search

aws-samples / jenkins-on-aws

MIT No Attribution
58 stars 27 forks source link

InvalidParameterException: The new ARN and resource ID format must be enabled to work with ECS managed tags. Opt in to the new format and try again #9

Open rrrix opened 4 years ago

rrrix commented 4 years ago

Hello!

I received the following error when attempting to deploy:

The new ARN and resource ID format must be enabled to work with ECS managed tags. Opt in to the new format and try again. (Service: AmazonECS; Status Code: 400; Error Code: InvalidParameterException;) Full error log:

 18/19 | 2:12:44 PM | CREATE_FAILED        | AWS::ECS::Service                         | JenkinsMasterService/Service/Service (JenkinsMasterService4ADB0000) The new ARN and resource ID format must be enabled to work with ECS managed tags. Opt in to the new format and try again. (Service: AmazonECS; Status Code: 400; Error Code: InvalidParameterException; Request ID: 70fd53d5-20d6-4c6d-8220-b6a28e2887c4)
    new BaseService (/private/var/folders/fj/yy0y1r6n0vxgpfxjzpqvtdqc0000gn/T/jsii-kernel-PQtaNw/node_modules/@aws-cdk/aws-ecs/lib/base/base-service.js:110:25)
    \_ new FargateService (/private/var/folders/fj/yy0y1r6n0vxgpfxjzpqvtdqc0000gn/T/jsii-kernel-PQtaNw/node_modules/@aws-cdk/aws-ecs/lib/fargate/fargate-service.js:35:9)
    \_ new ApplicationLoadBalancedFargateService (/private/var/folders/fj/yy0y1r6n0vxgpfxjzpqvtdqc0000gn/T/jsii-kernel-PQtaNw/node_modules/@aws-cdk/aws-ecs-patterns/lib/fargate/application-load-balanced-fargate-service.js:49:24)
    \_ /Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7762:49
    \_ Kernel._wrapSandboxCode (/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/jsii/_embedded/jsii/jsii-runtime.js:8222:20)
    \_ Kernel._create (/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7762:26)
    \_ Kernel.create (/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7509:21)
    \_ KernelHost.processRequest (/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7296:28)
    \_ KernelHost.run (/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7236:14)
    \_ Immediate._onImmediate (/Library/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/jsii/_embedded/jsii/jsii-runtime.js:7239:37)
    \_ processImmediate (internal/timers.js:445:21)

I think this is half a problem of the Jenkins-On-AWS project and the AWS CDK: 1) It's not documented in this project's README.md that it's required to Opt-In to the new ARN/ID format (for using ECS Managed Tags) 2) The CDK assumes the account / principal has opted-in if using enable_ecs_managed_tags=True and it's not readily apparent this is required until deploy-time (when it fails)

The issue, and resolution, is summarized here: https://github.com/aws/aws-cdk/issues/3844#issuecomment-526973257

For those who come here experiencing the same problem, the resolution is (roughly) below. See the issue above if using CodePipeline for additional fixes.

#!/bin/bash
aws ecs put-account-setting-default --name serviceLongArnFormat --value enabled
aws ecs put-account-setting-default --name taskLongArnFormat --value enabled
aws ecs put-account-setting-default --name containerInstanceLongArnFormat --value enabled
aws ecs put-account-setting-default --name awsvpcTrunking --value enabled  # optional 
aws ecs put-account-setting-default --name containerInsights --value enabled  # optional

I'm happy to submit a PR with the appropriate fix, which may be one of:

1) Flip the default enable_ecs_managed_tags=True to False 2) Improve documentation / README: Add a note indicating that the new ARN / ID format Opt-In is required, and add the above manual AWS CLI fix so users are aware of an easy fix without Googling for a possible solution, or resorting to manual actions in the AWS Console. 3) Add a config.ini setting to allow the user to toggle this prior to deployment (for example:config['DEFAULT']['enable_ecs_managed_tags'])

adamjkeller commented 4 years ago

Hey @rrrix, thanks for bringing this up. Your proposed fixes look very reasonable, I would recommend going with number 3 (config.ini udpate with the default value being False). If you would like to submit the PR, by all means please do!