Open Fredi100 opened 2 years ago
I don't think there's anything automation API specific about this. Looks like just an issue with awsx apigateway.
We will look into this a bit more, but in the mean time setting the region explicitly is a good workaround, thanks for calling it out.
It's possible that this could be fixed by making sure this function (getRegionFromProvider
in utils.ts
) considers the region set by the AWS SDK as a fallback (i.e. aws.sdk.region
I believe?) I think the problem is that it only falls back to the provider config (stack config) if there is no explicit provider instance to use. But as noted by @Fredi100, if you don't set aws:region
in your stack config, then even that is undefined
.
What happened?
When creating an AWS API Gateway for a lambda using
awsx.apigateway.API
, the provisioning process fails. Setting the region beforehand viapulumi config set aws:region
fixes the problem.Steps to reproduce
aws configure
to provide an authenticationexport function createBackend(){
// Points to the built backend const packageArchive = new pulumi.asset.FileArchive("../../../dist/apps/backend");
// A simple s3 bucket to store the backend code const bucket = new aws.s3.Bucket("srcBucket", { acl: "public-read" });
// A bucket object containing the backend code as a zip file const bucketObject = new aws.s3.BucketObject("lambdaSourceObject",{ bucket: bucket, source: packageArchive, key: "backend.zip" }, {dependsOn: [bucket]});
const iamForLambda = new aws.iam.Role("iamForLambda", { assumeRolePolicy: JSON.stringify({ Version: "2012-10-17", Statement: [{ Action: "sts:AssumeRole", Principal: { Service: "lambda.amazonaws.com" }, Effect: "Allow", Sid: "" }] }) }, {dependsOn: [bucketObject]});
// The lambda function needs permissions to actually create logs const lambdaLogPolicy = new aws.iam.RolePolicy('lambdaLogPolicy', { role: iamForLambda, policy: JSON.stringify({ Version: "2012-10-17", Statement: [{ Effect: "Allow", Action: [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], Resource: "*" }] } as PolicyDocument) }, {dependsOn: [iamForLambda]});
// The lambda function needs permission to query database entries const lambdaDBPolicy = new aws.iam.RolePolicy('lambdaDBPolicy',{ role: iamForLambda, policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:BatchGetItem", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:Query", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem" ], "Resource": "arn:aws:dynamodb:*:*:table/DiscountCodesCreationLog" } ] }
}, {dependsOn: [iamForLambda]});// Creating the actual lambda function const lambda = new aws.lambda.Function(
backendLambda
, { role: iamForLambda.arn, runtime: "nodejs14.x", handler: "main.handler", s3Bucket: bucket.id, s3Key: bucketObject.key, memorySize: 256, environment: { variables: { production: 'true' } } }, {dependsOn: [bucketObject, iamForLambda, lambdaLogPolicy, lambdaDBPolicy]});const api = new awsx.apigateway.API("awsxTest", { routes: [ { path: "/api", method: "ANY", eventHandler: lambda }, { path: "/api/{proxy+}", method: "ANY", eventHandler: lambda } ] }, {dependsOn: [lambda]}) }
createBackend();
Diagnostics: pulumi:pulumi:Stack (Backend-dev): error: update failed
aws:apigateway:RestApi (awsxTest): error: 1 error occurred:
I was running
pulumi up --logtostderr --logflow -v=9 2> out.txt
to get a more comprehensive log. At the very end was following error response from aws included:When looking at the uri of the integration, the region is undefined.
*Note: I have replaced my aws id with
<id>
.Versions used
Here is the version of pulumi I was using:
Additional context
The error message provided by the
pulumi cli
only states an invalidARN
. As the invalidURI
for the failing integration which includes theundefined
part is not provided, its not very clear as to what the actual problem is. Especially because theARN
and theURI
are automatically created and therefore not accessible to the user.Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).