Create Stack fails with the Create Project Failure

[nikhil-mongo]

Template used - https://fwd.aws/p5EpP and https://fwd.aws/5j8rk

Error -

Timestamp	Logical ID	Status	Status reason
2021-09-08 13:41:39 UTC+0530	aws-mongo	CREATE_FAILED	The following resource(s) failed to create: [Atlas].
2021-09-08 13:41:38 UTC+0530	Atlas	CREATE_FAILED	Embedded stack arn:aws:cloudformation:eu-west-1:208629369896:stack/aws-mongo-Atlas-CGI0RXUWO5FU/501b7a90-107c-11ec-93ab-06eb6afe4d91 was not successfully created: The following resource(s) failed to create: [AtlasProject].
2021-09-08 13:41:05 UTC+0530	Atlas	CREATE_IN_PROGRESS	Resource creation Initiated
2021-09-08 13:41:04 UTC+0530	Atlas	CREATE_IN_PROGRESS	-
2021-09-08 13:41:02 UTC+0530	RegisterAtlasResources	CREATE_COMPLETE	-
2021-09-08 13:38:46 UTC+0530	RegisterAtlasResources	CREATE_IN_PROGRESS	Resource creation Initiated
2021-09-08 13:38:46 UTC+0530	RegisterAtlasResources	CREATE_IN_PROGRESS	-
2021-09-08 13:38:41 UTC+0530	aws-mongo	CREATE_IN_PROGRESS	User Initiated

Cloudwatch error -

	Timestamp	Message
		No older events at this moment. Retry
	2021-09-08T13:41:28.832+05:30	Initialization of log stream
	2021-09-08T13:41:28.854+05:30Copy2021/09/08 08:11:28 Handler received the CREATE action	2021/09/08 08:11:28 Handler received the CREATE action
	2021-09-08T13:41:28.887+05:30Copy{ "level": "error", "msg": "getLogLevel() Environment variable 'LOG_LEVEL' not found. Set it in template.yaml (defaultLogLevel=info)", "time": "2021-09-08T08:11:28Z" }	{"level":"error","msg":"getLogLevel() Environment variable 'LOG_LEVEL' not found. Set it in template.yaml (defaultLogLevel=info)","time":"2021-09-08T08:11:28Z"}
	2021-09-08T13:41:28.902+05:30Copy{ "level": "info", "msg": "getLogLevel() levelString=info level=info", "time": "2021-09-08T08:11:28Z" }	{"level":"info","msg":"getLogLevel() levelString=info level=info","time":"2021-09-08T08:11:28Z"}
	2021-09-08T13:41:28.915+05:30	{"level":"info","msg":"INFO setLogger","time":"2021-09-08T08:11:28Z"}
	2021-09-08T13:41:28.929+05:30Copy{ "level": "info", "msg": "CreateMongoDBClient--- publicKey:aeysvvvz", "time": "2021-09-08T08:11:28Z" }	{"level":"info","msg":"CreateMongoDBClient--- publicKey:aeysvvvz","time":"2021-09-08T08:11:28Z"}
	2021-09-08T13:41:29.283+05:30Copy2021/09/08 08:11:29 Received event: FAILEDMessage: Resource Not Found	2021/09/08 08:11:29 Received event: FAILED Message: Resource Not Found

Please let me know if I need to share more logs or details and/or anything I am not doing as expected to create this stack.

[jasonmimick]

Hi-

Given that we see the error

FAILED Message: Resource Not Found

could you check that the MongoDB Atlas resources actually registered in this AWS region? It's the RegisterAtlasResources step in the "main" template. Since you are using the quickstart, the CFN private registry will be used. To check this run, e.g.:

aws cloudformation list-types --visibility PRIVATE --region us-east-1

[nikhil-mongo]

