Questions tagged with AWS CloudFormation

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Network Cloudformation Template

Just a basic thing here I am trying to do but keeps rolling back in CF. AWSTemplateFormatVersion: 2010-09-09 Description: CF Template for creation of S3 Bucket. Parameters: EnvironmentName: Description: An environment name that is prefixed to resource names Type: String VpcCIDR: Description: Please enter the IP range (CIDR notation) for this VPC Type: String Default: 10.10.0.0/16 PublicSubnet1CIDR: Description: Please enter the IP range (CIDR notation) for the public subnet in the first Availability Zone Type: String Default: 10.10.1.0/24 PublicSubnet2CIDR: Description: Please enter the IP range (CIDR notation) for the public subnet in the second Availability Zone Type: String Default: 10.10.2.0/24 PrivateSubnet1CIDR: Description: Please enter the IP range (CIDR notation) for the private subnet in the first Availability Zone Type: String Default: 10.10.11.0/24 PrivateSubnet2CIDR: Description: Please enter the IP range (CIDR notation) for the private subnet in the second Availability Zone Type: String Default: 10.10.12.0/24 Resources: ## VPC SJWVPC: Type: AWS::EC2::VPC Properties: CidrBlock: !Ref VpcCIDR EnableDnsHostnames: true EnableDnsSupport: true InstanceTenancy: default Tags: - Key: Name Value: SJWVPC-01 ## Subnets PublicSubnet01: Type: AWS::EC2::Subnet Properties: AssignIpv6AddressOnCreation: true CidrBlock: 10.10.1.0/24 AvailabilityZone: us-east-1a Tags: - Key: Name Value: Public-Subnet-01 VpcId: SJWVPC This is just a small snippit, but in my VS code CF linter tells me to not hardcore the Availability zone? So what am I suppose to do about that?
1
answers
0
votes
12
views
asked a month ago

CDK won't run anything

I am trying to generate a CDK project using typescript. I tried following the getting started where you [init a project named hello-cdk](https://docs.aws.amazon.com/cdk/v2/guide/hello_world.html). Then I just tried making my own project in a different folder. In both cases I get the same result: ``` C:\work\my-proj>npm run build > braun-aws@0.1.0 build > tsc ``` ``` C:\work\my-proj>cdk synth C:\work\my-proj\node_modules\ts-node\src\index.ts:859 return new TSError(diagnosticText, diagnosticCodes, diagnostics); ^ TSError: ⨯ Unable to compile TypeScript: error TS5083: Cannot read file 'C:\work\my-proj\.config\webpack\tsconfig.webpack.json'. at createTSError (C:\work\my-proj\node_modules\ts-node\src\index.ts:859:12) at reportTSError (C:\work\my-proj\node_modules\ts-node\src\index.ts:863:19) at createFromPreloadedConfig (C:\work\my-proj\node_modules\ts-node\src\index.ts:874:36) at phase4 (C:\work\my-proj\node_modules\ts-node\src\bin.ts:543:44) at bootstrap (C:\work\my-proj\node_modules\ts-node\src\bin.ts:95:10) at main (C:\work\my-proj\node_modules\ts-node\src\bin.ts:55:10) at Object.<anonymous> (C:\work\my-proj\node_modules\ts-node\src\bin.ts:800:3) at Module._compile (node:internal/modules/cjs/loader:1155:14) at Object.Module._extensions..js (node:internal/modules/cjs/loader:1209:10) at Module.load (node:internal/modules/cjs/loader:1033:32) { diagnosticCodes: [ 5083 ] } ``` My versions: ``` npm: '8.8.0', node: '16.18.0', v8: '9.4.146.26-node.22', uv: '1.43.0', zlib: '1.2.11', brotli: '1.0.9', ares: '1.18.1', modules: '93', nghttp2: '1.47.0', napi: '8', llhttp: '6.0.10', openssl: '1.1.1q+quic', cldr: '41.0', icu: '71.1', tz: '2022b', unicode: '14.0', ngtcp2: '0.8.1', nghttp3: '0.7.0' ``` For devDependencies, there's a few things that could use updating but I didn't change them from what `aws-cdk init` generated. This is the result of `npm-check-updates` ``` @types/jest ^27.5.2 → ^29.2.0 @types/node 10.17.27 → 18.11.5 @types/prettier 2.6.0 → 2.7.1 jest ^27.5.1 → ^29.2.2 ts-jest ^27.1.4 → ^29.0.3 typescript ~3.9.7 → ~4.8.4 constructs ^10.0.0 → ^10.1.139 ``` So what seems to be happening here is that somebody was supposed to generate a .config directory with a webpack config in it, and it didn't. What's also interesting is that `npm list --all` doesn't even mention webpack. I'm kind of stuck right out of the chute, did I miss a step?
1
answers
0
votes
38
views
wz2b
asked a month ago

