How to create Amplify React app from AWS CLI - amazon-web-services

I have problem that I want to create AWS Amplify React app in our CI pipeline. How do I create Amplify app from AWS CLI? Files should come from S3. Git is not an option in this case.
aws --profile master amplify create-app --name appName
This command creates amplify app, but how do i get it to use S3 files, zipped or not.

Execute following aws-cli commands; There can be different combinations of commands as well.
Step 1: To create app with name as appName. aws amplify create-app --name appName --region eu-west-1
Step 2: To create branch. aws amplify create-branch --region eu-west-1 --app-id "{appId from Step 1 here}" --branch-name "master". There are other ways to create branch as well.
Step 3: To deploy. aws amplify start-deployment --region eu-west-1 --app-id "{appId from Step 1 here}" --branch-name "master" --source-url "s3://{s3-bucket-name}/app_src_package.zip"
Step 4: To verify deployment status, aws amplify get-job --region eu-west-1 --app-id "{appId from Step 1 here}" --branch-name "master" --job-id "{jobId from Step 3 here}"
Note: Make sure your IAM user/role has required amplify & s3 policies.

Related

Unable to deploy pipeline to AWS CI/CD account

I am trying to deploy pipeline to CI/CD account. However I'm getting below error.
npm run cdk deploy LandingPagePipelineStack -- --profile cicd
> landingpage#0.3.13 cdk
> cdk deploy LandingPagePipelineStack --profile cicd
Failed to get credentials for "cicd" profile. Make sure to run "aws configure sso --profile cicd && aws sso login --profile cicd"
I have also tried to logged in using below command and it was successful.
aws configure sso --profile cicd && aws sso login --profile cicd
I'm following step number 5 at AWS tutorial.
Please help me to deploy pipeline to CI/CD account.
After you execute the command in the output (aws configure sso --profile cicd && aws sso login --profile cicd) you should be able to simply execute npm run cdk deploy LandingPagePipelineStack -- --profile cicd
Make sure that any time you want to execute cdk with sso context, that you have active temp credentials, by executing sso login

AWS CDK deploy from circleCi fails with credential error but other aws services do not

I am running a cdk deploy build on circleCi, and when the step CDK deploy comes it gives me "Need to perform AWS calls for account ************, but no credentials have been configured".
But for the troubleshooting i tried other commands as well like
aws s3 ls
aws aws cloudformation list-stacks
These above commands we working fine, also able to run command to create a cloudformation with same config but not able to run cdk deploy. the access key and secret i am using has Admin access.
Set the creds with a profile name using aws-cli Orb in CircleCI and
try using the below command to deploy with CDK
cdk deploy --all --profile cdkprofile
For reference, in CircleCI
orbs:
aws-cli: circleci/aws-cli#2.0.3
commands:
env-setup:
description: AWS Env Setup
steps:
- aws-cli/setup:
profile-name: cdkprofile
aws-access-key-id: AWS_ACCESS_KEY_ID
aws-secret-access-key: AWS_SECRET_ACCESS_KEY
And assumption is AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are set as CircleCI env variables
As a starting note: The best way to troubleshoot is with cdk [command] --verbose (see CLI ref)
CDK has an internal mechanism for finding credentials not directly using AWS CLI (AWS CLI is not a requirement for CDK to run)
In a similar situation with a CI tool, the issue was simply that the ~/.aws/credentials file did not exist (not that you need it with AWS CLI, but in the situation for CDK, it was required)
Credit to this issue reporting: https://github.com/aws/aws-cdk/issues/6947#issue-586402006
Solution tested for above:
For an EC2 running CI tool, with EC2 IAM role
Where ~/.aws/config exists and defined profile(s) with:
credential_source = Ec2InstanceMetadata
role_arn = arn:aws:iam:::role/role-to-assume-in-acctId
Create empty ~/.aws/credentials file
Example error for the problem solved above (from verbose output)
Resolving default credentials
Notices refreshed
Unable to determine the default AWS account: ProcessCredentialsProviderFailure: Profile myprofile did not include credential process
Other causes found in other issues/comments could relate to:
Duplicate profiles
Having credential_process in the profile, set to empty
Needing --profile parameter to be added

AWS ECR Repository - How to copy images from one account and push to another account

