search

aws / copilot-cli

The AWS Copilot CLI is a tool for developers to build, release and operate production ready containerized applications on AWS App Runner or Amazon ECS on AWS Fargate.
https://aws.github.io/copilot-cli/
Apache License 2.0
3.48k stars 400 forks source link

Enforcing unique Amazon S3 Bucket name #2964

Closed donnieprakoso closed 2 years ago

donnieprakoso commented 2 years ago

Problem

I have an exact naming mechanism for my Amazon S3 buckets. The copilot storage init -t S3 command creates Amazon S3 bucket with a combination of -- and the S3 bucket name provided by users. This leads to a potential conflict during copilot svc deploy as S3 requires the bucket name to be globally unique.

When I added an S3 storage with copilot and there's an existing bucket, the deployment failed:

βœ” Proposing infrastructure changes for stack <APPNAME-ENVNAME-SVCNAME>
- Updating the infrastructure for stack <APPNAME-ENVNAME-SVCNAME>                    [update rollback complete]  [48.0s]
  The following resource(s) failed to create: [AddonsStack].
  - An Addons CloudFormation Stack for your additional AWS resources                 [rollback complete]         [19.4s]
    The following resource(s) failed to create: [<S3_BUCKET_NAME>]. Rollback
    requested by user.
    - An IAM ManagedPolicy for your service to access the <S3_BUCKET_NAME> bucket     [not started]
    - A bucket policy to deny unencrypted access to the bucket and its contents      [not started]
    - An Amazon S3 bucket to store and retrieve objects for <S3_BUCKET_NAME>          [delete complete]           [0.0s]
      <S3_BUCKET_NAME> already exists
  - A KMS key to encrypt messages in your queues                                     [not started]
  - An ECS service to run and maintain your tasks in the environment cluster         [not started]
  - An ECS task definition to group your containers and run them on ECS              [not started]
  - An IAM role to control permissions for the containers in your tasks              [not started]
✘ deploy service: stack <APPNAME-ENVNAME-SVCNAME> did not complete successfully and exited with status UPDATE_ROLLBACK_COMPLETE

Current workaround

As a workaround for this, I manually create random string to add as prefix using following command:

PREFIX=$(tr -dc a-z0-9 </dev/urandom | head -c 10)

Then add the string into the S3 bucket name:

copilot storage init -t S3 -w svc-worker -n $PREFIX-s3-bucket-name

Expectation

To simplify the process and to avoid future conflicts, there are 2 approaches that we can add to copilot:

  1. Enforce the S3 bucket creation with random string
  2. Add an extra flag (--unique) to explicitly declare adding random string into S3 bucket name
flemzord commented 2 years ago

The best solution for me is add AWS Account ID in bucket name

efekarakus commented 2 years ago

Thanks @donnieprakoso and @flemzord for the awesome issue description

We should probably let CFN generate the bucket name instead for us: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-name

https://github.com/aws/copilot-cli/blob/73f33259b8a73f657c08a2507454a3e8fcfa8df2/internal/pkg/template/templates/addons/s3/cf.yml#L12-L15

{{logicalIDSafe (.App + .Name)}}Bucket:
donnieprakoso commented 2 years ago

Thanks @efekarakus ! That's a solution to me. Adding CFN logical ID in S3 bucket name will solve this issue.

efekarakus commented 2 years ago

This is now released πŸŽ‰ in v1.13.0 https://github.com/aws/copilot-cli/releases/tag/v1.13.0 !