npx sst deploy > admin-my-sst-app-MyStack failed: Error: There was an error bootstrapping your AWS account

[Not sure what tags to put on this question] Prior to running `npx sst deploy`, I manually deleted all buckets in s3 and all stacks screenshots: (stacks:) https://gyazo.com/e859eab4d62054b25c638798733cd2b8 (buckets:) https://gyazo.com/456277c2b9d42a3944e96867d8365837 ``` $ npx sst deploy Look like you’re running sst for the first time in this directory. Please enter a stage name you’d like to use locally. Or hit enter to use the one based on your AWS credentials (admin): Using stage: admin Preparing your SST app Deploying stacks ⏳ Bootstrapping environment aws://000820013532/us-east-1... Trusted accounts for deployment: (none) Trusted accounts for lookup: (none) Using default execution policy of 'arn:aws:iam::aws:policy/AdministratorAccess'. Pass '--cloudformation-execution-policies' to customize. CDKToolkit: creating CloudFormation changeset... CDKToolkit | 0/12 | 12.49.33 | REVIEW_IN_PROGRESS | AWS::CloudFormation::Stack | CDKToolkit User Initiated CDKToolkit | 0/12 | 12.49.40 | CREATE_IN_PROGRESS | AWS::CloudFormation::Stack | CDKToolkit User Initiated CDKToolkit | 0/12 | 12.49.46 | CREATE_IN_PROGRESS | AWS::SSM::Parameter | CdkBootstrapVersion CDKToolkit | 0/12 | 12.49.46 | CREATE_IN_PROGRESS | AWS::IAM::Role | ImagePublishingRole CDKToolkit | 0/12 | 12.49.46 | CREATE_IN_PROGRESS | AWS::ECR::Repository | ContainerAssetsRepository CDKToolkit | 0/12 | 12.49.46 | CREATE_IN_PROGRESS | AWS::IAM::Role | LookupRole CDKToolkit | 0/12 | 12.49.46 | CREATE_IN_PROGRESS | AWS::IAM::Role | CloudFormationExecutionRole CDKToolkit | 0/12 | 12.49.46 | CREATE_IN_PROGRESS | AWS::IAM::Role | FilePublishingRole CDKToolkit | 0/12 | 12.49.47 | CREATE_IN_PROGRESS | AWS::S3::Bucket | StagingBucket CDKToolkit | 0/12 | 12.49.47 | CREATE_IN_PROGRESS | AWS::IAM::Role | LookupRole Resource creation Initiated CDKToolkit | 0/12 | 12.49.47 | CREATE_IN_PROGRESS | AWS::IAM::Role | ImagePublishingRole Resource creation Initiated CDKToolkit | 0/12 | 12.49.47 | CREATE_IN_PROGRESS | AWS::IAM::Role | FilePublishingRole Resource creation Initiated CDKToolkit | 0/12 | 12.49.47 | CREATE_FAILED | AWS::IAM::Role | CloudF ormationExecutionRole cdk-hnb659fds-cfn-exec-role-000820013532-us-east-1 already exists CDKToolkit | 0/12 | 12.49.47 | CREATE_FAILED | AWS::IAM::Role | ImagePublishingRole Resource creation cancelled CDKToolkit | 0/12 | 12.49.47 | CREATE_FAILED | AWS::IAM::Role | FilePublishingRole Resource creation cancelled CDKToolkit | 0/12 | 12.49.48 | CREATE_FAILED | AWS::S3::Bucket | StagingBucket Resource creation cancelled CDKToolkit | 0/12 | 12.49.48 | CREATE_FAILED | AWS::ECR::Repository | ContainerAssetsRepository Resource creation cancelled CDKToolkit | 0/12 | 12.49.48 | CREATE_FAILED | AWS::IAM::Role | LookupRole Resource creation cancelled CDKToolkit | 0/12 | 12.49.48 | CREATE_FAILED | AWS::SSM::Parameter | CdkBootstrapVersion Resource creation cancelled CDKToolkit | 0/12 | 12.49.48 | ROLLBACK_IN_PROGRESS | AWS::CloudFormation::Stack | C DKToolkit The following resource(s) failed to create: [ImagePublishingRole, FilePubli shingRole, CdkBootstrapVersion, LookupRole, StagingBucket, CloudFormationExecutionRole, ContainerAssetsRepository]. Rollback requested by user. CDKToolkit | 0/12 | 12.49.52 | DELETE_IN_PROGRESS | AWS::IAM::Role | LookupRole CDKToolkit | 0/12 | 12.49.52 | DELETE_IN_PROGRESS | AWS::SSM::Parameter | CdkBootstrapVersion CDKToolkit | 0/12 | 12.49.52 | DELETE_IN_PROGRESS | AWS::IAM::Role | ImagePublishingRole CDKToolkit | 0/12 | 12.49.52 | DELETE_IN_PROGRESS | AWS::IAM::Role | FilePublishingRole CDKToolkit | 1/12 | 12.49.52 | DELETE_COMPLETE | AWS::IAM::Role | CloudFormationExecutionRole CDKToolkit | 2/12 | 12.49.52 | DELETE_COMPLETE | AWS::ECR::Repository | ContainerAssetsRepository CDKToolkit | 2/12 | 12.49.52 | DELETE_SKIPPED | AWS::S3::Bucket | StagingBucket CDKToolkit | 3/12 | 12.49.53 | DELETE_COMPLETE | AWS::SSM::Parameter | CdkBootstrapVersion CDKToolkit | 4/12 | 12.49.53 | DELETE_COMPLETE | AWS::IAM::Role | FilePublishingRole CDKToolkit | 5/12 | 12.49.53 | DELETE_COMPLETE | AWS::IAM::Role | ImagePublishingRole xists at prepareAndExecuteChangeSet (C:\Users\sebas\WebstormProjects\market\node_modules\aws-cdk\lib\api\deploy-stack.ts:385:13) at processTicksAndRejections (node:internal/process/task_queues:96:5) at C:\Users\sebas\WebstormProjects\market\node_modules\aws-cdk\lib\cdk-toolkit.ts:575:24 at async Promise.all (index 0) at CdkToolkit.bootstrap (C:\Users\sebas\WebstormProjects\market\node_modules\aws-cdk\lib\cdk-toolkit.ts:572:5) at initCommandLine (C:\Users\sebas\WebstormProjects\market\node_modules\aws-cdk\lib\cli.ts:341:12) The stack named CDKToolkit failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: cdk-hnb659fds-cfn-exec-role-000820013532-us-east-1 already exists ❌ admin-my-sst-app-MyStack failed: Error: There was an error bootstrapping your AWS account. Stack admin-my-sst-app-MyStack Status: failed Error: There was an error bootstrapping your AWS account. Failed to deploy the app ```
1
answers
0
votes
26
views
asked a month ago

