AWS CodeDeploy - Error deploying - ApplicationDoesNotExistException - amazon-web-services

I want to deploy a project in AWS using :
$ aws --region eu-central-1 deploy push --application-name DemoApp --s3-location s3://paquirrin-codedeploy/Project1.zip --ignore-hidden-file --source .
But I got this error:
A client error (ApplicationDoesNotExistException) occurred when calling the RegisterApplicationRevision operation: Applications not found for 289558260222
but the application exists:
$ aws deploy list-applications
{
"applications": [
"DemoApp"
]
}
and CodeDeploy agent is running
[root#ip-171-33-54-212 ~]# /etc/init.d/codedeploy-agent status
The AWS CodeDeploy agent is running as PID 2649
but I haven't found the folder deployment-root inside /opt/codedeploy-agent !

You are deploying to region eu-central-1. But you may not be listing the applications in eu-central-1 using following command:
aws deploy list-applications
Instead, use following command to ensure that application exists:
aws deploy list-applications --region eu-central-1

Related

UnrecognizedClientException when running `aws ecr get-login-password --region eu-west-3` from gitlab CI

I'm trying to run the following command from gitlab CI:
$ aws ecr get-login-password --region eu-west-3
Here's how the job in the .gitlab-ci.yml looks like this
publish-job:
stage: publish
image:
name: amazon/aws-cli:latest
entrypoint: [""]
script:
- aws configure set aws_access_key_id MY_ACCESS_KEY_ID
- aws configure set aws_secret_access_key MY_SECRET_ACCESS_KEY
- aws configure set default.region eu-west-3
- aws ecr get-login-password --region eu-west-3
And at the last step I get the following error:
$ aws ecr get-login-password --region eu-west-3
An error occurred (UnrecognizedClientException) when calling the GetAuthorizationToken operation: The security token included in the request is invalid.
I know there's a similar question on stack overflow but I think it's not the same problem. In that question it's an issue that has to do with permissions. In my case I'm pretty sure it isn't for 2 reasons:
I gave the user associated with the access key AdministratorAccess (temporarily in order to rule out the possibility that I'm dealing with an permissions issue)
I performed the exact same steps (by copying and pasting) with docker and it works, so it's not the credentials. Here's the Dockerfile:
FROM amazon/aws-cli:latest
RUN aws configure set aws_access_key_id THE_SAME_ACCESS_KEY_ID
RUN aws configure set aws_secret_access_key THE_SAME_SECRET_ACCESS_KEY
RUN aws configure set default.region eu-west-3
RUN aws ecr get-login-password --region eu-west-3
Then I ran $ docker build --progress=plain . and the last step returned a hash
Any Idea why those steps give inconsistent results? And how to fix the CI?
I declared an AWS_DEFAULT_REGION environment variable that was preventing the cli from executing the command (even though I hardcoded the credentials at this stage). When I removed the environment variable, everything started working properly.

Running CDK bootstrap against LocalStack fails with credentials error

I'm running LocalStack in docker and trying to deploy CDK resources into it.
LocalStack seems to run OK:
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1cbda0d0c6c5 localstack/localstack:latest "docker-entrypoint.sh" 2 days ago Up 2 days 127.0.0.1:53->53/tcp, 127.0.0.1:443->443/tcp, 127.0.0.1:4510-4530->4510-4530/tcp, 127.0.0.1:4566->4566/tcp, 127.0.0.1:4571->4571/tcp, 127.0.0.1:53->53/udp, 5678/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp localstack_main
I can successfully deploy resources to it using awslocal:
infra> awslocal s3api create-bucket --bucket my-bucket
Location: /my-bucket
infra> awslocal s3api list-buckets
Buckets:
- CreationDate: '2021-11-15T10:28:03+00:00'
Name: my-bucket
Owner:
DisplayName: webfile
ID: bcaf1ffd86f41161ca5fb16fd081034f
Credentials are stored in a named profile:
infra> echo $AWS_PROFILE
LS
infra> cat ~/.aws/config
[default]
region=eu-west-2
output=yaml
[profile LS]
region=eu-west-2
output=yaml
infra> cat ~/.aws/credentials
[default]
aws_access_key_id=test
aws_secret_access_key=test
[LS]
aws_access_key_id=test
aws_secret_access_key=test
However, the problem I'm facing is when I try to introduce CDK to this. My stack is not using an environment. I want to keep it environment agnostic.
const app = new cdk.App();
new InfrastructureStack(app, 'my-stack', {});
When I run cdklocal bootstrap or cdklocal bootstrap --profile LS it returns the following error:
Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment
From the docs I am expecting an environment agnostic stack to deploy the bootstrap resources into the default account and region.
I've also tried explicitly using the account 000000000000 as I've seen some people do with cdklocal bootstrap --profile LS aws://000000000000/eu-west-2 which results in this different error:
⏳ Bootstrapping environment aws://000000000000/eu-west-2...
❌ Environment aws://000000000000/eu-west-2 failed bootstrapping: Error: Need to perform AWS calls for account 000000000000, but no credentials have been configured
at SdkProvider.forEnvironment (/Users/willem/.nvm/versions/node/v14.16.1/lib/node_modules/aws-cdk/lib/api/aws-auth/sdk-provider.ts:149:46)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at Function.lookup (/Users/willem/.nvm/versions/node/v14.16.1/lib/node_modules/aws-cdk/lib/api/bootstrap/deploy-bootstrap.ts:30:17)
at Bootstrapper.legacyBootstrap (/Users/willem/.nvm/versions/node/v14.16.1/lib/node_modules/aws-cdk/lib/api/bootstrap/bootstrap-environment.ts:60:21)
at /Users/willem/.nvm/versions/node/v14.16.1/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:463:24
at async Promise.all (index 0)
at CdkToolkit.bootstrap (/Users/willem/.nvm/versions/node/v14.16.1/lib/node_modules/aws-cdk/lib/cdk-toolkit.ts:460:5)
at initCommandLine (/Users/willem/.nvm/versions/node/v14.16.1/lib/node_modules/aws-cdk/bin/cdk.ts:267:9)
Need to perform AWS calls for account 000000000000, but no credentials have been configured
EDIT: Worth noting that the same issues occur if I bypass bootstrapping altogether and just run cdlocal deploy | cdklocal deploy --profile LS. I've also specified the environment in the CDK source code like this:
const {
CDK_DEFAULT_ACCOUNT = '0000000000',
CDK_DEFAULT_REGION = 'eu-west-2',
} = process.env;
new InfrastructureStack(app, 'my-stack', {
env: { account: CDK_DEFAULT_ACCOUNT, region: CDK_DEFAULT_REGION },
});
Context:
Mac OS Big Sur
ZSH 5.8
AWS version: aws-cli/2.2.40 Python/3.8.8 Darwin/20.6.0 exe/x86_64 prompt/off
CDK version 1.132.0
I've just spent e few hours debugging this same issue.
When I ran cdk bootstrap --profile XXX -v (the -v flag shows more log info), I saw an error where it was trying to get a default AWS account from a cache file located at .cdk/chache/account_partitions.json
This file had a list for the other profiles in the following format:
"AccessKey": {
"accountId": "awsAccountNumber",
"partition": "aws"
}
When I added the info for my profile there, the bootstrap action completed.
I haven't figured out when and how this cache file is updated, but at least it resolved the first problem.
I know this is an old post, but it might help someone else...

