search

benkehoe / aws-sso-util

Smooth out the rough edges of AWS SSO (temporarily, until AWS makes it better).
Apache License 2.0
973 stars 72 forks source link

Use CAPABILITY_NAMED_IAM for manual deployment #100

Closed iainelder closed 1 year ago

iainelder commented 1 year ago

Without it, the deployment fails when I accept all the default settings from the SAM CLI.

This was already mentioned in issue #64.

See below for complete dialog with sam deploy --guided that ends in failure.

I used SAM CLI, version 1.89.0 and repo version 415ea5a255c08a2b4858cfb081d35c8706451c2f.


Configuring SAM deploy
======================

    Looking for config file [samconfig.toml] :  Not found

    Setting default arguments for 'sam deploy'
    =========================================
    Stack Name [sam-app]: assignmentgroup-macro
    AWS Region [us-east-1]: 
    Parameter NumChildStacks [-1]: 
    Parameter MaxAssignmentsAllocation [-1]: 
    Parameter LookupNames [false]: 
    Parameter DefaultSessionDuration []: 
    Parameter ChildTemplatesInYaml [false]: 
    Parameter MaxConcurrentAssignments [-1]: 
    Parameter MaxResourcesPerTemplate [-1]: 
    Parameter LogLevel [INFO]: 
    Parameter ArtifactS3KeyPrefix []: 
    Parameter S3PutObjectArgs []: 
    #Shows you resources changes to be deployed and require a 'Y' to initiate deploy
    Confirm changes before deploy [y/N]: y
    #SAM needs permission to be able to create roles to connect to the resources in your template
    Allow SAM CLI IAM role creation [Y/n]: Y
    #Preserves the state of previously provisioned resources when an operation fails
    Disable rollback [y/N]: 
    Save arguments to configuration file [Y/n]: Y
    SAM configuration file [samconfig.toml]: 
    SAM configuration environment [default]: 

    Looking for resources needed for deployment:
    Creating the required resources...
    Successfully created!

    Managed S3 bucket: aws-sam-cli-managed-default-samclisourcebucket-b231npc8gr37
    A different default S3 bucket can be set in samconfig.toml and auto resolution of buckets turned off by setting resolve_s3=False

    Saved arguments to config file
    Running 'sam deploy' for future deployments will use the parameters saved above.
    The above parameters can be changed by modifying samconfig.toml
    Learn more about samconfig.toml syntax at 
    https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-config.html

    Uploading to assignmentgroup-macro/034b0fe011f7287db8c89ec9a8c1f4d9  10060041 / 12681481  (79.33%)       Uploading to assignmentgroup-macro/034b0fe011f7287db8c89ec9a8c1f4d9  10322185 / 12681481  (81.40%)       Uploading to assignmentgroup-macro/034b0fe011f7287db8c89ec9a8c1f4d9  10584329 / 12681481  (83.46%)       Uploading to assignmentgroup-macro/034b0fe011f7287db8c89ec9a8c1f4d9  10846473 / 12681481  (85.53%)       Uploading to assignmentgroup-macro/034b0fe011f7287db8c89ec9a8c1f4d9  11108617 / 12681481  (87.60%)       Uploading to assignmentgroup-macro/034b0fe011f7287db8c89ec9a8c1f4d9  11370761 / 12681481  (89.66%)       Uploading to assignmentgroup-macro/034b0fe011f7287db8c89ec9a8c1f4d9  11632905 / 12681481  (91.73%)       Uploading to assignmentgroup-macro/034b0fe011f7287db8c89ec9a8c1f4d9  11895049 / 12681481  (93.80%)       Uploading to assignmentgroup-macro/034b0fe011f7287db8c89ec9a8c1f4d9  12157193 / 12681481  (95.87%)       Uploading to assignmentgroup-macro/034b0fe011f7287db8c89ec9a8c1f4d9  12419337 / 12681481  (97.93%)       Uploading to assignmentgroup-macro/034b0fe011f7287db8c89ec9a8c1f4d9  12681481 / 12681481  (100.00%)

    Deploying with following values
    ===============================
    Stack name                   : assignmentgroup-macro
    Region                       : us-east-1
    Confirm changeset            : True
    Disable rollback             : False
    Deployment s3 bucket         : aws-sam-cli-managed-default-samclisourcebucket-b231npc8gr37
    Capabilities                 : ["CAPABILITY_IAM"]
    Parameter overrides          : {"NumChildStacks": "-1", "MaxAssignmentsAllocation": "-1", "LookupNames": "false", "DefaultSessionDuration": "", "ChildTemplatesInYaml": "false", "MaxConcurrentAssignments": "-1", "MaxResourcesPerTemplate": "-1", "LogLevel": "INFO", "ArtifactS3KeyPrefix": "", "S3PutObjectArgs": ""}
    Signing Profiles             : {}

Initiating deployment
=====================

    Uploading to assignmentgroup-macro/bbb778716c67f5899bd34816c4b31cb3.template  5537 / 5537  (100.00%)

Waiting for changeset to be created..

Error: Failed to create changeset for the stack: assignmentgroup-macro, ex: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state: For expression "Status" we matched expected path: "FAILED" Status: FAILED. Reason: Requires capabilities : [CAPABILITY_NAMED_IAM]
benkehoe commented 1 year ago

Ah, thanks for this.

iainelder commented 1 year ago

No, thank you! Your macro is already supporting the SSO infrastructure on my latest project. As I'm learning how it all works this documentation helps me to get familiar with it.