How to run Cloud Formation Init commands in PowerShell and not cmd?

In Coudformation templates, there is a section to specfiy commands like below. Under `fullServer` I am running the command `install`. However, when I look at the logs after cfn has run on the server, it shows ``` 2022-10-20 13:41:25,780 [INFO] Command install succeeded 2022-10-20 13:41:25,796 [DEBUG] Command install output: $MAGIC ``` This is because the `$Magic` is how to declare and use variables in powershell where as cmd needs the `set` keyword. I would expect the output of this command to be `Command install output: I am from the full server env`. ``` "AWS::CloudFormation::Init": { "configSets": { "downloadS3Data": ["downloadS3"], "Full": [{"ConfigSet": "downloadS3Data"}, "fullServer"], "default": [ {"ConfigSet": "Full"}], "App": [{"ConfigSet": "downloadS3Data"}, "appServer"], "Interface": [{"ConfigSet": "downloadS3Data"}, "interfaceServer"], "Notification": [{"ConfigSet": "downloadS3Data"}, "notificationServer"] }, "downloadS3": { "files": { "C:\\ccw_downloads\\test.txt": { "source": "https://ccw-to-rds-poc-1.s3.us-east-2.amazonaws.com/test.txt", "authentication": "S3AccessCreds" } } }, "fullServer": { "commands": { "install": { "command": "echo $MAGIC", "env": {"MAGIC": "I am from the full server env"}, "cwd": "C:\\ccw_downloads", "waitAfterCompletion": 120 } } } } ``` I would like to run the command with PowerShell and not cmd. Is there a way to specify that like I can with User Data? I know that I could append `PowerShell -Command` to the beginning, making cmd call PowerShell and pass args. However, that would not allow me to use the enviornment variable `MAGIC`. For example `"command": "Powershell -Command 'echo $magic'"`
1
answers
0
votes
20
views
asked 2 months ago