{
    "TypeSummaries": [
        {
            "Type": "RESOURCE",
            "TypeName": "MongoDB::Atlas::Cluster",
            "DefaultVersionId": "00000002",
            "TypeArn": "arn:aws:cloudformation:us-east-1:208629369896:type/resource/MongoDB-Atlas-Cluster",
            "LastUpdated": "2021-09-08T14:32:49.912000+00:00",
            "Description": "The cluster resource provides access to your cluster configurations. The resource lets you create, edit and delete clusters. The resource requires your Project ID."
        },
        {
            "Type": "RESOURCE",
            "TypeName": "MongoDB::Atlas::DatabaseUser",
            "DefaultVersionId": "00000002",
            "TypeArn": "arn:aws:cloudformation:us-east-1:208629369896:type/resource/MongoDB-Atlas-DatabaseUser",
            "LastUpdated": "2021-09-08T14:32:56.247000+00:00",
            "Description": "The databaseUsers resource lets you retrieve, create and modify the MongoDB users in your cluster. Each user has a set of roles that provide access to the project?s databases. A user?s roles apply to all the clusters in the project: if two clusters have a products database and a user has a role granting read access on the products database, the user has that access on both clusters."
        },
        {
            "Type": "RESOURCE",
            "TypeName": "MongoDB::Atlas::NetworkPeering",
            "DefaultVersionId": "00000002",
            "TypeArn": "arn:aws:cloudformation:us-east-1:208629369896:type/resource/MongoDB-Atlas-NetworkPeering",
            "LastUpdated": "2021-09-08T14:32:49.843000+00:00",
            "Description": "This resource allows to create, read, update and delete a network peering"
        },
        {
            "Type": "RESOURCE",
            "TypeName": "MongoDB::Atlas::Project",
            "DefaultVersionId": "00000002",
            "TypeArn": "arn:aws:cloudformation:us-east-1:208629369896:type/resource/MongoDB-Atlas-Project",
            "LastUpdated": "2021-09-08T14:32:55.502000+00:00",
            "Description": "Retrieves or creates projects in any given Atlas organization."
        },
        {
            "Type": "RESOURCE",
            "TypeName": "MongoDB::Atlas::ProjectIpAccessList",
            "DefaultVersionId": "00000002",
            "TypeArn": "arn:aws:cloudformation:us-east-1:208629369896:type/resource/MongoDB-Atlas-ProjectIpAccessList",
            "LastUpdated": "2021-09-08T14:32:49.857000+00:00",
            "Description": "An example resource schema demonstrating some basic constructs and validation rules."
        }
    ]
}

[jasonmimick]

Hi @nikhil-mongo - Are you still facing this issue? We have had reports of issues using the public registry, however privately deploying the resources should be working. Please let us know - thanks.

[JakubJakubowski8]

Hi @jasonmimick What do you mean by public/private registry? How can I configure it with this quickstart? I'm facing the same issue. The same fail as above, however I can see it in resources:

 {
    "Type": "RESOURCE",
    "TypeName": "MongoDB::Atlas::Project",
    "DefaultVersionId": "00000010",
    "TypeArn": "arn:aws:cloudformation:eu-west-1:********:type/resource/MongoDB-Atlas-Project",
    "LastUpdated": "2021-12-15T17:49:17.451000+00:00",
    "Description": "Retrieves or creates projects in any given Atlas organization."
}

Can you help me with resolving it?

[JakubJakubowski8]

Nevermind, I found out that the issue was wrong permission on the Atlas organization

[jasonmimick]

Hi @JakubJakubowski8 - Thanks good to know. fwiw - here's a link on the CFN registry stuff - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html It's still a bit complex, since the actually quickstart does not yet use the Public Registry. If you have questions, feel free to email me at jason.mimick@mongodb.com Thanks- Jason

[rduffr]

Hi @JakubJakubowski8. I am having the same problem and believe I have the permissions on the org. set correctly. Can you share how you resolved this?

[JakubJakubowski8]

Hi @rduffr , I've added those permissions: Organization Project Creator, Organization Member, Organization Owner

Also, I remember that I had the same problem when a project on Atlas was already created. If I've let AWS quickstart to create a project on MongoDB Atlas then it was working fine.

[carru93]

Same here, the MongoDB::Atlas::Project resource fails with this error

Resource handler returned message: "Resource Not Found" (RequestToken: 8a52e7e5-bb86-6ccb-42c7-04698e2b44dd, HandlerErrorCode: InvalidRequest) The used api keys have all the rights (Organization Project Creator, Organization Member, Organization Owner) and i'm trying to deploy in eu-west-1.

