search

aws-amplify / amplify-cli

The AWS Amplify CLI is a toolchain for simplifying serverless web and mobile development.
Apache License 2.0
2.81k stars 819 forks source link

The Value field of every Outputs member must evaluate to a String and not a Map. #12076

Closed mctang719 closed 1 year ago

mctang719 commented 1 year ago

How did you install the Amplify CLI?

npm

If applicable, what version of Node.js are you using?

v18.7.0

Amplify CLI Version

10.7.3

What operating system are you using?

Mac

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

No

Describe the bug

after I created a new function with amplify add function and ran amplify push to create the new resource in cloudformation. I am getting "Template format error: The Value field of every Outputs member must evaluate to a String and not a Map. " on a resource that wasn't even changed.

The only "Value" section is autogenerated by the CLI and I didn't touch it. 

├───────────┼───────────────────────────┼───────────┼───────────────────┤
│ Function  │ xxxxxxxxxgremlin          │ No Change │ awscloudformation │
└───────────┴───────────────────────────┴───────────┴───────────────────┘

🛑 The following resources failed to deploy:
Resource Name: functionxxxxxxxxxgremlin (AWS::CloudFormation::Stack)
Event Type: update
Reason: Template format error: The Value field of every Outputs member must evaluate to a String and not a Map.

the auto updated Value field after running amplify push

  "Outputs": {
    "Arn": {
      "Value": {}
    }
  }

Expected behavior

it should push successfully

Reproduction steps

having a function layer

  1. amplify pull
  2. amplify add function (not under the layer)
  3. amplify push

