Open Kang3498 opened 2 months ago
Hi @Kang3498 are you using the resource tagging API (default configuration) to do tag-based lookups?
Yes, that's right. Can I choose another option? I just followed this article.(https://github.com/awslabs/backstage-plugins-for-aws/blob/main/plugins/codepipeline/README.md)
Currently you can also use AWS Resource Explorer, and soon we'll document AWS Config. However it looks like AWS Config is the only option that offers VPC endpoints:
https://github.com/awslabs/backstage-plugins-for-aws/blob/main/docs/locating-resources.md
The only option I can see us providing beyond Config that will work in a private VPC is potentially using the Cloud Control API but we'd need to see if this can cater for tag-based lookups.
After seeing your comment, I tried changing the locator to resourceExplorer and awsConfig. They generate 500 errors for different reasons regardless of the private network. Are they not ready yet? For reference, the error I received is as follows.
resourceExplorer: 500: UnauthorizedException (I have admin privileges) awsConfig: 500: InvalidExpressionException
@Kang3498 I just updated the documentation and have confirmed with another Backstage adopter that the AWS Config mechanism is working. I provided a note on the VPC endpoints required for AWS Config but have not had a chance to test in a VPC without internet access yet.
@niallthomson With App Config, still it doesn't work. Below is the error and it was tested on a public network. The only thing I did was change the locator to AppConfig.
backstage error Request failed with status 500 syntax error at line 1, column 39 type=errorHandler name=InvalidExpressionException $fault=client $metadata=[object Object] __type=InvalidExpressionException stack=InvalidExpressionException: syntax error at line 1, column 39 [1] at de_InvalidExpressionExceptionRes (/Users/sanggyu/Project/backstage/node_modules/@aws-sdk/client-config-service/dist-cjs/index.js:3866:21) [1] at de_CommandError (/Users/sanggyu/Project/backstage/node_modules/@aws-sdk/client-config-service/dist-cjs/index.js:3793:19) [1] at process.processTicksAndRejections (node:internal/process/task_queues:95:5) [1] at async /Users/sanggyu/Project/backstage/node_modules/@smithy/middleware-serde/dist-cjs/index.js:35:20 [1] at async /Users/sanggyu/Project/backstage/node_modules/@smithy/core/dist-cjs/index.js:165:18 [1] at async /Users/sanggyu/Project/backstage/node_modules/@smithy/middleware-retry/dist-cjs/index.js:320:38 [1] at async /Users/sanggyu/Project/backstage/node_modules/@aws-sdk/middleware-logger/dist-cjs/index.js:34:22 [1] at async makePagedClientRequest (/Users/sanggyu/Project/backstage/node_modules/@smithy/core/dist-cjs/index.js:430:10) [1] at async Object.paginateOperation (/Users/sanggyu/Project/backstage/node_modules/@smithy/core/dist-cjs/index.js:443:16) [1] at _AwsConfigResourceLocator.getResourceArns (/Users/sanggyu/Project/backstage/node_modules/@aws/aws-core-plugin-for-backstage-common/src/locator/aws-config-locator.ts:129:22)
Hi @Kang3498 I just want to make sure to clarify App Config vs AWS Config.
The error there suggests that the query to Config is malformed, which could be due to your tag annotation. Can you provide the tags annotation you have used? Please redact any sensitive information like account IDs etc.
@niallthomson I'm using this one. If you have any information needed to solve the problem, please feel free to tell me.
//catalog-info.yaml
annotations:
aws.amazon.com/aws-codepipeline-tags: cicd=test
//app-config.yaml
aws:
locator:
type: awsConfig
sso:
subdomain: d-xxxxxxxx
If you activate debug logging we should be able to check the AWS Config query to make sure the code is forming it correctly. Please turn log level to debug as outlined here and when the error occurs you should get a log line somewhere that says:
AWS Config query: [some query]
If you can add the query here I can check if theres a bug in the code that forms the query.
@Kang3498 the AWS Config issue should now be resolved with the releases just published
📜 Description
There is no problem when using ARN annotation. However, if I try to use Tag, error 504 occurs. If I need a VPC endpoint, I would like you to tell me which service it should be opened to.
👍 Expected behavior
Perform tag annotation-based functions normally in a private network environment, or specify in the document that private networks are not supported.
👎 Actual Behavior with Screenshots
Can't get this, because my environment is internal.
👟 Reproduction steps
📃 Content
No response
🖥️ Your Environment
No response