The resources are registered, this is the output of aws cloudformation list-types --visibility PRIVATE --region eu-west-1

{
    "TypeSummaries": [
        {
            "Type": "RESOURCE",
            "TypeName": "MongoDB::Atlas::Cluster",
            "DefaultVersionId": "00000003",
            "TypeArn": "arn:aws:cloudformation:eu-west-1:030800513199:type/resource/MongoDB-Atlas-Cluster",
            "LastUpdated": "2022-03-02T08:55:47.146000+00:00",
            "Description": "The cluster resource provides access to your cluster configurations. The resource lets you create, edit and delete clusters. The resource requires your Project ID."
        },
        {
            "Type": "RESOURCE",
            "TypeName": "MongoDB::Atlas::DatabaseUser",
            "DefaultVersionId": "00000003",
            "TypeArn": "arn:aws:cloudformation:eu-west-1:030800513199:type/resource/MongoDB-Atlas-DatabaseUser",
            "LastUpdated": "2022-03-02T08:56:02.591000+00:00",
            "Description": "The databaseUsers resource lets you retrieve, create and modify the MongoDB users in your cluster. Each user has a set of roles that provide access to the project?s databases. A user?s roles apply to all the clusters in the project: if two clusters have a products database and a user has a role granting read access on the products database, the user has that access on both clusters."
        },
        {
            "Type": "RESOURCE",
            "TypeName": "MongoDB::Atlas::NetworkPeering",
            "DefaultVersionId": "00000003",
            "TypeArn": "arn:aws:cloudformation:eu-west-1:030800513199:type/resource/MongoDB-Atlas-NetworkPeering",
            "LastUpdated": "2022-03-02T08:55:46.675000+00:00",
            "Description": "This resource allows to create, read, update and delete a network peering"
        },
        {
            "Type": "RESOURCE",
            "TypeName": "MongoDB::Atlas::Project",
            "DefaultVersionId": "00000003",
            "TypeArn": "arn:aws:cloudformation:eu-west-1:030800513199:type/resource/MongoDB-Atlas-Project",
            "LastUpdated": "2022-03-02T08:55:52.458000+00:00",
            "Description": "Retrieves or creates projects in any given Atlas organization."
        },
        {
            "Type": "RESOURCE",
            "TypeName": "MongoDB::Atlas::ProjectIpAccessList",
            "DefaultVersionId": "00000003",
            "TypeArn": "arn:aws:cloudformation:eu-west-1:030800513199:type/resource/MongoDB-Atlas-ProjectIpAccessList",
            "LastUpdated": "2022-03-02T08:55:52.507000+00:00",
            "Description": "An example resource schema demonstrating some basic constructs and validation rules."
        },
        {
            "Type": "RESOURCE",
            "TypeName": "MongoDb::Atlas::DatabaseUser",
            "TypeArn": "arn:aws:cloudformation:eu-west-1:030800513199:type/resource/MongoDb-Atlas-DatabaseUser",
            "LastUpdated": "2022-02-28T09:31:05.610000+00:00",
            "Description": "CRUD the MongoDB users in your project for your clusters/databases.",
            "PublisherId": "9331cf547939e23b9c7f24086db031317893be87",
            "OriginalTypeName": "MongoDb::Atlas::DatabaseUser"
        }
    ]
}

In cloudwatch I found this error many times:

{
    "level": "error",
    "msg": "getLogLevel() Environment variable 'LOG_LEVEL' not found. Set it in template.yaml (defaultLogLevel=info)",
    "time": "2022-03-02T08:04:49Z"
}

[carru93]

I found that changing the VPC peering CIDR block it works for new projects, but still it does not work for already existing projects.

[jasonmimick]

Did you check and make sure to add the IPs from AWS to the AccessList for your MongoDB Atlas ApiKeys. There's a helper here.

When you "activate" (or old way cfn submit) each resource gets deployed as a Lambda function in that particular region. The ip address of these machines is impossible to know a priori. Best solution for far, unless MDB will be able to figure out it's an AWS ip, is to brute force add all the published ip ranges. However, this is a major security gap imho. Hope this helps.

[ericmaicon]

I added all permissions for my key and I still receive such error...any idea on how to pass through it?

Template format error: Unrecognized resource types: [MongoDB::Atlas::Project, MongoDB::Atlas::DatabaseUser, MongoDB::Atlas::Cluster, MongoDB::Atlas::
ProjectIpAccessList]

[samjett247]

Did you check and make sure to add the IPs from AWS to the AccessList for your MongoDB Atlas ApiKeys. There's a helper here.

