samlocal deploy fails with InsufficientCapabilitiesException

berniedurfee-renaissance commented 1 year ago

I can't deploy locally to Localstack. I always get an InsufficientCapabilitiesException telling me I haven't specified the CAPABILITY_AUTO_EXPAND capability. I've used the --capabilities commandline argument and it's specified in my config file.

I can deploy this to AWS using sam deploy and otherwise Localstack seems to be working fine.

samlocal deploy --resolve-s3 --debug
2023-02-18 12:53:48,621 | Config file location: /Users/XXX/Projects/XXX/samconfig.toml
2023-02-18 12:53:48,621 | Loading configuration values from [default.['deploy'].parameters] (env.command_name.section) in config file at '/Users/XXX/Projects/XXX/samconfig.toml'...
2023-02-18 12:53:48,624 | Configuration values successfully loaded.
2023-02-18 12:53:48,624 | Configuration values are: {'stack_name': 'XXX', 's3_prefix': 'XXX', 'region': 'us-west-2', 'profile': 'XX', 'capabilities': 'CAPABILITY_IAM CAPABILITY_AUTO_EXPAND', 'image_repositories': []}
2023-02-18 12:53:48,629 | Using SAM Template at /Users/XXX/Projects/XXX/.aws-sam/build/template.yaml
2023-02-18 12:53:48,682 | Using config file: samconfig.toml, config environment: default
2023-02-18 12:53:48,682 | Expand command line arguments to:
2023-02-18 12:53:48,682 | --template_file=/Users/XXX/Projects/XXX/.aws-sam/build/template.yaml --resolve_s3 --fail_on_empty_changeset --on_failure=ROLLBACK --stack_name=XXX --s3_prefix=XXX --capabilities=['CAPABILITY_IAM', 'CAPABILITY_AUTO_EXPAND'] 
2023-02-18 12:53:49,973 | Managed S3 stack [aws-sam-cli-managed-default] not found. Creating a new one.
        Creating the required resources...
2023-02-18 12:53:49,991 | Failed to create managed resources
Traceback (most recent call last):
  File "/Users/XXX/Projects/XXX/.venv/lib/python3.11/site-packages/samcli/lib/utils/managed_cloudformation_stack.py", line 166, in _create_or_get_stack
    stack = _create_stack(
            ^^^^^^^^^^^^^^
  File "/Users/XXX/Projects/XXX/.venv/lib/python3.11/site-packages/samcli/lib/utils/managed_cloudformation_stack.py", line 250, in _create_stack
    change_set_resp = cloudformation_client.create_change_set(
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/XXX/Projects/XXX/.venv/lib/python3.11/site-packages/botocore/client.py", line 530, in _api_call
    return self._make_api_call(operation_name, kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/XXX/Projects/XXX/.venv/lib/python3.11/site-packages/botocore/client.py", line 960, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.errorfactory.InsufficientCapabilitiesException: An error occurred (InsufficientCapabilitiesException) when calling the CreateChangeSet operation: Requires capabilities : [CAPABILITY_AUTO_EXPAND]
..
Error: Failed to create managed resources: An error occurred (InsufficientCapabilitiesException) when calling the CreateChangeSet operation: Requires capabilities : [CAPABILITY_AUTO_EXPAND]

> cat samconfig.toml

version = 0.1
[default]
[default.deploy]
[default.deploy.parameters]
stack_name = "XXX"
s3_prefix = "XXX"
region = "us-west-2"
profile = "XX"
capabilities = "CAPABILITY_IAM CAPABILITY_AUTO_EXPAND"
image_repositories = []

> sw_vers -productVersion                                                                                             
13.2.1

> pip show aws-sam-cli                                                                                                
Name: aws-sam-cli
Version: 1.73.0
...

> pip show aws-sam-cli-local
Name: aws-sam-cli-local
Version: 1.67.0
...

> samlocal --version                                                                                                  
SAM CLI, version 1.73.0
...

> python --version
Python 3.11.2
...

whummer commented 1 year ago

Thanks for reporting @berniedurfee-renaissance . We had a temporary glitch in our CI pipeline, and this issue should be fixed in the meantime. Can you please pull the latest LocalStack Docker image and give it another try? Please keep us posted on how it goes.. Thanks!

nickls commented 1 year ago

@whummer

Still broken for me on:

$ localstack --version
2.0.0.post1

$ samlocal --version                                                                      
SAM CLI, version 1.78.0

Error:

botocore.errorfactory.InsufficientCapabilitiesException: An error occurred (InsufficientCapabilitiesException) when calling the CreateStack operation: Requires capabilities : [CAPABILITY_AUTO_EXPAND]

Attempted Fix:

$ localstack update docker-images
✔ Image localstack/localstack-pro:latest up-to-date.
✔ Image localstack/localstack:latest updated.
✔ Image public.ecr.aws/lambda/python:3.8-x86_64 updated.

