mongodb / awscdk-resources-mongodbatlas

MongoDB Atlas AWS CDK Resources
Apache License 2.0
35 stars 17 forks source link

Internal Failure when creating CfnProject #167

Closed lockenj closed 1 year ago

lockenj commented 1 year ago

Describe the bug Getting the below error when attempting to create a CfnProject resource.

7:34:16 AM | CREATE_FAILED        | MongoDB::Atlas::Project     | EnvMongoAtlasEnvironmentProject69A3D7D5
Internal Failure

To Reproduce Steps to reproduce the behavior:

  1. After following all the prerequisites, setting up an Organization API Key, activating the cloudformation extensions etc...
  2. Run the included (below) cdk construct, with env variables for the API public/private keys.
  3. After a few minutes will receive the Internal Failure error.

Expected behavior I am expecting the CDK to deploy successfully and to have a project created within Mongo Atlas.

Please complete the following information:

Additional context Here is the CDK code that I am using...

    /********************************************************************/
    // ATLAS API KEY SECRET
    /********************************************************************/
    const mongoDBAtlasSecretShortProfileName = `env-${this.#_environmentName}`;
    const mongoDBAtlasSecretProfileName = `cfn/atlas/profile/${mongoDBAtlasSecretShortProfileName}`;

    //createMongoDBAtlasSecret
    const mongoDBAtlasSecret = new secretsmanager.Secret(this, 'MongoAtlasEnvironmentSecret', {
      secretName: mongoDBAtlasSecretProfileName,
      description: `Environment (${this.#_environmentName}) Secret used for MongoDB Atlas Cloud Formation api keys.`,
      secretObjectValue: {
        PublicKey: cdk.SecretValue.unsafePlainText(this.#_mongoPublicKey),
        PrivateKey: cdk.SecretValue.unsafePlainText(this.#_mongoPrivateKey),
      },
    });
    mongoDBAtlasSecret.applyRemovalPolicy(cdk.RemovalPolicy.DESTROY);

    /********************************************************************/
    // SETUP/RETRIEVE ATLAS PROJECT
    /********************************************************************/
    const atlasProject = new CfnProject(this, 'MongoAtlasEnvironmentProject', {
      name: this.#_projectName,
      orgId: this.#_organizationId,
      profile: mongoDBAtlasSecretShortProfileName,
      regionUsageRestrictions: 'NONE',
      projectSettings: {
        isPerformanceAdvisorEnabled: true,//Flag that indicates whether to enable the Performance Advisor and Profiler for the specified project.
        isSchemaAdvisorEnabled: true,//Flag that indicates whether to enable the Schema Advisor for the specified project.
        isExtendedStorageSizesEnabled: true, //Flag that indicates whether to enable extended storage sizes for the specified project.
        isCollectDatabaseSpecificsStatisticsEnabled: false,//Flag that indicates whether to collect database-specific metrics for the specified project.
        isDataExplorerEnabled: false,//Flag that indicates whether to enable the Data Explorer for the specified project.
        isRealtimePerformancePanelEnabled: false,//Flag that indicates whether to enable the Real Time Performance Panel for the specified project.
      },
      projectApiKeys: [
        {
          key: this.#_mongoPublicKey,
          roleNames: ["GROUP_CLUSTER_MANAGER"]
        }
      ]
    });
    atlasProject.applyRemovalPolicy(cdk.RemovalPolicy.DESTROY);
github-actions[bot] commented 1 year ago

Thanks for opening this issue! Please make sure to provide the following information to help us reproduce the issue:

Thanks for opening this issue. The ticket INTMDB-1397 was created for internal tracking.

lockenj commented 1 year ago

Just in case I attempted deploying this to us-east-1 as well. Same results!

lockenj commented 1 year ago

I see the same issue if I use the AtlasBasic example (https://github.com/mongodb/awscdk-resources-mongodbatlas/blob/main/examples/l3-resources/atlas-basic.ts)

lockenj commented 1 year ago

I also see the same error if I downgrade awscdk-resources-mongodbatlas to ^2.0.0

lockenj commented 1 year ago

I came across this post https://www.mongodb.com/community/forums/t/cloudformation-resources-atlas-project-not-working-in-cdk/183440/6 which is what I needed to figure this out.

I had multiple things wrong:

  1. I did not need the projectApiKeys: [] in the props of the CfnProject
  2. The role that is being used for the activation needed secretsmanager:GetSecretValue permissions
  3. I needed to open up the API Access List of the organization API key. I just used 0.0.0.0/1