search

dimkir / aws-multitenant-architecture-quickstart

Serverless port for AWS Multi Tenant Architecture Concept (check website)
https://www.slideshare.net/AmazonWebServices/deconstructing-saas-a-deep-dive-into-building-multitenant-solutions-on-aws-arc407-reinvent-2017
0 stars 0 forks source link

When limiting scope for lambda and attempting to create `tenant-admin` something fails #30

Closed dimkir closed 5 years ago

dimkir commented 5 years ago

image

dimkir commented 5 years ago 

START RequestId: bc3b683e-df8e-11e8-8224-6f4056e945a5 Version: $LATEST
2018-11-03T17:34:37.125Z    bc3b683e-df8e-11e8-8224-6f4056e945a5    request.method = POST
2018-11-03T17:34:37.128Z    bc3b683e-df8e-11e8-8224-6f4056e945a5    { request: 
{ debugId: 3,
uri: 'https://c8jis7eo51.execute-api.us-west-2.amazonaws.com/latest/user/pool/dimkir+ryan.gosling@gmail.com',
method: 'GET',
headers: 
{ 'content-type': 'application/json',
host: 'c8jis7eo51.execute-api.us-west-2.amazonaws.com',
accept: 'application/json' } } }
2018-11-03T17:34:37.290Z    bc3b683e-df8e-11e8-8224-6f4056e945a5    { response: 
{ debugId: 3,
headers: 
{ 'content-type': 'text/html; charset=utf-8',
'content-length': '32',
connection: 'close',
date: 'Sat, 03 Nov 2018 17:34:37 GMT',
'x-amzn-requestid': 'bc4a5bed-df8e-11e8-be06-7dab6e8352be',
'access-control-allow-origin': '*',
'access-control-allow-headers': 'Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With',
'x-amzn-remapped-content-length': '32',
'x-amzn-remapped-connection': 'close',
'x-amz-apigw-id': 'Py9XEGS9vHcFyCQ=',
'access-control-allow-methods': 'GET, POST, OPTIONS, PUT, PATCH, DELETE',
etag: 'W/"20-ZVwZNOPQ6UrcJJWm5ZBjvZt9bWc"',
'x-powered-by': 'Express',
'x-amzn-trace-id': 'Root=1-5bdddc2d-69a87530ed079af0907b18c0;Sampled=0',
'x-amzn-remapped-date': 'Sat, 03 Nov 2018 17:34:37 GMT',
'x-cache': 'Error from cloudfront',
via: '1.1 705346a13f947f63c1e75e5323c5e1c2.cloudfront.net (CloudFront)',
'x-amz-cf-id': 'pg5LkyuRZzMo_qXyiFB7gqnqwFWtWDTHH9g16W8K2AZ3GInQHWi4aQ==' },
statusCode: 400,
body: { Error: 'Error getting user' } } }
2018-11-03T17:34:37.293Z    bc3b683e-df8e-11e8-8224-6f4056e945a5    { request: 
{ debugId: 4,
uri: 'https://c8jis7eo51.execute-api.us-west-2.amazonaws.com/latest/user/reg',
method: 'POST',
headers: 
{ 'content-type': 'application/json',
host: 'c8jis7eo51.execute-api.us-west-2.amazonaws.com',
accept: 'application/json',
'content-length': 290 },
body: '{"tenant_id":"TENANT61f42a7e3c3c478899fba0ef90451c6a","companyName":"Ryan Inc","accountName":"Ryan Inc","ownerName":"dimkir+ryan.gosling@gmail.com","tier":"Free Tier","email":"dimkir+ryan.gosling@gmail.com","userName":"dimkir+ryan.gosling@gmail.com","firstName":"Ryan","lastName":"Gosling"}' } }
2018-11-03T17:34:37.841Z    bc3b683e-df8e-11e8-8224-6f4056e945a5    { response: 
{ debugId: 4,
headers: 
{ 'content-type': 'text/html; charset=utf-8',
'content-length': '36',
connection: 'close',
date: 'Sat, 03 Nov 2018 17:34:37 GMT',
'x-amzn-requestid': 'bc5be841-df8e-11e8-a718-f732c027e2fc',
'access-control-allow-origin': '*',
'access-control-allow-headers': 'Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With',
'x-amzn-remapped-content-length': '36',
'x-amzn-remapped-connection': 'close',
'x-amz-apigw-id': 'Py9XFFLAPHcF3EA=',
'access-control-allow-methods': 'GET, POST, OPTIONS, PUT, PATCH, DELETE',
etag: 'W/"24-XvReFVeM8dbFvhcbtQuCBMtdc6I"',
'x-powered-by': 'Express',
'x-amzn-trace-id': 'Root=1-5bdddc2d-ca2e76c0e3649d10d5ccfcf0;Sampled=0',
'x-amzn-remapped-date': 'Sat, 03 Nov 2018 17:34:37 GMT',
'x-cache': 'Error from cloudfront',
via: '1.1 58b224f0fcba4846d5699ecad6c6829f.cloudfront.net (CloudFront)',
'x-amz-cf-id': 'nED9-22L_DEcjyqWUttaE9msXfDbpboIBYgmbGgg9VXLZ7ZReGrg2Q==' },
statusCode: 400,
body: 'Error provisioning tenant admin user' } }
2018-11-03T17:34:37.842Z    bc3b683e-df8e-11e8-8224-6f4056e945a5    (node:1) UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'message' of null
at /var/task/functions/tenant-registration.js:51:76
at <anonymous>
at process._tickDomainCallback (internal/process/next_tick.js:228:7)
2018-11-03T17:34:37.842Z    bc3b683e-df8e-11e8-8224-6f4056e945a5    (node:1) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
2018-11-03T17:34:37.843Z    bc3b683e-df8e-11e8-8224-6f4056e945a5    (node:1) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
END RequestId: bc3b683e-df8e-11e8-8224-6f4056e945a5
REPORT RequestId: bc3b683e-df8e-11e8-8224-6f4056e945a5  Duration: 8008.15 ms    Billed Duration: 8000 ms Memory Size: 1024 MB   Max Memory Used: 66 MB  
2018-11-03T17:34:45.132Z bc3b683e-df8e-11e8-8224-6f4056e945a5 Task timed out after 8.01 seconds

2018-11-03T17:34:45.610Z    bc3b683e-df8e-11e8-8224-6f4056e945a5    WARNING: NODE_ENV value of 'production' did not match any deployment config file names.
2018-11-03T17:34:45.610Z    bc3b683e-df8e-11e8-8224-6f4056e945a5    WARNING: See https://github.com/lorenwest/node-config/wiki/Strict-Mode
2018-11-03T17:34:45.727Z    bc3b683e-df8e-11e8-8224-6f4056e945a5    [winston] Attempt to write logs with no transports
{
    "level": "debug",
    "message": "Currently Running in"
}
dimkir commented 5 years ago

image image

dimkir commented 5 years ago

image

dimkir commented 5 years ago

This seems to have been problem with Trust relatinships for SNS role:

image

image

Looks like it worked when creating system user. But in the case of cratino of tenant-admin this problem kicked in (or maybe previously it was ok due to AdminPolicy)

dimkir commented 5 years ago

Fixed by #31