search

aws-amplify / amplify-backend

Home to all tools related to Amplify's code-first DX (Gen 2) for building fullstack apps on AWS
Apache License 2.0
137 stars 46 forks source link

Deployment fails when I add "npx ampx pipeline-deploy" to the build settings #1674

Open nikolai-kosolapov opened 5 days ago

nikolai-kosolapov commented 5 days ago

Environment information

System:
  OS: Windows 11 10.0.22631
  CPU: (12) x64 Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
  Memory: 17.61 GB / 31.88 GB
Binaries:
  Node: 20.14.0 - C:\Program Files\nodejs\node.EXE
  Yarn: undefined - undefined
  npm: 10.8.1 - C:\Program Files\nodejs\npm.CMD
  pnpm: undefined - undefined
NPM Packages:
  @aws-amplify/backend: 1.0.3
  @aws-amplify/backend-cli: 1.0.4
  aws-amplify: 6.3.7
  aws-cdk: 2.147.0
  aws-cdk-lib: 2.147.0
  typescript: 5.5.2
AWS environment variables:
  AWS_NODEJS_CONNECTION_REUSE_ENABLED = 1
  AWS_STS_REGIONAL_ENDPOINTS = regional
No CDK environment variables
  Node: 20.14.0 - C:\Program Files\nodejs\node.EXE
  Yarn: undefined - undefined
  npm: 10.8.1 - C:\Program Files\nodejs\npm.CMD
  pnpm: undefined - undefined
NPM Packages:
  @aws-amplify/backend: 1.0.3
  @aws-amplify/backend-cli: 1.0.4
  aws-amplify: 6.3.7
  aws-cdk: 2.147.0
  aws-cdk-lib: 2.147.0
  typescript: 5.5.2
AWS environment variables:
  AWS_NODEJS_CONNECTION_REUSE_ENABLED = 1
  AWS_STS_REGIONAL_ENDPOINTS = regional
No CDK environment variables
`

Description

I'm trying to add Amplify to my existing Expo React Native app.

I was trying to add Authentication but nothing happened. Then I noticed that in build section there is no backend section. A added the following:

backend:
  phases:
    build:
      commands:
        - npm ci --cache .npm --prefer-offline
        - npx ampx pipeline-deploy --branch $AWS_BRANCH --app-id $AWS_APP_ID

but now I have errors during the deployment:

2024-06-24T07:51:09.370Z [INFO]: # Executing command: npx ampx pipeline-deploy --branch $AWS_BRANCH --app-id $AWS_APP_ID
2024-06-24T07:51:18.075Z [INFO]: 
2024-06-24T07:51:24.280Z [INFO]: ✨  Synthesis time: 0.06s
2024-06-24T07:51:24.380Z [INFO]: current credentials could not be used to assume 'arn:aws:iam::073653171576:role/cdk-hnb659fds-deploy-role-073653171576-us-east-1', but are for the right account. Proceeding anyway.
2024-06-24T07:51:24.382Z [INFO]: current credentials could not be used to assume 'arn:aws:iam::073653171576:role/cdk-hnb659fds-deploy-role-073653171576-us-east-1', but are for the right account. Proceeding anyway.
2024-06-24T07:51:24.384Z [INFO]: current credentials could not be used to assume 'arn:aws:iam::073653171576:role/cdk-hnb659fds-deploy-role-073653171576-us-east-1', but are for the right account. Proceeding anyway.
2024-06-24T07:51:24.385Z [INFO]: current credentials could not be used to assume 'arn:aws:iam::073653171576:role/cdk-hnb659fds-deploy-role-073653171576-us-east-1', but are for the right account. Proceeding anyway.
2024-06-24T07:51:24.386Z [INFO]: current credentials could not be used to assume 'arn:aws:iam::073653171576:role/cdk-hnb659fds-deploy-role-073653171576-us-east-1', but are for the right account. Proceeding anyway.
2024-06-24T07:51:24.388Z [INFO]: current credentials could not be used to assume 'arn:aws:iam::073653171576:role/cdk-hnb659fds-deploy-role-073653171576-us-east-1', but are for the right account. Proceeding anyway.
2024-06-24T07:51:24.389Z [INFO]: current credentials could not be used to assume 'arn:aws:iam::073653171576:role/cdk-hnb659fds-deploy-role-073653171576-us-east-1', but are for the right account. Proceeding anyway.
2024-06-24T07:51:24.390Z [INFO]: current credentials could not be used to assume 'arn:aws:iam::073653171576:role/cdk-hnb659fds-deploy-role-073653171576-us-east-1', but are for the right account. Proceeding anyway.
2024-06-24T07:51:24.792Z [INFO]: 
2024-06-24T07:51:24.834Z [INFO]: 
2024-06-24T07:51:24.835Z [WARNING]: ampx pipeline-deploy
                                    Command to deploy backends in a custom CI/CD pipeline. This command is not inten
                                    ded to be used locally.
                                    Options:
                                    --debug            Print debug logs to the console  [boolean] [default: false]
                                    --help             Show help                                         [boolean]
                                    --branch           Name of the git branch being deployed   [string] [required]
                                    --app-id           The app id of the target Amplify app    [string] [required]
                                    --outputs-out-dir  A path to directory where amplify_outputs is written. If no
                                    t provided defaults to current process working directory.
                                    [string]
                                    --outputs-version  Version of the configuration. Version 0 represents classic
                                    amplify-cli config file amplify-configuration and 1 represe
                                    nts newer config file amplify_outputs
                                    [string] [choices: "0", "1"] [default: "1"]
2024-06-24T07:51:24.835Z [INFO]: CloudFormationDeploymentError: The CloudFormation deployment has failed.
                                 Resolution: Find more information in the CloudFormation AWS Console for this stack.
2024-06-24T07:51:24.835Z [INFO]: Cause: ❌ Deployment failed: Error: amplify-d36cs3s365wjpi-dev-branch-778c52acd7: This CDK deployment requires bootstrap stack version '6', but during the confirmation via SSM parameter /cdk-bootstrap/hnb659fds/version the following error occurred: AccessDeniedException: User: arn:aws:sts::073653171576:assumed-role/AemiliaControlPlaneLambda-CodeBuildRole-1PJH7JZRIQRPI/AWSCodeBuild-18dc5e99-c364-455f-a6c2-c76ece8bae03 is not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:us-east-1:073653171576:parameter/cdk-bootstrap/hnb659fds/version because no identity-based policy allows the ssm:GetParameter action
2024-06-24T07:51:24.839Z [INFO]: CloudFormationDeploymentError: The CloudFormation deployment has failed.
2024-06-24T07:51:24.839Z [INFO]: Resolution: Find more information in the CloudFormation AWS Console for this stack.
                                 Cause: ❌ Deployment failed: Error: amplify-d36cs3s365wjpi-dev-branch-778c52acd7: This CDK deployment requires bootstrap stack version '6', but during the confirmation via SSM parameter /cdk-bootstrap/hnb659fds/version the following error occurred: AccessDeniedException: User: arn:aws:sts::073653171576:assumed-role/AemiliaControlPlaneLambda-CodeBuildRole-1PJH7JZRIQRPI/AWSCodeBuild-18dc5e99-c364-455f-a6c2-c76ece8bae03 is not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:us-east-1:073653171576:parameter/cdk-bootstrap/hnb659fds/version because no identity-based policy allows the ssm:GetParameter action
2024-06-24T07:51:24.939Z [ERROR]: !!! Build failed
anbraten commented 4 days ago

