f5",
     "TargetKeyId": {
      "Fn::GetAtt": [
       "PipelineArtifactsBucketEncryptionKey01D58D69",

packages/@aws-cdk/aws-codepipeline-actions/test/pipeline-code-commit.integ.snapshot/aws-cdk-codepipeline-codecommit.template.json

@@ -109,7 +109,7 @@
   "PipelineArtifactsBucketEncryptionKeyAlias5C510EEE": {
    "Type": "AWS::KMS::Alias",
    "Properties": {
-    "AliasName": "alias/codepipeline-awscdkcodepipelinecodecommitpipelinef780ca18",
+    "AliasName": "alias/codepipeline-aws-cdk-codepipeline-codecommit-pipeline-f780ca18",
     "TargetKeyId": {
      "Fn::GetAtt": [
       "PipelineArtifactsBucketEncryptionKey01D58D69",

packages/@aws-cdk/aws-codepipeline-actions/test/pipeline-events.integ.snapshot/aws-cdk-pipeline-event-target.template.json

@@ -38,7 +38,7 @@
   "MyPipelineArtifactsBucketEncryptionKeyAlias9D4F8C59": {
    "Type": "AWS::KMS::Alias",
    "Properties": {
-    "AliasName": "alias/codepipeline-awscdkpipelineeventtargetmypipeline4ae5d407",
+    "AliasName": "alias/codepipeline-aws-cdk-pipeline-event-target-mypipeline-4ae5d407",
     "TargetKeyId": {
      "Fn::GetAtt": [
       "MyPipelineArtifactsBucketEncryptionKey8BF0A7F3",

packages/@aws-cdk/aws-codepipeline-actions/test/pipeline-stepfunctions.integ.snapshot/aws-cdk-codepipeline-stepfunctions.template.json

@@ -78,7 +78,7 @@
   "MyPipelineArtifactsBucketEncryptionKeyAlias9D4F8C59": {
    "Type": "AWS::KMS::Alias",
    "Properties": {
-    "AliasName": "alias/codepipeline-awscdkcodepipelinestepfunctionsmypipelinece88aa28",
+    "AliasName": "alias/codepipeline-aws-cdk-codepipeline-stepfunctions-mypipeline-ce88aa28",
     "TargetKeyId": {
      "Fn::GetAtt": [
       "MyPipelineArtifactsBucketEncryptionKey8BF0A7F3",

packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts

@@ -7,6 +7,7 @@ import {
   ArnFormat,
   BootstraplessSynthesizer,
   DefaultStackSynthesizer,
+  FeatureFlags,
   IStackSynthesizer,
   Lazy,
   Names,
@@ -17,6 +18,7 @@ import {
   Stage as CdkStage,
   Token,
 } from '@aws-cdk/core';
+import * as cxapi from '@aws-cdk/cx-api';
 import { Construct } from 'constructs';
 import { ActionCategory, IAction, IPipeline, IStage, PipelineNotificationEvents, PipelineNotifyOnOptions } from './action';
 import { CfnPipeline } from './codepipeline.generated';
@@ -697,10 +699,19 @@ export class Pipeline extends PipelineBase {
   private generateNameForDefaultBucketKeyAlias(): string {
     const prefix = 'alias/codepipeline-';
     const maxAliasLength = 256;
-    const uniqueId = Names.uniqueId(this);
-    // take the last 256 - (prefix length) characters of uniqueId
-    const startIndex = Math.max(0, uniqueId.length - (maxAliasLength - prefix.length));
-    return prefix + uniqueId.substring(startIndex).toLowerCase();
+    const maxResourceNameLength = maxAliasLength - prefix.length;
+    // Names.uniqueId() may have naming collisions when the IDs of resources are similar
+    // and/or when they are too long and sliced. We do not want to update this and
+    // automatically change the name of every KMS key already generated so we are putting
+    // this under a feature flag.
+    const uniqueId = FeatureFlags.of(this).isEnabled(cxapi.CODEPIPELINE_CROSS_ACCOUNT_KEY_ALIAS_STACK_SAFE_UNIQUE_ID) ?
+      Names.uniqueResourceName(this, {
+        separator: '-',
+        maxLength: maxResourceNameLength,
+        allowedSpecialCharacters: '/_-',
+      }) :
+      Names.uniqueId(this).slice(-maxResourceNameLength);
+    return prefix + uniqueId.toLowerCase();
   }
 
   /**

packages/@aws-cdk/aws-codepipeline/package.json

@@ -88,7 +88,6 @@
     "@aws-cdk/cdk-build-tools": "0.0.0",
     "@aws-cdk/integ-runner": "0.0.0",
     "@aws-cdk/cfn2ts": "0.0.0",
-    "@aws-cdk/cx-api": "0.0.0",
     "@aws-cdk/pkglint": "0.0.0",
     "@types/jest": "^27.5.0",
     "jest": "^27.5.1"
@@ -100,6 +99,7 @@
     "@aws-cdk/aws-kms": "0.0.0",
     "@aws-cdk/aws-s3": "0.0.0",
     "@aws-cdk/core": "0.0.0",
+    "@aws-cdk/cx-api": "0.0.0",
     "constructs": "^3.3.69"
   },
   "homepage": "https://github.com/aws/aws-cdk",
@@ -110,6 +110,7 @@
     "@aws-cdk/aws-kms": "0.0.0",
     "@aws-cdk/aws-s3": "0.0.0",
     "@aws-cdk/core": "0.0.0",
+    "@aws-cdk/cx-api": "0.0.0",
     "constructs": "^3.3.69"
   },
   "engines": {