Open berenddeboer opened 4 years ago
We do run cfn-lint when pushing resources. Though as of now cfn-lint is deprecated so the full support isn't there, we are looking at other options.
Are you getting these errors from the generated templates or from editing templates for a custom use case?
From editing (generated) templates.
I suppose you put a script in package.json
or so? Or is there a way to run a script as part of amplify push
?
FYI, I'm actually using the AWS cfn-lint.
@berenddeboer If you want to run some custom logic before push, you can create a plugin that runs on the "PrePush" event. Run amplify plugin init
, select util
for the plugin type and select PrePush
as the event to handle. This will create a boilerplate plugin for you that you can amend to your needs. You can read the docs on custom plugins here: https://docs.amplify.aws/cli/plugins/authoring
I've been asked to provide some specific examples, so some comments if what I went through this morning. I wanted to add a custom alias (our own domain), and ACM HTTPS certificate. I had generated them via the GUI, to get a working version, then export it back on the template.
This is what aws cloudfront get-distribution
exports:
"ViewerCertificate": {
"ACMCertificateArn": "arn:aws:acm:us-east-1:376590287418:certificate/1ba37566-3df0-407f-a823-53d0641993e3",
"SSLSupportMethod": "sni-only",
"MinimumProtocolVersion": "TLSv1.2_2019",
"Certificate": "arn:aws:acm:us-east-1:376590287418:certificate/1ba37566-3df0-407f-a823-53d0641993e3",
"CertificateSource": "acm"
},
I started with copying this back into the template. Errors:
cfn-lint
.cfn-lint
complains about this, only goes up to "TLSv1.2_2018"."CloudFrontDefaultCertificate": false
, forgot to run cfn-lint
, so wasted minutes waiting for CloudFront to report you can't do this. cfn-lint
correctly identifies this as an error.The other thing I tried to do was make this option:
"DistributionConfig":
"Aliases": ["www.example.com"],
I first had this:
"Conditions": {
"ShouldNotCreateAlias": {
"Fn::Equals": [
{
"Ref": "DomainName"
},
""
]
}
}
...
"DistributionConfig":
"Aliases": [{
"Fn::If": [
"ShouldNotCreateAlias",
{"Ref": "DomainName"},
{"Ref": "DomainName"}
]
}],
cfn-lint
likes this, but it does not work when DomainName is empty obviously (empty alias error). Note that at this point I didn't understand what "Fn::If" was doing, just doing copy/paste programming.
I didn't understand the error, so tried:
"DistributionConfig":
"Aliases": [{
"Fn::If": [
"ShouldNotCreateAlias",
"",
{"Ref": "DomainName"}
]
}],
cfn-lint
still likes this. But trying it out givess: "The parameter CNAME contains one or more parameters that are too small."
After more tries I finally found the solution that works:
"DistributionConfig":
"Aliases": {
"Fn::If": [
"ShouldNotCreateAlias",
[],
[{"Ref": "DomainName"}]
]
},
As every upload to CloudFront takes minutes, this is just a very slow way of developing. I realise I'm spoiled with strict compilers (Elm/Eiffel), and hate the iterative debugging (make a change, run code, oops typo, back to editor) cycle. It just wastes time you could spend building useful stuff.
Some more issues trying to attach a Lambda(@Edge?) path rewrite function to my CloudFront distribution.
I suppose they all have reasons, but my main point is that you can find out most problems only by pushing (which takes minutes).
And another one, created a new environment, and hit limit on name which you only find out after 20 minutes or so:
Resource Name: IndexAllLawsAccessRole (AWS::IAM::Role)
Event Type: create
Reason: 1 validation error detected: Value 'appsync-ds-lam-2msuolnmnffkbopnhyejr66tzi-IndexAllLaws-lditberend' at 'roleName' failed to satisfy constraint: Member must have length less than or equal to 64 (Service: AmazonIdentityManagement; Status Code: 400; Error Code: ValidationError; Request ID: 8d8eab66-5a6d-415e-aa14-787185dedeae)
Resource Name: RelationalDatabaseAccessRole (AWS::IAM::Role)
Event Type: create
Reason: 1 validation error detected: Value 'appsync-ds-aurora_pgsql_libya-2msuolnmnffkbopnhyejr66tzi-lditberend' at 'roleName' failed to satisfy constraint: Member must have length less than or equal to 64 (Service: AmazonIdentityManagement; Status Code: 400; Error Code: ValidationError; Request ID: 0a92e25e-d168-4f75-a87b-be39f4679a11)
AWS' cfn-lint
replaced npm's cfn-lint
in 2018:
https://github.com/martysweet/cfn-lint/pull/227
https://github.com/aws-cloudformation/cfn-lint/issues/2053
This repo's now over 95% of deprecated npm's cfn-lint
usage, please switch to AWS' cfn-lint
I'm wasting a lot of time debugging errors in CloudFormation templates. They take minutes to process when I debug with the
push -y
method.What
amplify push -y
should do is run an extremely accurate linter. The linter should be run over every template, or simply process the root + nested as a single file.Integrating
cfn-lint
would be a good start.