search

awslabs / service-workbench-on-aws

A platform that provides researchers with one-click access to collaborative workspace environments operating across teams, universities, and datasets while enabling university IT stakeholders to manage, monitor, and control spending, apply security best practices, and comply with corporate governance.
Apache License 2.0
177 stars 119 forks source link

[Bug] EC2 root volume is hard coded with 8GB #866

Closed dcloud9 closed 2 years ago

dcloud9 commented 2 years ago

Describe the bug We needed to bake new EC2 AMI with minimum 20GB root volume size as we need to add packages when building the AMI. The CFN template is hard coded with VolumeSize: 8, hence erroring when launching the EC2 workspace (see error below)

BlockDeviceMappings:
  - DeviceName: /dev/xvda
    Ebs:
      VolumeSize: 8
      Encrypted: true
      KmsKeyId: !Ref EncryptionKeyArn

To Reproduce Steps to reproduce the behavior:

  1. Build an EC2 AMI with minimum of greater than 8GB size of Root volume
  2. In SWB, create an EC2 workspace type of EC2 Linux
  3. In Configurations > Input Parameters > AmiId, input the AMI ID of the AMI with > 8GB Root volume size (eg. 20GB)
  4. Launch the EC2 Linux workspace
  5. See error below.

Expected behavior Update all CFN templates so that Volume Size can be passed on upstream with equal or greater than set value of the AMI snapshot size

BlockDeviceMappings:
  - DeviceName: /dev/xvda
    Ebs:
      VolumeSize: !Ref EbsVolumeSize
      Encrypted: true
      KmsKeyId: !Ref EncryptionKeyArn

Screenshots

Error provisioning environment stata-t3-small-vnc. Reason: Errors from CloudFormation: [{LogicalResourceId : SC-27<redacted>, ResourceType : AWS::CloudFormation::Stack, StatusReason : The following resource(s) failed to create: [EC2Instance]. Rollback requested by user.}, {LogicalResourceId : EC2Instance, ResourceType : AWS::EC2::Instance, StatusReason : Volume of size 8GB is smaller than snapshot 'snap-08<redacted>', expect size >= 20GB (Service: AmazonEC2; Status Code: 400; Error Code: InvalidBlockDeviceMapping; Request ID: d3be41bc-<redacted>; Proxy: null)}, {LogicalResourceId : InstanceProfile, ResourceType : AWS::IAM::InstanceProfile, StatusReason : Resource creation Initiated}, {LogicalResourceId : IAMRole, ResourceType : AWS::IAM::Role, StatusReason : Resource creation Initiated}, {LogicalResourceId : SecurityGroup, ResourceType : AWS::EC2::SecurityGroup, StatusReason : Resource creation Initiated}, {LogicalResourceId : InstanceRolePermissionBoundary, ResourceType : AWS::IAM::ManagedPolicy, StatusReason : Resource creation Initiated}, {LogicalResourceId : SC-27<redacted>, ResourceType : AWS::CloudFormation::Stack, StatusReason : User Initiated}]

Versions (please complete the following information):

Additional context Add any other context about the problem here.

ssvegaraju commented 2 years ago

Hi, thanks for bringing up this issue, we will take a look at this!

Bingjiling commented 2 years ago

Hi @dcloud9 ,

Thanks for reaching out!

In the use case you described, I would recommend creating a new Service Catalog product that has the specific configs you're looking for. This will give more flexibility for changes you might need in AMI in the future. Here's the documentation on creating new Service Catalog product - https://github.com/awslabs/service-workbench-on-aws/blob/mainline/docs/docs/deployment/post_deployment/import_service_catalog_products.md

Thanks, Yanyu