Project Identifier

No response

Log output

``` # Put your logs below this line ```

Additional information

No response

Before submitting, please confirm:

josefaidt commented 1 year ago

Hey @mctang719 :wave: thanks for raising this! As we begin to look at this in more depth, what were the choices made for amplify add function? Adding a new function in my project produces the following Output block in the function's CloudFormation template:

"Outputs": {
    "Name": {
      "Value": {
        "Ref": "LambdaFunction"
      }
    },
    "Arn": {
      "Value": {
        "Fn::GetAtt": [
          "LambdaFunction",
          "Arn"
        ]
      }
    },
    "Region": {
      "Value": {
        "Ref": "AWS::Region"
      }
    },
    "LambdaExecutionRole": {
      "Value": {
        "Ref": "LambdaExecutionRole"
      }
    },
    "LambdaExecutionRoleArn": {
      "Value": {
        "Fn::GetAtt": [
          "LambdaExecutionRole",
          "Arn"
        ]
      }
    }
  }
mctang719 commented 1 year ago

The added function has the similar outputs you described. But this happened to an existing lambda layer I have not touched for months. When I ran amplify push, it updated the cloud formation of that layer automatically despite there was 0 change done to it.

On Wed, Feb 22, 2023 at 8:10 AM josef @.***> wrote:

Hey @mctang719 https://github.com/mctang719 👋 thanks for raising this! As we begin to look at this in more depth, what were the choices made for amplify add function? Adding a new function in my project produces the following Output block in the function's CloudFormation template:

"Outputs": {

"Name": {

  "Value": {

    "Ref": "LambdaFunction"

  }

},

"Arn": {

  "Value": {

    "Fn::GetAtt": [

      "LambdaFunction",

      "Arn"

    ]

  }

},

"Region": {

  "Value": {

    "Ref": "AWS::Region"

  }

},

"LambdaExecutionRole": {

  "Value": {

    "Ref": "LambdaExecutionRole"

  }

},

"LambdaExecutionRoleArn": {

  "Value": {

    "Fn::GetAtt": [

      "LambdaExecutionRole",

      "Arn"

    ]

  }

}

}

— Reply to this email directly, view it on GitHub https://github.com/aws-amplify/amplify-cli/issues/12076#issuecomment-1440326499, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEFVUJYUIWAZUGSJ425HQ3LWYY3APANCNFSM6AAAAAAVD4T7DI . You are receiving this because you were mentioned.Message ID: @.***>

josefaidt commented 1 year ago

Hey @mctang719 thanks for clarifying. You're seeing this error after attempting to push a newly-added function, but the error is regarding your Lambda Layer?

mctang719 commented 1 year ago

yes, that is correct @josefaidt. I tried to delete the function I newly created and pull the cloud resource, but it still has the issue. I can show you the full cloudformation info if there is a private channel.

mctang719 commented 1 year ago

so, before, my layer has the following config:

"Resources": {
    "LambdaLayerVersionb7741f08": {
      "Type": "AWS::Lambda::LayerVersion",
      "Properties": {
        "CompatibleRuntimes": [
          "nodejs14.x"
        ],
...

"Outputs": {
    "Arn": {
      "Value": {
        "Ref": "LambdaLayerVersionb7741f08"
      }
    }
  }

but after I ran amplify push, the config gets changed during the deployment to 

 "Resources": {
    "LambdaLayerPermissionAwsAccountsxxxxLegacy19": {
      "Type": "AWS::Lambda::LayerVersionPermission",
      "Properties": {
        "Action": "lambda:GetLayerVersion",
        "LayerVersionArn": "arn:aws:lambda:us-west-2:xxxxx:layer:hefaystusgremlin-prod:19",
        "Principal": "xxxxxxx"
      }
    },
    "LambdaLayerPermissionPrivateLegacy19": {
      "Type": "AWS::Lambda::LayerVersionPermission",
      "Properties": {
        "Action": "lambda:GetLayerVersion",
        "LayerVersionArn": "arn:aws:lambda:us-west-2:xxxxx:layer:hefaystusgremlin-prod:19",
        "Principal": {
          "Ref": "AWS::AccountId"
        }
      }
    },
    "LambdaLayerVersion08cebfbe": {
      "Type": "AWS::Lambda::LayerVersion",
      "Properties": {
...

"Outputs": {
    "Arn": {
      "Value": {}
    }
  }

this fails instantly during deployment.

I tried to manually update the value to "Value": "LambdaLayerVersion08cebfbe" but it gets wiped out too.

mctang719 commented 1 year ago

ok, here is my current hacky and potentially dangerous walkaround to get my newly created function deployed. I waited in the cloudformation screen inside the text editor, the moment amplify push wipes the arn values to {}, I hit command + z to revert it back. The deployment will get stuck in a dead loop trying to deploy LambdaLayerVersion08cebfbe. I then wait until my new function has been created in cloudformation console, I hit abort locally. However, I think this shouldn't be a normal behavior.

mctang719 commented 1 year ago

I even tried to delete all the new functions I created and re-run the push, it seems like those legacy19 18 17... are failing with 

The following resource(s) failed to create: [LambdaLayerPermissionAwsAccountsxxx08cebfbeLegacy18]. The following resource(s) failed to update: [LambdaLayerPermissionAwsAccountsxxx08cebfbe].

1 validation error detected: Value 'xxx08cebfbe' at 'principal' failed to satisfy constraint: Member must satisfy regular expression pattern: \d{12}|\*|arn:(aws[a-zA-Z-]*):iam::\d{12}:root (Service: AWSLambdaInternal; Status Code: 400; Error Code: ValidationException; Request ID: 7f993321-fdbf-45fa-8397-48b3b73b1285; Proxy: null)
mctang719 commented 1 year ago

So, I fixed this issue by doing the cmd+z inside the cloudformation while those legacy deployments were generated. This time it didn't get stuck inside a dead loop as it did previously. I am assuming I might have hit a very rare edge case. but I am good for now. Feel free to close this ticket if needed. But I am happy to see if there will be any investigation done. I will be happy to provide more details. Thanks

josefaidt commented 1 year ago

Hey @mctang719 thanks for clarifying and glad you found a way around this issue, albeit a bit of a rough workaround. If you run amplify update function, select "layers" and make some arbitrary update does this patch the Layer's CFN template with the proper output value? If so, are you able to push with amplify push --force?

If not, can you check the #current-cloud-backend.zip archive in your project's deployment bucket to see if the layer's CFN template there also contains the mismatch?

josefaidt commented 1 year ago

Hey @mctang719 I wanted to follow-up here and see if you're still experiencing this?

dan-hook commented 1 year ago

The exact same thing is happening to me. The version in current-cloud-backend looks like:

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "Lambda layer resource stack creation using Amplify CLI",
  "Parameters": {
    "env": {
      "Type": "String"
    },
    "deploymentBucketName": {
      "Type": "String"
    },
    "s3Key": {
      "Type": "String"
    },
    "description": {
      "Type": "String",
      "Default": ""
    },
    "runtimes": {
      "Type": "List<String>"
    }
  },
  "Resources": {
    "LambdaLayerVersionace9c0ca": {
      "Type": "AWS::Lambda::LayerVersion",
      "Properties": {
        "CompatibleRuntimes": {
          "Ref": "runtimes"
        },
        "Content": {
          "S3Bucket": {
            "Ref": "deploymentBucketName"
          },
          "S3Key": {
            "Ref": "s3Key"
          }
        },
        "Description": {
          "Ref": "description"
        },
        "LayerName": {
          "Fn::Sub": [
            "genepanelapiawstools-${env}",
            {
              "env": {
                "Ref": "env"
              }
            }
          ]
        }
      },
      "DeletionPolicy": "Delete",
      "UpdateReplacePolicy": "Retain"
    },
    "LambdaLayerPermissionAwsOrgo6bkihxi56yace9c0ca": {
      "Type": "AWS::Lambda::LayerVersionPermission",
      "Properties": {
        "Action": "lambda:GetLayerVersion",
        "LayerVersionArn": {
          "Ref": "LambdaLayerVersionace9c0ca"
        },
        "OrganizationId": "o-6bkihxi56y",
        "Principal": "*"
      }
    },
    "LambdaLayerPermissionPrivateace9c0ca": {
      "Type": "AWS::Lambda::LayerVersionPermission",
      "Properties": {
        "Action": "lambda:GetLayerVersion",
        "LayerVersionArn": {
          "Ref": "LambdaLayerVersionace9c0ca"
        },
        "Principal": {
          "Ref": "AWS::AccountId"
        }
      }
    }
  },
  "Outputs": {
    "Arn": {
      "Value": {
        "Ref": "LambdaLayerVersionace9c0ca"
      }
    }
  }
}

But if I have that as my template, after I run 'amplify push' it updates to:

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "Lambda layer resource stack creation using Amplify CLI",
  "Parameters": {
    "env": {
      "Type": "String"
    },
    "deploymentBucketName": {
      "Type": "String"
    },
    "s3Key": {
      "Type": "String"
    },
    "description": {
      "Type": "String",
      "Default": ""
    },
    "runtimes": {
      "Type": "List<String>"
    }
  },
  "Resources": {
    "LambdaLayerPermissionAwsOrgo6bkihxi56yLegacy10": {
      "Type": "AWS::Lambda::LayerVersionPermission",
      "Properties": {
        "Action": "lambda:GetLayerVersion",
        "LayerVersionArn": "arn:aws:lambda:us-east-1:758379629894:layer:genepanelapiawstools-int:10",
        "OrganizationId": "o-6bkihxi56y",
        "Principal": "*"
      }
    },
    "LambdaLayerPermissionPrivateLegacy10": {
      "Type": "AWS::Lambda::LayerVersionPermission",
      "Properties": {
        "Action": "lambda:GetLayerVersion",
