search

awslabs / aws-deployment-framework

The AWS Deployment Framework (ADF) is an extensive and flexible framework to manage and deploy resources across multiple AWS accounts and regions based on AWS Organizations.
Apache License 2.0
657 stars 227 forks source link

Removing scp from ou results in failure in pipeline run #255

Open hynynen opened 4 years ago

hynynen commented 4 years ago
  1. I have an OU directory aws-deployment-framework-bootstrap/adf-bootstrap/deployment with scp.json.
  2. I need to try some things so I remove the scp, moving it to ../../deployment-scp.json.
  3. I assume that scp from root (aws-deployment-framework-bootstrap/adf-bootstrap/scp.json) will kick in like in other OUs.
  4. Instead I get an error when running pipeline:

[Container] 2020/03/23 09:21:07 Running command python adf-build/main.py

139 | 2020-03-23 09:21:07,510 | INFO | main | ADF Version 3.0.4 | (main.py:235) 140 | 2020-03-23 09:21:07,510 | INFO | main | ADF Log Level is INFO | (main.py:236) 141 | 2020-03-23 09:21:08,329 | INFO | organization_policy | Determining if Organization Policy changes are required. (Tagging or Service Controls) | (organization_policy.py:97) 142 | 2020-03-23 09:21:18,815 | INFO | organizations | SERVICE_CONTROL_POLICY are currently enabled within the Organization | (organizations.py:49) 143 | Traceback (most recent call last): 144 | File "adf-build/main.py", line 348, in 145 | main() 146 | File "adf-build/main.py", line 251, in main 147 | policies.apply(organizations, parameter_store, config.config) 148 | File "/codebuild/output/src516924998/src/adf-build/organization_policy.py", line 119, in apply 149 | organization_mapping, path, organizations, _type) 150 | File "/codebuild/output/src516924998/src/adf-build/organization_policy.py", line 84, in clean_and_remove_policy_attachment 151 | organizations.detach_policy(policy_id, organization_mapping[path]) 152 | File "/codebuild/output/src516924998/src/adf-build/shared/python/organizations.py", line 125, in detach_policy 153 | TargetId=target_id 154 | File "/root/.pyenv/versions/3.7.6/lib/python3.7/site-packages/botocore/client.py", line 316, in _api_call 155 | return self._make_api_call(operation_name, kwargs) 156 | File "/root/.pyenv/versions/3.7.6/lib/python3.7/site-packages/botocore/client.py", line 599, in _make_api_call 157 | api_params, operation_model, context=request_context) 158 | File "/root/.pyenv/versions/3.7.6/lib/python3.7/site-packages/botocore/client.py", line 647, in _convert_to_request_dict 159 | api_params, operation_model) 160 | File "/root/.pyenv/versions/3.7.6/lib/python3.7/site-packages/botocore/validate.py", line 297, in serialize_to_request 161 | raise ParamValidationError(report=report.generate_report()) 162 | botocore.exceptions.ParamValidationError: Parameter validation failed: 163 | Invalid type for parameter PolicyId, value: [], type: <class 'list'>, valid types: <class 'str'>


Moving scp back to original place resolves the issue.
bundyfx commented 4 years ago

Thanks for reporting this, I will try and replicate this ASAP and make a fix for the next release. Cheers!

egut commented 3 years ago

We got hit by this one to day.