search

aws / aws-sam-cli

CLI tool to build, test, debug, and deploy Serverless applications using AWS SAM
https://aws.amazon.com/serverless/sam/
Apache License 2.0
6.51k stars 1.17k forks source link

Translator Wrapper defaults to `us-east-1` for SAR applications #3758

Open juanitosvq opened 2 years ago

juanitosvq commented 2 years ago

This seems to be the same issue reported in #2065 and fixed in v1.27.2, as per comment https://github.com/aws/aws-sam-cli/issues/2065#issuecomment-886450375

However, we are seeing something very similar with the latest version v1.40.1.

Description:

sam package doesn't seem to replace the region when using FindInMap to specify the ApplicationId of a SAR Application.

Steps to reproduce:

Using a template like this:

Mappings:
  ApplicationRegionMap:
    eu-west-1:
      apparn: arn:aws:serverlessrepo:eu-west-1:123456789012:applications/your-runner-application
    us-east-1:
      apparn: arn:aws:serverlessrepo:us-east-1:123456789012:applications/your-runner-application
    us-west-2:
      apparn: arn:aws:serverlessrepo:us-west-2:123456789012:applications/your-runner-application

Resources:
  YourSARApp:
    Type: AWS::Serverless::Application
    Properties:
      Location:
        ApplicationId:
          !FindInMap [ApplicationRegionMap, !Ref "AWS::Region", apparn]
        SemanticVersion: 0.0.1

Run sam package:

      - sam package
        --template "your-template.yaml"
        --s3-bucket "${S3_BUCKET}"
        --s3-prefix "My-Artifacts"
        --output-template-file "mock-template-export.yaml"

Observed result:

When running this command in us-west-2, the command fails:

[Container] 2022/03/18 21:04:16 Running command sam package --template "mock-template.yaml" --s3-bucket "${S3_BUCKET}" --s3-prefix "My-Artifacts" --output-template-file "mock-template-export.yaml"
543 | 2022-03-18 21:04:17 Requesting to create CFN template arn:aws:serverlessrepo:us-east-1:123456789012:applications/your-runner-application/0.0.1 in serverless application repo...
544 | Traceback (most recent call last):
545 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/samlib/wrapper.py", line 68, in run_plugins
546 | parser.parse(template_copy, all_plugins)  # parse() will run all configured plugins
547 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/samlib/wrapper.py", line 102, in parse
548 | raise InvalidDocumentException(document_errors)
549 | samtranslator.model.exceptions.InvalidDocumentException: [InvalidResourceException('SafeDeploymentsTenantManagementNewmanRunner', 'User: arn:aws:sts::123456789012:assumed-role/######################/AWSCodeBuild-######## is not authorized to perform: serverlessrepo:CreateCloudFormationTemplate on resource: arn:aws:serverlessrepo:us-east-1:123456789012:applications/your-runner-application')]
550 |  
551 | The above exception was the direct cause of the following exception:
552 |  
553 | Traceback (most recent call last):
554 | File "/root/.pyenv/versions/3.8.10/bin/sam", line 8, in <module>
555 | sys.exit(cli())
556 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/click/core.py", line 829, in __call__
557 | return self.main(*args, **kwargs)
558 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/click/core.py", line 782, in main
559 | rv = self.invoke(ctx)
560 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/click/core.py", line 1259, in invoke
561 | return _process_result(sub_ctx.command.invoke(sub_ctx))
562 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/click/core.py", line 1066, in invoke
563 | return ctx.invoke(self.callback, **ctx.params)
564 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/click/core.py", line 610, in invoke
565 | return callback(*args, **kwargs)
566 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/cli_validation/image_repository_validation.py", line 92, in wrapped
567 | return func(*args, **kwargs)
568 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/click/decorators.py", line 73, in new_func
569 | return ctx.invoke(f, obj, *args, **kwargs)
570 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/click/core.py", line 610, in invoke
571 | return callback(*args, **kwargs)
572 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/telemetry/metric.py", line 166, in wrapped
573 | raise exception  # pylint: disable=raising-bad-type
574 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/telemetry/metric.py", line 124, in wrapped
575 | return_value = func(*args, **kwargs)
576 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/utils/version_checker.py", line 41, in wrapped
577 | actual_result = func(*args, **kwargs)
578 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/telemetry/metric.py", line 88, in wrapped
579 | return func(*args, **kwargs)
580 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/cli/main.py", line 87, in wrapper
581 | return func(*args, **kwargs)
582 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/commands/_utils/cdk_support_decorators.py", line 38, in wrapped
583 | return func(*args, **kwargs)
584 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/commands/package/command.py", line 109, in cli
585 | do_cli(
586 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/commands/package/command.py", line 173, in do_cli
587 | package_context.run()
588 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/commands/package/package_context.py", line 102, in run
589 | stacks, _ = SamLocalStackProvider.get_stacks(
590 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/providers/sam_stack_provider.py", line 242, in get_stacks
591 | current = SamLocalStackProvider(
592 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/providers/sam_stack_provider.py", line 51, in __init__
593 | self._template_dict = self.get_template(
594 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/providers/sam_base_provider.py", line 189, in get_template
595 | template_dict = SamTranslatorWrapper(template_dict, parameter_values=parameters_values).run_plugins()
596 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/samlib/wrapper.py", line 70, in run_plugins
597 | raise InvalidSamDocumentException(
598 | samcli.commands.validate.lib.exceptions.InvalidSamDocumentException: [InvalidResourceException('SafeDeploymentsTenantManagementNewmanRunner', 'User: arn:aws:sts::123456789012:assumed-role/######################/AWSCodeBuild-############# is not authorized to perform: serverlessrepo:CreateCloudFormationTemplate on resource: arn:aws:serverlessrepo:us-east-1:123456789012:applications/your-runner-application')] ('SafeDeploymentsTenantManagementNewmanRunner', 'User: arn:aws:sts::123456789012:assumed-role/##################/AWSCodeBuild-########### is not authorized to perform: serverlessrepo:CreateCloudFormationTemplate on resource: arn:aws:serverlessrepo:us-east-1:123456789012:applications/your-runner-application')

because it's trying to create the resource using the app in us-east-1, which is not the region where this instance of CodeBuild is running.

Expected result:

When running in a region different from us-east-1, I would expect the translator wrapper to resolve the region correctly. I would expect my command to try to use the app in us-west-2,

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

  1. OS: aws/codebuild/amazonlinux2-x86_64-standard:3.0
  2. sam --version: 1.40.1
  3. AWS region: us-west-2

Let me know if you need any further details.

Thanks!

qingchm commented 2 years ago

Thanks for reaching out to us! Please allow us some time to start investigation on this so that we can assist you!

juanitosvq commented 1 year ago

@qingchm any updates on this?