Open dimkir opened 5 years ago
Let's test if it works:
Let's investigate the error
Looks like the url need to include /latest
suffix
Notice the /latest
suffix on SERVICE_URL
{
"NODE_CONFIG_DIR": "./config/",
"NODE_ENV": "production",
"XXXAWS_REGION": "us-west-2",
"SERVICE_URL": "c8jis7eo51.execute-api.us-west-2.amazonaws.com/latest",
"SNS_ROLE_ARN": "arn:aws:iam::403288089139:role/SaaS-identity-with-Cognito-IdentityStack-1-SNSRole-2PW9D9V7WQI",
"AWS_ACCOUNT_ID": "403288089139",
"USER_TABLE": "lmx.User.dev",
"TENANT_TABLE" : "lmx.Tenant.dev",
"PRODUCT_TABLE": "lmx.Product.dev",
"ORDER_TABLE": "lmx.Order.dev"
}
Logs
Again we got Internal Server Error
, let's investigate:
This error is expected. Current Lambda execution role
???
doesn't have access to Dynamo or anything at all.. (in this case it wasn't able to performDescribeTable
operation)
Read more in lambda execution role thread
Let's see...
Again
Internal Server error
and no clear error logs...
This is the result I got
And logs:
(sys/admin) actually calls to fetch user pool:
And user pool exists! (thus this error; maybe need to rephrase error if duplicate user?)
Error registering new system admin user
Here I tried to create actual unique user (non-existing one)
Got onboarding email!
Password: NI6vZ?Q2
14:49 $ yarn run main:update
yarn run v1.12.1
$ claudia update --set-env-from-json ./claudia-env.json
packaging files npm install -q --no-audit --production
npm WARN deprecated hoek@2.16.3: The major version is no longer supported. Please update to 4.x or newer
npm WARN registry Unexpected warning for https://registry.npmjs.org/: Miscellaneous Warning EINTEGRITY: sha1-u3PURtonlhBu/MG2AaJT1sRr0Ic= integrity checksum failed when using sha1: wanted sha1-u3PURtonlhBu/MG2AaJT1sRr0Ic= but got sha512-zhSCtt8v2NDrRlPQpCNtw/heZLtfUDqxBM1udqikb/Hbk52LK4nQSwr10u77iopCW5LsyHpuXS0GnEc48mLeew==. (4419 bytes)
npm WARN registry Using stale package data from https://registry.npmjs.org/ due to a request error during revalidation.
npm WARN lmx-tenant-manager@1.0.0 No repository field.
validating package
WARNING: NODE_ENV value of 'production' did not match any deployment config file names.
WARNING: See https://github.com/lorenwest/node-config/wiki/Strict-Mode
validating package npm dedupe -q --no-package-lock
debug: Currently Running in
debug: Currently Running in
debug: Currently Running in
updating REST API apigateway.setAcceptHeader
{
"FunctionName": "lmx-main",
"FunctionArn": "arn:aws:lambda:us-west-2:403288089139:function:lmx-main:6",
"Runtime": "nodejs8.10",
"Role": "arn:aws:iam::403288089139:role/lmx-main-executor",
"Handler": "lambda.handler",
"CodeSize": 10768348,
"Description": "Tenant manager ported for Lambda",
"Timeout": 8,
"MemorySize": 1024,
"LastModified": "2018-11-03T14:50:26.681+0000",
"CodeSha256": "MTPWNyTtQLkEms/YMicencAtpaTvVMiLpDeChmGpHoY=",
"Version": "6",
"VpcConfig": {
"SubnetIds": [],
"SecurityGroupIds": [],
"VpcId": ""
},
"Environment": {
"Variables": {
"XXXAWS_REGION": "us-west-2",
"SERVICE_URL": "c8jis7eo51.execute-api.us-west-2.amazonaws.com/latest",
"PRODUCT_TABLE": "lmx.Product.dev",
"USER_TABLE": "lmx.User.dev",
"AWS_ACCOUNT_ID": "403288089139",
"TENANT_TABLE": "lmx.Tenant.dev",
"NODE_ENV": "production",
"SNS_ROLE_ARN": "arn:aws:iam::403288089139:role/SaaS-identity-with-Cognito-IdentityStack-1-SNSRole-2PW9D9V7WQI",
"NODE_CONFIG_DIR": "./config/",
"ORDER_TABLE": "lmx.Order.dev"
}
},
"KMSKeyArn": null,
"TracingConfig": {
"Mode": "PassThrough"
},
"MasterArn": null,
"RevisionId": "8be1d2a4-99d8-45fa-bbaf-dd2b1002e51a",
"url": "https://c8jis7eo51.execute-api.us-west-2.amazonaws.com/latest"
}
Done in 24.80s.
Let's see if the thing works at all?
So far good
Deploy with scoped credentials. (This one wasn't deployed).
Change SNS role: arn:aws:iam::403288089139:role/SNSRole-ForSaasQuickstartOnLambda
But trust relationship is to Lambda (not to cognito-idp
)
Also I rolled back dynamo-helper
changes and put wide permissions.
Seems like registering new user (via tenant-admin account) works & email arrives with password.
Now let's add things.
Looks like it is working, but there's
strange PUT product
request which fails.
Which is decribed in #29 Issue 29
(Changing role) https://github.com/dimkir/phil-multitenant-quickstart/issues/21#issuecomment-435606140
When creating tenant-admin
something fails.
Attempt 1
After hardcoding service url (and deploying with
development
environment to lambda), we got EPROTO SSL errorAttempt 2a
Let's try to deploy with
NODE_ENV=production
but we won't set required variables.Seems we're failing vlaidation...
Attempt 2b
Here we set all environment variables correctly:
Attempt 2c
Let's disable
AWS_REGION
variable