dimkir commented 5 years ago

Attempt 1

After hardcoding service url (and deploying with development environment to lambda), we got EPROTO SSL error

Attempt 2a

Let's try to deploy with NODE_ENV=production but we won't set required variables.

Seems we're failing vlaidation...

Attempt 2b

Here we set all environment variables correctly:

{
    "NODE_CONFIG_DIR": "./config/",
    "NODE_ENV": "production",
    "AWS_REGION": "us-west-2",
    "SERVICE_URL": "c8jis7eo51.execute-api.us-west-2.amazonaws.com",
    "SNS_ROLE_ARN": "arn:aws:iam::403288089139:role/SaaS-identity-with-Cognito-IdentityStack-1-SNSRole-2PW9D9V7WQI",
    "AWS_ACCOUNT_ID": "403288089139",
    "USER_TABLE": "lmx.User.dev",
    "TENANT_TABLE" : "lmx.Tenant.dev",
    "PRODUCT_TABLE": "lmx.Product.dev",
    "ORDER_TABLE": "lmx.Order.dev"

}

Ok, looks like we get some Reserved keys error due to explicitly specifying region:

Attempt 2c

Let's disable AWS_REGION variable

{
    "NODE_CONFIG_DIR": "./config/",
    "NODE_ENV": "production",
    "XXXAWS_REGION": "us-west-2",
    "SERVICE_URL": "c8jis7eo51.execute-api.us-west-2.amazonaws.com",
    "SNS_ROLE_ARN": "arn:aws:iam::403288089139:role/SaaS-identity-with-Cognito-IdentityStack-1-SNSRole-2PW9D9V7WQI",
    "AWS_ACCOUNT_ID": "403288089139",
    "USER_TABLE": "lmx.User.dev",
    "TENANT_TABLE" : "lmx.Tenant.dev",
    "PRODUCT_TABLE": "lmx.Product.dev",
    "ORDER_TABLE": "lmx.Order.dev"
}

Succeeded!

10:37 $ yarn run main:update
yarn run v1.12.1
$ claudia update --set-env-from-json ./claudia-env.json
packaging files npm install -q --no-audit --production
npm WARN deprecated hoek@2.16.3: The major version is no longer supported. Please update to 4.x or newer
npm WARN registry Unexpected warning for https://registry.npmjs.org/: Miscellaneous Warning EINTEGRITY: sha1-u3PURtonlhBu/MG2AaJT1sRr0Ic= integrity checksum failed when using sha1: wanted sha1-u3PURtonlhBu/MG2AaJT1sRr0Ic= but got sha512-zhSCtt8v2NDrRlPQpCNtw/heZLtfUDqxBM1udqikb/Hbk52LK4nQSwr10u77iopCW5LsyHpuXS0GnEc48mLeew==. (4419 bytes)
npm WARN registry Using stale package data from https://registry.npmjs.org/ due to a request error during revalidation.
npm WARN lmx-tenant-manager@1.0.0 No repository field.

validating package
WARNING: NODE_ENV value of 'production' did not match any deployment config file names.
WARNING: See https://github.com/lorenwest/node-config/wiki/Strict-Mode
validating package      npm dedupe -q --no-package-lock
debug: Currently Running in
debug: Currently Running in
debug: Currently Running in
updating REST API       apigateway.setAcceptHeader
{
  "FunctionName": "lmx-main",
  "FunctionArn": "arn:aws:lambda:us-west-2:403288089139:function:lmx-main:4",
  "Runtime": "nodejs8.10",
  "Role": "arn:aws:iam::403288089139:role/lmx-main-executor",
  "Handler": "lambda.handler",
  "CodeSize": 10769890,
  "Description": "Tenant manager ported for Lambda",
  "Timeout": 3,
  "MemorySize": 128,
  "LastModified": "2018-11-03T10:42:11.865+0000",
  "CodeSha256": "LV07Nf324WlLwi/CxRub0khVVffO+2a8i9q4ZDkc6gQ=",
  "Version": "4",
  "Environment": {
    "Variables": {
      "XXXAWS_REGION": "us-west-2",
      "SERVICE_URL": "c8jis7eo51.execute-api.us-west-2.amazonaws.com",
      "PRODUCT_TABLE": "lmx.Product.dev",
      "USER_TABLE": "lmx.User.dev",
      "AWS_ACCOUNT_ID": "403288089139",
      "TENANT_TABLE": "lmx.Tenant.dev",
      "NODE_ENV": "production",
      "SNS_ROLE_ARN": "arn:aws:iam::403288089139:role/SaaS-identity-with-Cognito-IdentityStack-1-SNSRole-2PW9D9V7WQI",
      "NODE_CONFIG_DIR": "./config/",
      "ORDER_TABLE": "lmx.Order.dev"
    }
  },
  "KMSKeyArn": null,
  "TracingConfig": {
    "Mode": "PassThrough"
  },
  "MasterArn": null,
  "RevisionId": "76ba794d-5295-451e-a1af-8365c1e40afc",
  "url": "https://c8jis7eo51.execute-api.us-west-2.amazonaws.com/latest"
}
Done in 23.83s.

dimkir commented 5 years ago

Attempt 2c - Execution

Let's test if it works:

Let's investigate the error

Looks like the url need to include /latest suffix

dimkir commented 5 years ago

Attempt 2d

Notice the /latest suffix on SERVICE_URL

{
    "NODE_CONFIG_DIR": "./config/",
    "NODE_ENV": "production",
    "XXXAWS_REGION": "us-west-2",
    "SERVICE_URL": "c8jis7eo51.execute-api.us-west-2.amazonaws.com/latest",
    "SNS_ROLE_ARN": "arn:aws:iam::403288089139:role/SaaS-identity-with-Cognito-IdentityStack-1-SNSRole-2PW9D9V7WQI",
    "AWS_ACCOUNT_ID": "403288089139",
    "USER_TABLE": "lmx.User.dev",
    "TENANT_TABLE" : "lmx.Tenant.dev",
    "PRODUCT_TABLE": "lmx.Product.dev",
    "ORDER_TABLE": "lmx.Order.dev"
}

Logs

Attempt 2d / Test 1 (via REST client)

Again we got Internal Server Error, let's investigate:

This error is expected. Current Lambda execution role ??? doesn't have access to Dynamo or anything at all.. (in this case it wasn't able to perform DescribeTable operation)

Read more in lambda execution role thread

dimkir commented 5 years ago

Attempt 2d / Test 2 (AdministratorPolicy)

Let's see...

Again Internal Server error and no clear error logs...

dimkir commented 5 years ago

Attempt 2d / Test 3 (only increased lambda Memory to 1Gb & delay to 8 seconds)

This is the result I got

And logs:

(sys/admin) actually calls to fetch user pool:

And user pool exists! (thus this error; maybe need to rephrase error if duplicate user?)

Error registering new system admin user

dimkir commented 5 years ago

Deploy2d / Test 4 (owner3)

Here I tried to create actual unique user (non-existing one)

Got onboarding email!

Password: NI6vZ?Q2

dimkir commented 5 years ago

Deploy 3a (with all services)

14:49 $ yarn run main:update
yarn run v1.12.1
$ claudia update --set-env-from-json ./claudia-env.json
packaging files npm install -q --no-audit --production
npm WARN deprecated hoek@2.16.3: The major version is no longer supported. Please update to 4.x or newer
npm WARN registry Unexpected warning for https://registry.npmjs.org/: Miscellaneous Warning EINTEGRITY: sha1-u3PURtonlhBu/MG2AaJT1sRr0Ic= integrity checksum failed when using sha1: wanted sha1-u3PURtonlhBu/MG2AaJT1sRr0Ic= but got sha512-zhSCtt8v2NDrRlPQpCNtw/heZLtfUDqxBM1udqikb/Hbk52LK4nQSwr10u77iopCW5LsyHpuXS0GnEc48mLeew==. (4419 bytes)
npm WARN registry Using stale package data from https://registry.npmjs.org/ due to a request error during revalidation.
npm WARN lmx-tenant-manager@1.0.0 No repository field.

validating package
WARNING: NODE_ENV value of 'production' did not match any deployment config file names.
WARNING: See https://github.com/lorenwest/node-config/wiki/Strict-Mode
validating package      npm dedupe -q --no-package-lock
debug: Currently Running in
debug: Currently Running in
debug: Currently Running in
updating REST API       apigateway.setAcceptHeader
{
  "FunctionName": "lmx-main",
  "FunctionArn": "arn:aws:lambda:us-west-2:403288089139:function:lmx-main:6",
  "Runtime": "nodejs8.10",
  "Role": "arn:aws:iam::403288089139:role/lmx-main-executor",
  "Handler": "lambda.handler",
  "CodeSize": 10768348,
  "Description": "Tenant manager ported for Lambda",
  "Timeout": 8,
  "MemorySize": 1024,
  "LastModified": "2018-11-03T14:50:26.681+0000",
  "CodeSha256": "MTPWNyTtQLkEms/YMicencAtpaTvVMiLpDeChmGpHoY=",
  "Version": "6",
  "VpcConfig": {
    "SubnetIds": [],
    "SecurityGroupIds": [],
    "VpcId": ""
  },
  "Environment": {
    "Variables": {
      "XXXAWS_REGION": "us-west-2",
      "SERVICE_URL": "c8jis7eo51.execute-api.us-west-2.amazonaws.com/latest",
      "PRODUCT_TABLE": "lmx.Product.dev",
      "USER_TABLE": "lmx.User.dev",
      "AWS_ACCOUNT_ID": "403288089139",
      "TENANT_TABLE": "lmx.Tenant.dev",
      "NODE_ENV": "production",
      "SNS_ROLE_ARN": "arn:aws:iam::403288089139:role/SaaS-identity-with-Cognito-IdentityStack-1-SNSRole-2PW9D9V7WQI",
      "NODE_CONFIG_DIR": "./config/",
      "ORDER_TABLE": "lmx.Order.dev"
    }
  },
  "KMSKeyArn": null,
  "TracingConfig": {
    "Mode": "PassThrough"
  },
  "MasterArn": null,
  "RevisionId": "8be1d2a4-99d8-45fa-bbaf-dd2b1002e51a",
  "url": "https://c8jis7eo51.execute-api.us-west-2.amazonaws.com/latest"
}
Done in 24.80s.