Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Deploying Stack throws error at CreateKeysAndCertificate

0

Hi Experts,

I am following this official tutorial: https://aws.amazon.com/de/blogs/iot/building-an-ocpp-compliant-electric-vehicle-charge-point-operator-solution-using-aws-iot-core/

Everything is working fine until I need to deploy the solution via npx cdk deploy.

Here I get this error message after a while:

15:27:55 | CREATE_FAILED        | Custom::AWS                                 | CreateKeysAndCertificate4D276FB5
Response object is too long.

15:28:02 | DELETE_FAILED        | Custom::AWS                                 | CreateKeysAndCertificate4D276FB5
Received response status [FAILED] from custom resource. Message returned: 2 validation errors detected: Value 'AwsOcppGatewayStack-CreateKeysAndCertificate4D276FB5-4OE0BIJZDROY' at 'certifi
cateId' failed to satisfy constraint: Member must satisfy regular expression pattern: (0x)?[a-fA-F0-9]+; Value 'AwsOcppGatewayStack-CreateKeysAndCertificate4D276FB5-4OE0BIJZDROY' at 'certif
icateId' failed to satisfy constraint: Member must have length less than or equal to 64 (RequestId: 083d3d06-5e9a-420a-9f49-abd4f86d192e)


 ❌  AwsOcppGatewayStack failed: Error: The stack named AwsOcppGatewayStack failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_FAILED (The following resource(s) failed to delete: [CreateKeysAndCertificate4D276FB5]. ): Response object is too long., Received response status [FAILED] from custom resource. Message returned: 2 validation errors detected: Value 'AwsOcppGatewayStack-CreateKeysAndCertificate4D276FB5-4OE0BIJZDROY' at 'certificateId' failed to satisfy constraint: Member must satisfy regular expression pattern: (0x)?[a-fA-F0-9]+; Value 'AwsOcppGatewayStack-CreateKeysAndCertificate4D276FB5-4OE0BIJZDROY' at 'certificateId' failed to satisfy constraint: Member must have length less than or equal to 64 (RequestId: 083d3d06-5e9a-420a-9f49-abd4f86d192e)
    at FullCloudFormationDeployment.monitorDeployment (/Users/martinseubert/.npm/_npx/e72b144743208263/node_modules/aws-cdk/lib/index.js:380:10236)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async deployStack2 (/Users/martinseubert/.npm/_npx/e72b144743208263/node_modules/aws-cdk/lib/index.js:383:145458)
    at async /Users/martinseubert/.npm/_npx/e72b144743208263/node_modules/aws-cdk/lib/index.js:383:128776
    at async run (/Users/martinseubert/.npm/_npx/e72b144743208263/node_modules/aws-cdk/lib/index.js:383:126782)

 ❌ Deployment failed: Error: Stack Deployments Failed: Error: The stack named AwsOcppGatewayStack failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_FAILED (The following resource(s) failed to delete: [CreateKeysAndCertificate4D276FB5]. ): Response object is too long., Received response status [FAILED] from custom resource. Message returned: 2 validation errors detected: Value 'AwsOcppGatewayStack-CreateKeysAndCertificate4D276FB5-4OE0BIJZDROY' at 'certificateId' failed to satisfy constraint: Member must satisfy regular expression pattern: (0x)?[a-fA-F0-9]+; Value 'AwsOcppGatewayStack-CreateKeysAndCertificate4D276FB5-4OE0BIJZDROY' at 'certificateId' failed to satisfy constraint: Member must have length less than or equal to 64 (RequestId: 083d3d06-5e9a-420a-9f49-abd4f86d192e)
    at deployStacks (/Users/martinseubert/.npm/_npx/e72b144743208263/node_modules/aws-cdk/lib/index.js:383:129083)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async CdkToolkit.deploy (/Users/martinseubert/.npm/_npx/e72b144743208263/node_modules/aws-cdk/lib/index.js:383:147507)
    at async exec4 (/Users/martinseubert/.npm/_npx/e72b144743208263/node_modules/aws-cdk/lib/index.js:438:51799)

Stack Deployments Failed: Error: The stack named AwsOcppGatewayStack failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_FAILED (The following resource(s) failed to delete: [CreateKeysAndCertificate4D276FB5]. ): Response object is too long., Received response status [FAILED] from custom resource. Message returned: 2 validation errors detected: Value 'AwsOcppGatewayStack-CreateKeysAndCertificate4D276FB5-4OE0BIJZDROY' at 'certificateId' failed to satisfy constraint: Member must satisfy regular expression pattern: (0x)?[a-fA-F0-9]+; Value 'AwsOcppGatewayStack-CreateKeysAndCertificate4D276FB5-4OE0BIJZDROY' at 'certificateId' failed to satisfy constraint: Member must have length less than or equal to 64 (RequestId: 083d3d06-5e9a-420a-9f49-abd4f86d192e)

What am I doing wrong and how can I see what the response object actually is? I am following the tutorial step by step and everything before worked fine.

Topics
Management & GovernanceInternet of Things (IoT)AWS Cloud Development Kit (CDK)Developer ToolsContainers
Tags
AWS CodeDeployAWS CloudFormationAWS IoT CoreAWS Cloud Development Kit (CDK)Amazon Elastic Container Registry (ECR)
Language
English
asked 3 years ago1.1K views
5 Answers
1
Accepted Answer

I solved it by adding outputPaths: ["certificateArn", "certificatePem", "keyPair.PublicKey", "keyPair.PrivateKey"] to the function. Thank you!

answered 3 years ago
EXPERT
reviewed 2 years ago
1

You are not passing the certificate Id but its so-called "physical id" (See CFN doc):

Value 'AwsOcppGatewayStack-CreateKeysAndCertificate4D276FB5-4OE0BIJZDROY' at 'certificateId' failed to satisfy constraint: Member must satisfy regular expression pattern: (0x)?[a-fA-F0-9]+; Value 'AwsOcppGatewayStack-CreateKeysAndCertificate4D276FB5-4OE0BIJZDROY' at 'certificateId' failed to satisfy constraint: Member must have length less than or equal to 64

EXPERT
answered 3 years ago
0

Ok, but just cloned the repository of the tutorial. There the function is described as follows:

 const iotCreateKeysAndCertificateCr = new cr.AwsCustomResource(this, 'CreateKeysAndCertificate', {
      policy: cr.AwsCustomResourcePolicy.fromStatements([
        new iam.PolicyStatement({
          effect: iam.Effect.ALLOW,
          resources: cr.AwsCustomResourcePolicy.ANY_RESOURCE,
          actions: ['iot:CreateKeysAndCertificate', 'iot:UpdateCertificate'],
        }),
      ]),
      logRetention: logs.RetentionDays.ONE_DAY,
      onCreate: {
        service: 'Iot',
        action: 'createKeysAndCertificate',
        parameters: {
          setAsActive: true,
        },
        physicalResourceId: cr.PhysicalResourceId.fromResponse('certificateId'),
      },
      onDelete: {
        service: 'Iot',
        action: 'updateCertificate',
        parameters: {
          certificateId: new cr.PhysicalResourceIdReference(),
          newStatus: 'INACTIVE',
        },
      },
    });

Which id is incorrect and needs to be replaced? Thanks

answered 3 years ago
0

The missing piece of code is your CFN template: that may be where the issue lies.

EXPERT
answered 3 years ago
0

Good. So, please mark my answer as accepted

EXPERT
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content