Some bugs when running cdk synth #11
Comments
|
Hi, the hard-coded us-east-1 region is used by CloudFront (see the AWS Region that You Request a Certificate In section of the documents). Your AWS CLI profile's region is the one that should be used. I have tested (ran the workshops) in us-west-2, so other regions should be fine as long as the ACM certificate resides in us-east-1. I think on the static_site_construct.py there was a a breaking change in the CDK 1.18.0 or later. I'll review and correct using the latest version of CDK (1.19.0) in the next couple of days. For now, you can try installing CDK 1.17.0 via npm and test that. |
|
Hi Gavin, I managed to deploy the cdd stack, next step is to deploy the application. Regarding the two issues I listed in the first comment:
|
|
Hi @gytelek , I've confirmed there is a change in CDK 1.18.0 to 1.19.0 and above. The When you do a The Origin Access Identity is needed by CloudFront to access the S3 bucket (it is locked down by default), so if you have the time, I'd suggest:
I'll keep this open until we can resolve the pinned versions of CDK and update the Python code to reflect the latest CDK changes. |
|
OK, I am doing what you suggested but it needs time (I do it in my free time not as part of my job). I will come back to you if I managed to deploy the stack again. |
|
Hi, I managed to deploy the stack again, it didn't take too much time. Now I am trying to deplay the app (from a Cloud9 environment) but it fails: (.env) ec2-user:~/environment/connected-drink-dispenser-workshop/deploy (master) $ python3 deploy_app.py error Command failed with signal "SIGKILL". Do you have any idea what is the problem? I am not familiar with vue-cli-service at all. |
Let me run through the deploy script and see what's up. |
|
Hi, I was able to correctly build and deploy via Cloud9. Then I saw that I missed a push to the repo that resolves the CDK 1.20.0 changes. With that I also turned off the error checks for The deployment steps should work fine and with less errors now. If you could do a Oh, and thank you for working with this outside you're normal work hours. We appreciate the feedback and anything to help make the process easier! |
|
Hi, I didn't delete the existing stack, I made just a |
|
And regarding my free time: I do it with pleasure, I find the combination of embedded devices and AWS very interesting :-) Unfortunately I couldn't finish the workshop in Las Vegas and I would like to complete it. And I can occasionally do something in the office e.g. if I have to wait for the build to be completed ... |
Hmmm, you shouldn't have to do anything special. Could you check the contents of We'll get this sorted out. |
|
Good news: I managed to deploy the application, the website is now available. The problem was that my Cloud9 environment used t3.nano which has only 0.5 GB memory which was not enough for the build process. This is why it has got killed. Now I can start the workshop again as a participant. I hardly wait playing with the MCU :-) One note: I had to delete the '[3:]' in line 72 of cdk_app.py because my registered domain doesn't have www. But I think it is a problem with my registration. Thank you for your support. |
|
Hi Gavin, I am back to you again :-( I hoped everything works fine but unfortunately not. I tried to create a new user: sms identification works fine but the site stays stucked in "Loading resources". I can see the new user in the UserTable in state CREATING but I cannot see any new CloudFormation stack or Cloud9 environment. |
|
Check the CloudWatch log for the |
|
I found following in the Cloudwatch log, it seems to be relevant: [WARNING] 2020-01-10T13:54:07.859Z 51c67b90-03df-4228-9ded-66a25b30c06c Error calling iam.get_account_password_policy() (will retry) for user gytelek, error: An error occurred (NoSuchEntity) when calling the GetAccountPasswordPolicy operation: The Password Policy with domain name 502140257954 cannot be found. Retried many times then timed out. Website (dispenser_app) contains AWSIoT endpoint for my account but no AWS Console Details, empty private key file, empty amazon root ca1 file. |
|
Today I deleted the stack and recreated it again. No problem with deploying the stack and application. I assume before doing anything I should login as admin in order to create further resources (e.g. userpool). Unfortunately I couldn't login as admin, it stucked in "loading resources" (last time I forgot to say that I experienced the same problem before trying to create a new user). I can see the admin user in the UserTable and I can see the userpool having the admin user in Cognito. In the CloudWatch logs of ApiGetResources lambda I found following error message: [ERROR] KeyError: 'custom:dispenserId' Should the application send a dispenserid without any dispenser? |
|
Ah, for now there is no need to login as the For now I'm going to add logic to the app and API calls to not attempt resource creation for the admin user at this point. |
|
Hi Gavin, I experienced the same as before. More details:
I can sign in as the new user but AWS Console details are empty (all three entries). AWS IoT details an endpoint which seems to be valid. |
|
That error is helpful. You shouldn't need to log in with the admin user to create resources, those are only needed for the users themselves. What errors did you see when trying to create a new user without signing in as admin first? I see where the problem resides: the In the meantime, you can correct by logging into the console, IAM->Account Settings->Set password policy, then create a policy (the workshop uses min length=6, require symbols=false, require numbers=true, require upper=false, require lower=true, and allow users to change password=false). I'll get a fix into the code later today that will create a policy if one doesn't exist. If one does exist, we just swap between the existing policy and the one needed to create the users with easy to enter passwords. |
|
Code corrected. You'll need to pull the changes then do a |
|
I deleted and deployed the stack again using the new code. It seems to work more better:
I could login in AWS as the new user and I have the Cloud9 environment. I assume I can now connect the device to AWS. Do I need the new users's environment or can I work as admin? How/Under which account is the new user billed? |
|
Glad you've got it working. The Cloud9 warning is to be expected. Once an IAM users is created, it takes a period of time (2-30 seconds) for that user to be available to the Cloud9 service. So in the create steps, we loop on that process until it succeeds. Yes, at this point, with a user created you can run through the workshop. Since that user and all the resources are under the account where the CloudFormation stack is created, all billing happens there. So it's good to destroy the stack when your are done with the workshop to limit billing (e.g., the storage for the Cloud9 instance, DynamoDB, Cognito, etc.). For the workshop the admin user is not needed, it's an early artifact for some enhancements. To run the workshop you just need the user account created. If it's just one user, there is no programmatic way to give credits, but you can use your administrative IAM user to edit the DynamoDB table to edit the credit value. |
|
Hi Gavin, I took time because I didn't have time for it but today I managed to finish the workshop. The dispenser works fine. I didn't have any problem in the second part (what is/was actually the original workshop). My next goal is to update the firmware on-the-air. Can you please tell me where can I find the code for the dispenser device? I made a short search under device_firmware/demos but I couldn't identify it. |
|
Apologies for the delay, I was away from "technology" last week. Glad to see everything working! the code base we used is located under Closing out this issue since everything is working, but feel free to open others as needed. |
I found following bugs when running cdk synth:
The text was updated successfully, but these errors were encountered: