Error/Stacktrace on `amplify push` - auth token timeout?

[zfarrell]

Note: If your issue/bug is regarding the AWS Amplify Console service, please log it in the official AWS Amplify Console forum

Describe the bug After running amplify push, i see the normal cloud formation output, for example:

UPDATE_COMPLETE Address AWS::CloudFormation::Stack Thu May 16 2019 11:33:57 GMT-0700 (Pacific Daylight Time)

However, un-expectedly it stops with an error:

UPDATE_COMPLETE Person AWS::CloudFormation::Stack Thu May 16 2019 11:33:57 GMT-0700 (Pacific Daylight Time) 
⠼ Updating resources in the cloud. This may take a few minutes...TypeError: events is not iterable
    at getUniqueStacksEvents (/usr/local/lib/node_modules/@aws-amplify/cli/node_modules/amplify-provider-awscloudformation/src/aws-utils/aws-cfn.js:429:28)
    at getStackEvents.then (/usr/local/lib/node_modules/@aws-amplify/cli/node_modules/amplify-provider-awscloudformation/src/aws-utils/aws-cfn.js:136:30)
    at processTicksAndRejections (internal/process/next_tick.js:81:5)

2019-05-16T18:34:08.054Z - error: uncaughtException: The security token included in the request is expired date=Thu May 16 2019 11:34:08 GMT-0700 (Pacific Daylight Time),

This happened right around then, so i'm guessing this is an edge case where the security token expired while polling for logs?

To Reproduce See above.

Expected behavior No error should be shown, token should be refreshed.

Additional context I'm using amplify-cli version 1.6.6

[kaustavghosh06]

@zfarrell Yes, you're right...your security token expired while the push command was executing. You might want to replace your security token and run the push command again. Feel free to re-open or comment on this issue if you're still stuck.

[zfarrell]

Isn't amplify managing the security token?

I configured it to use one of my profiles, but i don't have any explicit security token set.

[kaustavghosh06]

Are you deploying via Amplify console or locally on your machine?

[zfarrell]

locally on my machine

[kaustavghosh06]

Also, I beleive your profile is using 2FA or some other mechanism which is rotating you accessKey and secretKey periodically?

[zfarrell]

the profile is using the assumeRole configuration. but no 2FA.

[kaustavghosh06]

Okay, and do your accessKey and secretKeys change periodically?

[kaustavghosh06]

@zfarrell If you upgrade to v 1.6.8 we initialize the client before every call, so even if you accessKey & sceretKey changes in between, your requests should be fine. This is a recent change which we made and should solve for your use case.

[zfarrell]

They haven't changed yet. it's a new account (~30 days), so i setup the profile the first time and haven't changed since.

[kaustavghosh06]

Can you upgrade to 1.6.8 and see if you can reproduce this issue? I'll re-open the thread for you to comment on it and then close it out.

[zfarrell]

If you upgrade to v 1.6.8 we initialize the client before every call,

I'm guessing here, but when amplify streams the cloudformation logs after running amplify push wouldn't you be using the same client? or do you literally have to poll for each update and each request is a new client?

Regardless, I'm not going to be able to reproduce this issue. I would have to:

1. find the token (no idea where that is as i'm not managing it)
2. determine the token expiration (again, not sure how'd id get that info)
3. time an amplify push so that it started while the token was valid but would be executing after it expired.

If you want to close this bug it's fine, it's definitely an edge case. Just wanted to do my part to report it :)

[kaustavghosh06]

@zfarrell How it works is that we periodically poll (every 10 seconds), AWS Cloudformation for your stack status after a push command is pusshed,.So with this change in the latter versions of the CLI, we instantiate a new client for every "poll" call we make to Cloudformation. So even if there's a change in the secruity token in the middle of your push command execution, the client should be able to pick up those changed creds and poll Cloudformation successfully.

[zfarrell]

👍 sounds good, thanks for the clarification. It sounds like this edge case should be resolved with the latest version then.

[github-actions[bot]]

This issue has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels for those types of questions.