        "LayerVersionArn": "arn:aws:lambda:us-east-1:758379629894:layer:genepanelapiawstools-int:10",
        "Principal": {
          "Ref": "AWS::AccountId"
        }
      }
    },
    "LambdaLayerVersion3864f048": {
      "Type": "AWS::Lambda::LayerVersion",
      "Properties": {
        "CompatibleRuntimes": [
          "python3.9"
        ],
        "Content": {
          "S3Bucket": {
            "Ref": "deploymentBucketName"
          },
          "S3Key": "amplify-builds/genepanelapiawstools-LambdaLayerVersion3864f048-build.zip"
        },
        "Description": "Updated layer version 2023-03-17T07:37:03.061Z",
        "LayerName": {
          "Fn::Sub": [
            "genepanelapiawstools-${env}",
            {
              "env": {
                "Ref": "env"
              }
            }
          ]
        }
      },
      "DeletionPolicy": "Delete",
      "UpdateReplacePolicy": "Retain"
    },
    "LambdaLayerPermissionAwsOrgo6bkihxi56y3864f048": {
      "Type": "AWS::Lambda::LayerVersionPermission",
      "Properties": {
        "Action": "lambda:GetLayerVersion",
        "LayerVersionArn": "arn:aws:lambda:us-east-1:758379629894:layer:genepanelapiawstools-int:9",
        "OrganizationId": "o-6bkihxi56y",
        "Principal": "*"
      }
    },
    "LambdaLayerPermissionPrivate3864f048": {
      "Type": "AWS::Lambda::LayerVersionPermission",
      "Properties": {
        "Action": "lambda:GetLayerVersion",
        "LayerVersionArn": "arn:aws:lambda:us-east-1:758379629894:layer:genepanelapiawstools-int:9",
        "Principal": {
          "Ref": "AWS::AccountId"
        }
      }
    },
    "LambdaLayerPermissionAwsOrgo6bkihxi56yLegacy8": {
      "Type": "AWS::Lambda::LayerVersionPermission",
      "Properties": {
        "Action": "lambda:GetLayerVersion",
        "LayerVersionArn": "arn:aws:lambda:us-east-1:758379629894:layer:genepanelapiawstools-int:8",
        "OrganizationId": "o-6bkihxi56y",
        "Principal": "*"
      }
    },
    "LambdaLayerPermissionPrivateLegacy8": {
      "Type": "AWS::Lambda::LayerVersionPermission",
      "Properties": {
        "Action": "lambda:GetLayerVersion",
        "LayerVersionArn": "arn:aws:lambda:us-east-1:758379629894:layer:genepanelapiawstools-int:8",
        "Principal": {
          "Ref": "AWS::AccountId"
        }
      }
    },
    "LambdaLayerPermissionAwsOrgo6bkihxi56yLegacy7": {
      "Type": "AWS::Lambda::LayerVersionPermission",
      "Properties": {
        "Action": "lambda:GetLayerVersion",
        "LayerVersionArn": "arn:aws:lambda:us-east-1:758379629894:layer:genepanelapiawstools-int:7",
        "OrganizationId": "o-6bkihxi56y",
        "Principal": "*"
      }
    },
    "LambdaLayerPermissionPrivateLegacy7": {
      "Type": "AWS::Lambda::LayerVersionPermission",
      "Properties": {
        "Action": "lambda:GetLayerVersion",
        "LayerVersionArn": "arn:aws:lambda:us-east-1:758379629894:layer:genepanelapiawstools-int:7",
        "Principal": {
          "Ref": "AWS::AccountId"
        }
      }
    }
  },
  "Outputs": {
    "Arn": {
      "Value": {}
    }
  }
}

I suspect that something has gone wrong with the way I manage environments across accounts.

dan-hook commented 1 year ago

I was able to get past the issue by randomly permuting stuff: specifically I changed the permissions for future versions of the layer to be for an account and I changed one of the package versions in the layer so it would create a new version.

josefaidt commented 1 year ago

Hey @dan-hook thanks for chiming in here! What sort of permissions were previously applied to the Lambda Layer? What were the changes made prior to receiving this?

ryanchuleff commented 1 year ago

Just jumping on this as well, but it started doing this for me after I ran an amplify push function. That deploy failed for an unrelated reason, and now my layer throws this error despite not having made any changes to it in months.

My CloudFormation stack gets updated in the same way as those shown above with an empty {}. Running amplify pull doesn't solve it.

I was able to resolve it by making a change to my layer (adding a new package) that forced it to generate a new version. Changing the layer permissions (changing from specific account access to public access) did not solve the problem.

josefaidt commented 1 year ago

Hey @ryanchuleff thanks for chiming in here! After reading your comment I attempted to reproduce by pushing a Lambda function that is associated to a Lambda Layer to no avail. Is the specific function you pushed attached to a layer? What was the push failure?

josefaidt commented 1 year ago

Hey @mctang719 and @ryanchuleff are y'all still experiencing this?

josefaidt commented 1 year ago

Closing due to inactivity

github-actions[bot] commented 1 year ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.