I have an environment which is already bootstrapped, and bootstrapping again (with CDK 1.106.1) doesn't seem to do anything:
$ cdk bootstrap aws://unknown-account/ap-southeast-2
'#aws-cdk/core:newStyleStackSynthesis' context set, using new-style bootstrapping
[…]
⏳ Bootstrapping environment aws://unknown-account/ap-southeast-2...
Trusted accounts: (none)
Using default execution policy of 'arn:aws:iam::aws:policy/AdministratorAccess'. Pass '--cloudformation-execution-policies' to customize.
However, the very next command warns about the bootstrap stack being too old:
$ cdk diff
[…]
Other Changes
[+] Unknown Rules: {"CheckBootstrapVersion":{"Assertions":[{"Assert":{"Fn::Not":[{"Fn::Contains":[["1","2","3"],{"Ref":"BootstrapVersion"}]}]},"AssertDescription":"CDK bootstrap stack version 4 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."}]}}
What gives? I'm already running bootstrap with the latest CDK version. How do I upgrade the bootstrap version?
I've now deleted the "CDKToolkit" stack and re-bootstrapped successfully, but I'm still getting the same warning. What gives? I'm clearly running cdk bootstrap with a recent version of CDK.
I've now filed a CDK issue for this.
Related project issue; build.
Answered by #rix0rrr:
Nothing is actually wrong. The cdk diff is telling you about a Rule that got added to the template, but it doesn't actually know what the Rule means and so is printing it in a confusing way.
The diff will disappear after your next deployment.
I came to this page because I faced an issue related to bootstrap being considered old.
"--cloudformation-execution-policies can only be passed for the modern
bootstrap experience."
The below command from the article https://docs.aws.amazon.com/cdk/latest/guide/cdk_pipeline.html was giving me an error. It turned out that export(linux/MacOS) and set(windows) were being mixed in my case.
export CDK_NEW_BOOTSTRAP=1
npx cdk bootstrap aws://315997497220/us-east-1 --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess aws://315997497220/us-east-1
Bootstrapping using AWS profiles also works:
export CDK_NEW_BOOTSTRAP=1
cdk --profile=fortune-dev bootstrap
Related
I created an aws Copilot pipeline but it fails because CodeBuild says it can't find buildspec.yml.
I'm not sure where the beginning of the path comes from /codebuild/output/src1#####3/src/ however the second part of the path is exactly correct /copilot/pipelines/projectname-master/buildspec.yml
How can I troubleshoot why this file cannot be found?
Note: this was set up using the copilot pipeline init cli command
I believe the problem is related to a bug surfaced here: https://github.com/aws/copilot-cli/issues/3468, which has been fixed with https://github.com/aws/copilot-cli/pull/3532 and released just this morning – please update Copilot to v1.18.0.
I have to update a website on aws using serverless deploy.
This website were not created by me, it's the first time I work with serverless and AWS solutions.
I have the source code, deploy files, etc, from the last person in charge.
I run a before-deploy.js script to create all local files, check them to see if the updates went ok. Everything's fine.
But anytime I try to deploy using the simple command "serverless deploy", it fails printing this error :
CREATE_FAILED: MainStaticSite (AWS::S3::Bucket)
“mywebsite.com” already exists
I don’t really understand this error, as I know the website already exists but I just want to update it.
I tried more specific commands like :
serverless deploy -v --stage production --region eu-west-1
But this one only shows this output :
Framework Core: 3.10.1
Plugin: 6.2.0
SDK: 4.3.2
PS
And doesn't updates the website.
I changed the keys on AWS, maybe it's because of this ?
Looks like he doesn’t want to overwrite the existing files, but no idea why.
If someone has an answer or a lead.
Thank you :)
I have a cloud formation template where I have all the resources and details for the project.
I have the cfn-lint setup locally and it is running perfectly fine. However when I push the code changes, build fails at deployment stage due to cfn-nag stating some simple changes which could be fixed.
I'm using windows machine and I need a way to run this cfn-nag locally so that I could check this just like cfn-lint and fix them locally instead of waiting 40 minutes for build till it reaches deployment stage.
I referred several posts online, found below two helpful
https://stelligent.com/2018/03/23/validating-aws-cloudformation-templates-with-cfn_nag-and-mu/
https://github.com/stelligent/cfn_nag
What is the difference between cfn-nag and cfn-lint and why lint is not failing on what cfn-nag is complaining about?
The above links have some instructions on Ruby and Brew but I'm using Nodejs, felt lost. Please help.
CFN-Nag looks for patterns in AWS CloudFormation templates that may indicate insecure infrastructure,
Ex:
IAM rules that are too permissive (wildcards),
Security group rules that are too permissive (wildcards),
Access logs that aren’t enabled,
Encryption that isn’t enabled,
CFN-Lint scans the AWS CloudFormation template by processing a collection of Rules, where every rule handles a specific function check or validation of the template. It validates against AWS CloudFormation Resource specification.
This collection of rules can be extended with custom rules using the --append-rules argument.
Ex: Whitespaces, alignment(YAML), type checks, valid values for resource properties, and other best practices.
Those two links you previded above have all the information needed, just not directly for a Nodejs developer using a Windows machine.
Step1: Pull the docket image stelligent/cfn-nag
Step2: Add the script to your package.json for cfn-nag
Ex:
"scripts" : {
"cfn:nag": "cfn-nag"
}
If you're using docker-compose.yml
Add the cfn-nag image details to your docker-compose.yml like below
cfn-nag:
image: "stelligent/cfn-nag"
volumes:
-./path_of_cfn_file_to_copy: /path_to_copy_to
command: ${COMMAND: -/path_to_copy_tp/cfn_file}
Just set the scripts in package.json to run via docker-compose
"cfn:nag": "docker-compose run --rm cfn-nag"
I have Airflow running in AWS MWAA, I would like to access REST API and there are 2 ways to do this but doesn't seem to work for me.
Overriding api.auth_backend. This used to work and now AWS MWAA won't allow you to add this, it is consider as 'blocklist' and not allow.
api.auth_backend = airflow.api.auth.backend.default
Using MWAA Cli(Python). This doesn't work if any of the DAGs uses packages that are in requirments.txt file.
a. as an example, I have "paramiko" in requirements.txt because I have a task that uses SSHOperator. The MWAA Cli fails with "no module paramiko"
b. Also noted here, https://docs.aws.amazon.com/mwaa/latest/userguide/access-airflow-ui.html
"Any command that parses a DAG (such as list_dags, backfill) will fail if the DAG uses plugins that depend on packages that are installed through requirements.txt."
We are using MWAA 2.0.2 and managed to use Airflow's Rest-API through MWAA CLI, basically following the instructions and sample codes of the Apache Airflow CLI command reference. You'll notice that not all Rest-API calls are supported, but many of them are (even when you have a requirements.txt in place).
Also have a look at AWS sample codes on GitHub.
Why might I be seeing this error after I run git aws.push?
remote: error: Unable to deploy application version: No Environment found for EnvironmentName = 'reco-api-env'.
When I grep my flask app's directory for EnvironmentName, I see this:
./.elasticbeanstalk/config:6:EnvironmentName=name-env
./.git/AWSDevTools/aws/elastic_beanstalk_config.rb:36: :environment_name => "EnvironmentName",
I had similar symptoms when I manually updated default_region from us-west-2 to us-west-1. Reverting back fixed the issue.
I suspect you missed a step in the process. You need to use eb start before doing git aws.push.
I was using eb create to setup a new environment where the name differed from what I had started with in /.elasticbeanstalk/config.yml
Once I updated the environment reference to the one one I meant to target, eb commands started working as expected.
I had this issue too. For me, it was because I had outdated credentials in my ~/.aws/config file. Fixing that solved the problem.