When you "activate" (or old way cfn submit) each resource gets deployed as a Lambda function in that particular region. The ip address of these machines is impossible to know a priori. Best solution for far, unless MDB will be able to figure out it's an AWS ip, is to brute force add all the published ip ranges. However, this is a major security gap imho. Hope this helps.

Is this AccessList required? I thought if the AccessList was empty then the API key would be valid for incoming calls from all IP Addresses?

[JanhaviPalande]

I'm using the Deploy MongoDB Atlas with VPC peering into an existing VPC template to deploy the mongodb ATlas on AWS with VPC peering into existing VPC. I'm getting an error :

2022-11-11 15:23:55 UTC-0600 | AtlasProject |  -- | -- | Resource handler returned message: "Resource Not Found" (RequestToken: e7b9edd7-a9bf-d3de-5163-4c06ea09a843, HandlerErrorCode: InvalidRequest)

I checked the cloudformation template, and the resource AtlasProject is not present. This is the same case for any of the template present at https://aws-quickstart.github.io/quickstart-mongodb-atlas/

Has anybody faced this issue ? What is the solution please ?

[pringtest]

I facing the same issues as JanhaviPalande. Does anyone have a solution?

[byoungsoo]

I have the same issue when I deploy via 'Deploy MongoDB Atlas without VPC peering' template. Any update?

• CloudWatch logs 2023/01/18 05:32:54 Received event: FAILED Message: Resource Not Found`

aws cloudformation list-types --visibility PRIVATE --region us-east-1

{
    "TypeSummaries": [{
        "Type": "RESOURCE",
        "TypeName": "MongoDB::Atlas::Cluster",
        "DefaultVersionId": "00000006",
        "TypeArn": "arn:aws:cloudformation:us-east-1:558846430793:type/resource/MongoDB-Atlas-Cluster",
        "LastUpdated": "2023-01-18T05:02:01.705000+00:00",
        "Description": "The cluster resource provides access to your cluster configurations. The resource lets you create, edit and delete clusters. The resource requires your Project ID."
    }, {
        "Type": "RESOURCE",
        "TypeName": "MongoDB::Atlas::DatabaseUser",
        "DefaultVersionId": "00000007",
        "TypeArn": "arn:aws:cloudformation:us-east-1:558846430793:type/resource/MongoDB-Atlas-DatabaseUser",
        "LastUpdated": "2023-01-18T05:01:56.006000+00:00",
        "Description": "The databaseUsers resource lets you retrieve, create and modify the MongoDB users in your cluster. Each user has a set of roles that provide access to the project?s databases. A user?s roles apply to all the clusters in the project: if two clusters have a products database and a user has a role granting read access on the products database, the user has that access on both clusters."
    }, {
        "Type": "RESOURCE",
        "TypeName": "MongoDB::Atlas::NetworkPeering",
        "DefaultVersionId": "00000007",
        "TypeArn": "arn:aws:cloudformation:us-east-1:558846430793:type/resource/MongoDB-Atlas-NetworkPeering",
        "LastUpdated": "2023-01-18T05:01:56.384000+00:00",
        "Description": "This resource allows to create, read, update and delete a network peering"
    }, {
        "Type": "RESOURCE",
        "TypeName": "MongoDB::Atlas::Project",
        "DefaultVersionId": "00000007",
        "TypeArn": "arn:aws:cloudformation:us-east-1:558846430793:type/resource/MongoDB-Atlas-Project",
        "LastUpdated": "2023-01-18T05:01:56.219000+00:00",
        "Description": "Retrieves or creates projects in any given Atlas organization."
    }, {
        "Type": "RESOURCE",
        "TypeName": "MongoDB::Atlas::ProjectIpAccessList",
        "DefaultVersionId": "00000007",
        "TypeArn": "arn:aws:cloudformation:us-east-1:558846430793:type/resource/MongoDB-Atlas-ProjectIpAccessList",
        "LastUpdated": "2023-01-18T05:02:46.685000+00:00",
        "Description": "An example resource schema demonstrating some basic constructs and validation rules."
    }]
}

[vsnyc]

This is no longer relevant, the solution has been updated to use MongoDB 3rd Party resources from the CloudFormation registry.