Problem
Right now application configuration is setup in a particular region - whichever region the default profile is configured with.
Application names, however, have to be unique within the account, across regions - mostly to reduce the confusion of working on two projects named the same thing, in different regions.
In order to enforce this restriction right now - we create the application admin role as the name of the application.
|
AdministrationRole: |
|
Type: AWS::IAM::Role |
|
Properties: |
|
RoleName: !Ref AdminRoleName |
So for example, if you run copilot app init my-proj in us-east-1, then run copilot app init my-proj in us-west-2 - the second init should fail.
That currently happens - but the error you get is pretty gross:
Error: execute app init init: describe change set copilot-d2d6af69-9a90-4269-bbaa-204f6e7638b9 for stack codenames-infrastructure-roles: ChangeSetNotFound: ChangeSet [ecscli-d2d6af69-9a90-4269-bbaa-204f6e7638b9] does not exist
status code: 404, request id: ca14ed0a-aa2d-4d7b-bc54-1a20626d8b06
This happens because CloudFormation can't create two roles with the same name since roles are global.
Fix
To fix this, we should check to see if the admin role exists already (which is of the form {app-name}-adminrole).
In the project deploy code:
|
func (cf CloudFormation) DeployApp(in *deploy.CreateAppInput) error { |
|
appConfig := stack.NewAppStackConfig(in) |
|
s, err := toStack(appConfig) |
|
if err != nil { |
|
return err |
|
} |
|
if err := cf.cfnClient.CreateAndWait(s); err != nil { |
|
// If the stack already exists - we can move on to creating the StackSet. |
|
var alreadyExists *cloudformation.ErrStackAlreadyExists |
|
if !errors.As(err, &alreadyExists) { |
|
return err |
|
} |
|
} |
We can add a check which calls fetches StackSetAdminRoleARN() from the stack object, calls IAM (via GetRole) to see if it exists, and if it does returns an error.
Problem
Right now application configuration is setup in a particular region - whichever region the default profile is configured with.
Application names, however, have to be unique within the account, across regions - mostly to reduce the confusion of working on two projects named the same thing, in different regions.
In order to enforce this restriction right now - we create the application admin role as the name of the application.
copilot-cli/templates/app/versions/v1.0.1/app.yml
Lines 31 to 34 in ebd3abd
So for example, if you run
copilot app init my-projinus-east-1, then runcopilot app init my-projinus-west-2- the second init should fail.That currently happens - but the error you get is pretty gross:
This happens because CloudFormation can't create two roles with the same name since roles are global.
Fix
To fix this, we should check to see if the admin role exists already (which is of the form
{app-name}-adminrole).In the project deploy code:
copilot-cli/internal/pkg/deploy/cloudformation/app.go
Lines 26 to 38 in 29349c6
We can add a check which calls fetches
StackSetAdminRoleARN()from the stack object, calls IAM (via GetRole) to see if it exists, and if it does returns an error.