I have two accounts - Account A and Account B. In account A, I have a policy with a user from account B can interact with Account A. I have a repository in both accounts. Account B doesn't have a policy set ( Not sure if I need a policy for Account A to interact with it).
My question is how do I push ecr images from Account A into Account B. I would like a copy of Account A image into Account B. Is this possible.
This is not a currently supported feature of ECR so you would need to perform the following steps to migrate from one account to another:
aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com - Run this for the source account
docker pull $SOURCE_IMAGE:$VERSION - Pull the latest tag down to your local
docker tag $SOURCE_IMAGE:$VERSION $TARGET_IMAGE:$VERSION - Tag a new image based on the original source image
aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <aws_account_id>.dkr.ecr.<region>.amazonaws.com - Run this for the target account
docker push $TARGET_IMAGE:$VERSION - Push the docker image upto the target ECR account.
If you want to move all repositry from particularly region to another account (Destination account) then use below script.
It will list all repo from Account A
Pull an image from an account A one by one
Create Repo in Account B
Tag image
push image to account B
#!/bin/bash
TARGET_ACCOUNT_REGION="us-west-2"
DESTINATION_ACCOUNT_REGION="us-west-2"
DESTINATION_ACCOUNT_BASE_PATH="123456.dkr.ecr.$DESTINATION_ACCOUNT_REGION.amazonaws.com/"
REPO_LIST=($(aws ecr describe-repositories --query 'repositories[].repositoryUri' --output text --region $TARGET_ACCOUNT_REGION))
REPO_NAME=($(aws ecr describe-repositories --query 'repositories[].repositoryName' --output text --region $TARGET_ACCOUNT_REGION))
for repo_url in ${!REPO_LIST[#]}; do
echo "star pulling image ${REPO_LIST[$repo_url]} from Target account"
docker pull ${REPO_LIST[$repo_url]}
# Create repo in destination account, remove this line if already created
aws ecr create-repository --repository-name ${REPO_NAME[$repo_url]}
docker tag ${REPO_LIST[$repo_url]} $DESTINATION_ACCOUNT_BASE_PATH/${REPO_NAME[$repo_url]}
docker push $DESTINATION_ACCOUNT_BASE_PATH/${REPO_NAME[$repo_url]}
done
Make sure you already obtain login token for both account or add these command in the script.
aws ecr get-login-password --region $TARGET_ACCOUNT_REGION | docker login --username AWS --password-stdin ${REPO_LIST[$repo_url]}
# destination account login, make sure profile set for accoutn destination
aws ecr get-login-password --region $DESTINATION_ACCOUNT_REGION --profile destination_account | docker login --username AWS --password-stdin ${REPO_LIST[$repo_url]}
aws-cli-cheatsheet
Or you can use one of them
AWS cross-region replication
Cross account replication
Amazon ECR uses registry settings to configure features at the
registry level. The private registry settings are configured
separately for each Region. Currently, the only registry setting is
the replication setting, which is used to configure cross-Region and
cross-account replication of the images in your repositories
cross Region/account Replication feature in AWS
AWS has launched CRR (Cross Region Replication) and CAR (cross account replication)Click here for more info
AWS ECR Cross Region/Account Replication Feature allows replication of NEW objects. If you had an existing repository and wanted to replicate all its objects to another region/account Chris's answer is still the right one.
More Details: https://docs.aws.amazon.com/AmazonECR/latest/userguide/replication.html#replication-considerations

How to see the deployment progress via aws cli

I created a deployment using AWS cli:
aws deploy create-deployment --application-name systest1 --deployment-group-name TEST --s3-location bucket=artifacts,bundleType=zip,key=APP.zip
and I got the out as
{
"deploymentId": "d-559F8S41O"
}
How can I see the status of the deployment?? I believe
aws deploy get-deployment
will show us the status but it will not show continuous progress. Actually, I am using AWS cli so use don't have to go on AWS console and check the deployment status instead he will get the result on gitlab-ci output only. Any suggestion??
Use the below CLI command to get the status:
aws deploy get-deployment --deployment-id d-52EZVE6PC --query "deploymentInfo.[status, creator]" --output text

AWS CodeDeploy - Error deploying - ApplicationDoesNotExistException

I want to deploy a project in AWS using :
$ aws --region eu-central-1 deploy push --application-name DemoApp --s3-location s3://paquirrin-codedeploy/Project1.zip --ignore-hidden-file --source .
But I got this error:
A client error (ApplicationDoesNotExistException) occurred when calling the RegisterApplicationRevision operation: Applications not found for 289558260222
but the application exists:
$ aws deploy list-applications
{
"applications": [
"DemoApp"
]
}
and CodeDeploy agent is running
[root#ip-171-33-54-212 ~]# /etc/init.d/codedeploy-agent status
The AWS CodeDeploy agent is running as PID 2649
but I haven't found the folder deployment-root inside /opt/codedeploy-agent !
You are deploying to region eu-central-1. But you may not be listing the applications in eu-central-1 using following command:
aws deploy list-applications
Instead, use following command to ensure that application exists:
aws deploy list-applications --region eu-central-1