Localstack runtime:

LocalStack version: 2.0.1.dev20230330142015
LocalStack Docker container id: 3e30e551e672
LocalStack build date: 2023-03-30
LocalStack build git hash: 49133fb

nickls commented 1 year ago

Hi @whummer any updates on getting this fixed?

It is blocking me from using localstack and creating a Team account :)

simonrw commented 1 year ago

Hi @nickls, @berniedurfee-renaissance, would it be possible to post a minimal reproducible example SAM application? I'm not able to reproduce the problem with the default hello world sample application, and the same package versions you've shown.

In addition, would you mind running LocalStack with the DEBUG=1 and LS_LOG=trace environment variables set, and post the file created by running this command:

curl http://localhost:4566/_localstack/diagnose | gzip > diagnose.json.gz

I want to check that the requests SAM makes are making it through to LocalStack correctly.

nickls commented 1 year ago

@simonrw & @whummer

This is still failing, I deleted all of my localstack docker images and got new ones:

I uninstalled localstack and samlocal and reinstalled them. I moved from using brew to pip for localstack to see if that was the issue.

$samlocal --version
SAM CLI, version 1.78.0
$localstack --version
2.0.2

Starting Localstack: LS_LOG=trace DEBUG=1 localstack start

Running sam: samlocal deploy --stack-name local --resolve-s3 --capabilities CAPABILITY_IAM CAPABILITY_AUTO_EXPAND

Issue: botocore.errorfactory.InsufficientCapabilitiesException: An error occurred (InsufficientCapabilitiesException) when calling the CreateStack operation: Requires capabilities : [CAPABILITY_AUTO_EXPAND]

Test Stack: template.yaml

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: An AWS Serverless Application that uses nested stack.

Resources:
  ChildStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: child-stack.yaml

child-stack.yaml

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: An AWS Serverless Application that creates a hello world function.

Resources:
  HelloWorldFunction:
    Type: AWS::Serverless::Function 
    Properties:
      CodeUri: hello-world/
      Handler: app.lambdaHandler
      Runtime: nodejs14.x
      Events:
        HelloWorld:
          Type: Api 
          Properties:
            Path: /hello
            Method: get

hello-world/app.js

exports.lambdaHandler = async (event, context) => {
    try {
        var response = {
            'statusCode': 200,
            'body': JSON.stringify({
                message: 'hello world',
            })
        }
    } catch (err) {
        console.log(err);
        return err;
    }

    return response
};

Thanks for your help!

diagnose.json.gz

nickls commented 1 year ago

Not sure if it is relevant but my samlocal and sam are different versions:

$ sam --version
SAM CLI, version 1.84.0

$ samlocal --version
SAM CLI, version 1.78.0

rondinellimorais commented 1 year ago

Hi everyone, any updates on this case? This is blocking me. Just contributing here is what I tried:

:warning: NOTE

I verified that when you remove the Transform: AWS::Serverless-2016-10-31 from the child stack the deploy works correctly on the localstack, but of course it throws an error when trying to deploy to aws

Config

docker-compose.yml

```yml version: "3.1" services: localstack: image: localstack/localstack-pro:latest ports: - "443:443" - "4510-4520:4510-4520" - "4566-4597:4566-4597" environment: - SERVICES=cloudformation,s3 - AWS_DEFAULT_REGION=us-east-1 - DEBUG=1 - LAMBDA_EXECUTOR=docker-reuse - USE_LEGACY_PORTS=false - DOCKER_HOST=unix:///var/run/docker.sock - AWS_ACCESS_KEY_ID=local - AWS_SECRET_ACCESS_KEY=local - LOCALSTACK_API_KEY=${LOCALSTACK_API_KEY- } - DISABLE_CORS_CHECKS=1 - DISABLE_CUSTOM_CORS_APIGATEWAY=1 volumes: - "${TMPDIR:-/var/lib/localstack}:/var/lib/localstack" - "/var/run/docker.sock:/var/run/docker.sock" ```

template.yaml

```yaml AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Resources: MyStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: ./nested-stack.yaml ```

nested-stack.yaml

```yaml AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 # when this line is removed it works Resources: MyBucket: Type: AWS::S3::Bucket ```

samconfig.toml

```ini version = 0.1 [default.deploy.parameters] stack_name = "sam-app" s3_bucket = "" s3_prefix = "sam-app" region = "us-east-1" capabilities = "CAPABILITY_IAM CAPABILITY_NAMED_IAM CAPABILITY_AUTO_EXPAND" image_repositories = [] ```

Steps

start localstack (docker-compose up)
sam build
samlocal deploy --resolve-s3

Error applying changes for CloudFormation stack "sam-app": An error occurred (InsufficientCapabilitiesException) when calling the CreateStack operation: Requires capabilities : [CAPABILITY_AUTO_EXPAND]

macOs Big Sur
11.6.6
Intel

dominikschubert commented 9 months ago

This issue should have been fixed in the meantime. Child stacks are now created with additional capabilities :+1: If you're still experiencing this issue after updating localstack, please let us know!

localstack / aws-sam-cli-local