How to fix the aws CODE BUILD COMMAND_EXECUTION_ERROR exit status 255

Iam configuring CICD piepline usng aws services code build pilepileline etc, to update the deploymnet in my ecs fargate cluster, In my buildspec.yml file aws ecs cli commands are failing throwing "COMMAND_EXECUTION_ERROR: Error while executing command: aws ecs update-service --services xxxxx. Reason: exit status 255"
I have tried providing permission to the codebuild role with "AmazonECS_FullAccess" policy.
post_build:
commands:
- echo Build completed on `date`
- echo Pushing the Docker images...
- docker push $REPOSITORY_URI:latest
- docker push $REPOSITORY_URI:$IMAGE_TAG
- echo Writing image definitions file...
- printf '[{"name":"xxxxxxx","imageUri":"%s"}]' $REPOSITORY_URI:$IMAGE_TAG > imagedefinitions.json
- cat imagedefinitions.json
- echo Updating ECSfargate service ...
- aws ecs describe-services --services xxxxxxxxxxxxxxxxx
- aws ecs update-service --service xxxxxxxxxxxxxxxxx --desired-count 2 --no-force-new-deployment
Attaching a policy of AmazonEC2ContainerRegistryPowerUser fixed this issue for me.
Error Code 255 means:
255 -- Command failed. There were errors thrown by either the CLI or by the service the request was made to.
https://docs.aws.amazon.com/cli/latest/topic/return-codes.html
As you mentioned you have provided full ECS access to CB role, next thing you can check is why the command is failing: Is it failing on ecs describe or ecs update-service? Since if the Fargate Service did not stabilize, it will result in error 255.
I would suggest to:
1) Just leave the ecs describe command and see if that works.
2) If (1) is successful, then do the ecs update-service and monitor the service in AWS ECS console and/or CW logs group if you Fargate Taskdef has a logGroup entry.
You'll need to grant the permission GetAuthorizationToken of your pipeline to
ecr:*
instead of to
ecr:repository/<you_repo>
because
aws ecr get-login-password --region <aws_region>
is executed against
<account_id>.dkr.ecr.<aws_region>.amazonaws.com
and not against
<account_id>.dkr.ecr.<aws_region>.amazonaws.com/repository/<your_repo>
I have had the same problem as you and the way I fixed it was by following: try going to CodeBuild and then to its IAM Role. AmazonEC2ContainerRegistryFullAccess role and now click on 'Edit' for that code build and select 'Environment' and click on Allow AWS CodeBuild to modify this service role so it can be used with this building project. Now try again.
Using PrivilegedMode mode in the CodeBuild project. The mode is required when building a docker image inside a docker container.
Cheers

How to see the deployment progress via aws cli

I created a deployment using AWS cli:
aws deploy create-deployment --application-name systest1 --deployment-group-name TEST --s3-location bucket=artifacts,bundleType=zip,key=APP.zip
and I got the out as
{
"deploymentId": "d-559F8S41O"
}
How can I see the status of the deployment?? I believe
aws deploy get-deployment
will show us the status but it will not show continuous progress. Actually, I am using AWS cli so use don't have to go on AWS console and check the deployment status instead he will get the result on gitlab-ci output only. Any suggestion??
Use the below CLI command to get the status:
aws deploy get-deployment --deployment-id d-52EZVE6PC --query "deploymentInfo.[status, creator]" --output text

In the elastic beanstalk, I get the message 'Service: Amazon S3, Message: Forbidden'

My eb is currently on the docker platform and will read the Dockerrun.aws.json file on s3.
There is no problem when deploying from the web console, but deploying in the cli environment with the following command fails with the Service: Amazon S3, Message: Forbidden event log.
aws elasticbeanstalk update-environment --region [REGION] --environment-name [ENVIRONMENT_NAME] --version-label [VERSION_LABEL]
Also CloudTrail does not have any error code..
How can I fix it?