We had a similar issue and kinda fixed it by adding AmazonSSMFullAccess 🙈 in IAM to the user we use for running npx ampx pipeline-deploy:

However now I am stuck with:

 ❌ Deployment failed: Error: amplify-xxx-deploy-branch-xxx: SSM parameter /cdk-bootstrap/xxx/version not found. Has the environment been bootstrapped? Please run 'cdk bootstrap' (see https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html)
    at Deployments.validateBootstrapStackVersion (/home/test-project/node_modules/.pnpm/aws-cdk@2.147.0/node_modules/aws-cdk/lib/index.js:454:12210)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async Deployments.buildSingleAsset (/home/test-project/node_modules/.pnpm/aws-cdk@2.147.0/node_modules/aws-cdk/lib/index.js:454:10975)
    at async Object.buildAsset (/home/test-project/node_modules/.pnpm/aws-cdk@2.147.0/node_modules/aws-cdk/lib/index.js:454:197349)
    at async /home/test-project/node_modules/.pnpm/aws-cdk@2.147.0/node_modules/aws-cdk/lib/index.js:454:181491
amplify-xxx-deploy-branch-xxx: SSM parameter /cdk-bootstrap/xxx/version not found. Has the environment been bootstrapped? Please run 'cdk bootstrap' (see https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html)
ykethan commented 4 days ago

Hey @anbraten @nikolai-kosolapov, does the service role attached to the app have the AmplifyBackendDeployFullAccess attached?

nikolai-kosolapov commented 4 days ago

I have to create a new app. In old one I cannot set the role even if ui says it is set up successfully.

image
Jay2113 commented 2 days ago

@nikolai-kosolapov @anbraten Can you confirm if these are the accurate reproduction steps for the issue you're facing. If not, feel free to provide any additional details or clarifications to ensure we have a clear understanding of the problem:

  1. Start with an existing Gen 1 frontend-only app and add a Gen 2 backend to it.
  2. Update the amplify.yml file to include the relevant backend build steps ampx pipeline-deploy.
  3. Deployment fails due to missing service role.
  4. Create an IAM role with AmplifyBackendDeployFullAccess policy.
  5. Navigate to General settings -> Edit -> Select the service role -> Save.
  6. The service role is not persisted in the console after saving.
nikolai-kosolapov commented 2 days ago

I had my react native repo without amplify app. I created an Amplify app from that repo. Then I added Amplify code locally (authentication) I added backend section to the build configuration.