AWS CDK: What is the best way to implement multiple Stacks/NestedStacks & share resources?

I’m currently working on a serverless application developed using AWS CDK in TypeScript. Also as a convention, we follow the below rules too. 1. A stack should only have one table (dynamo) 2. A stack should only have one REST API (api-gateway) 3. A stack should not depend on any other stack (no cross-references), unless its the Event-Stack (a stack dedicated to managing EventBridge operations) The reason we are following these rules because then, each stack can be deployed independently without any interferences of other stacks. In a way, our stacks are equivalent to micro-services in a micro-service architecture. At the moment all the REST APIs are public and now we have decided to make them private by attaching custom Lambda authorizers to each API Gateway resource. Now, in this custom Lambda authorizer, we have to do certain operations (apart from token validation) in order to allow the user's request to proceed further. Those operations are, 1. Get the user’s role from DB using the user ID in the token 2. Get the user’s subscription plan (paid, free, etc.) from DB using the user ID in the token. 3. Get the user’s current payment status (due, no due, fully paid, etc.) from DB using the user ID in the token. 4. Get scopes allowed for this user based on 1. 2. And 3. 5. Check whether the user can access this scope (the resource user currently requesting) based on 4. This authorizer Lambda function needs to be used by all the other Stacks to make their APIs private. But the problem is roles, scopes, subscriptions, payments & user data are in different stacks in their dedicated DynamoDB tables. Because of the rules, I have explained before (especially rule number 3.) we cannot depend on the resources defined in other stacks. Hence we are unable to create the Authoriser we want. Solutions we could think of and their problems: * Since EventBridge isn't bi-directional we cannot use it to fetch data from a different stack resource. * We can [invoke][1] a Lambda in a different stack using its ARN and get the required data from its' response but, AWS has discouraged this as a CDK Anti Pattern * We cannot use technology like gRPC because it requires a continuously running server, which is out of the scope of the server-less architecture. There was also a proposal to re-design the CDK layout of our application. The main feature of this layout is going from non-crossed-references to adopting a fully-crossed-references pattern. (Inspired by layered architecture as described in this [AWS best practice][2]) Based on that article, we came up with a layout like this. - Presentation Layer - Stack for deploying the consumer web app - Stack for deploying admin portal web app - Application Layer - Stack for REST API definitions using API Gateway - Stack for Lambda functions running business-specific operations (Ex: CRUDs) - Stack for Lambda functions runs on event triggers - Stack for Authorisation (Custom Lambda authorizer(s)) - Stack for Authentication implementation (Cognito user pool and client) - Stack for Events (EvenBuses) - Stack for storage (S3) - Data Layer - Stack containing all the database definitions - There could be another stack for reporting, data engineering, etc. ![proposed CDK application architecture](/media/postImages/original/IMOEyqKAuSSF6q9gTvmXIhjw) As you can see, now stacks are going to have multiple dependencies with other stacks' resources (But no circular dependencies, as shown in the attached image). While this pattern unblocks us from writing an effective custom Lambda authorizer we are not sure whether this pattern won't be a problem in the long run, when the application's scope increases. I highly appreciate the help any one of you could give us to resolve this problem. Thanks! [1]: https://docs.aws.amazon.com/lambda/latest/dg/API_Invoke.html [2]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html#organizingstacks [3]: https://i.stack.imgur.com/K4Po0.png
0
answers
1
votes
42
views
asked 2 months ago