Open DrYSG opened 5 years ago
medikoo
commented
5 years ago ECYCLE error looks as npm bug. While presented CloudFormation error suggests that role you provide with cfnRole setting doesn't have "lambda.amazonaws.com" listed as one of the trusted principal services.
See also similar issue: https://github.com/serverless/serverless/issues/6876
DrYSG
commented
5 years ago I am new to AWS, but not new to other clouds (e.g. openstack). I thought I set the trust relationship up properly on the lambda-role: arn:aws:iam::237632220688:role/lambda-role
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}cfnRole is also used to deploy CloudFormation stack, so you also need to add "cloudformation.amazonaws.com" as principal (Service can be an array)
DrYSG
commented
5 years ago Moving forward, but only an inch at a time. Did not see any permission in attach permission for the role that matched this error:
btw: thank you @medikoo for your patience with this one. It really shows a lot of maturity.
> serverless deploy --force
Serverless: Packaging service...
Serverless: Excluding development dependencies...
Serverless: Installing dependencies for custom CloudFormation resources...
Serverless: Safeguards Processing...
Serverless: Safeguards Results:
Summary --------------------------------------------------
passed - no-secret-env-vars
passed - allowed-regions
passed - framework-version
passed - allowed-runtimes
passed - allowed-stages
passed - no-unsafe-wildcard-iam-permissions
passed - require-cfn-role
Serverless: Safeguards Summary: 7 passed, 0 warnings, 0 errors
Serverless: Uploading CloudFormation file to S3...
Serverless: Uploading artifacts...
Serverless: Uploading service apollo-lambda.zip file to S3 (8.5 MB)...
Serverless: Uploading custom CloudFormation resources...
Serverless: Validating template...
Serverless: Updating Stack...
Serverless: Checking Stack update progress...
......
Serverless: Operation failed!
Serverless: View the full error output: https://us-east-2.console.aws.amazon.com/cloudformation/home?region=us-east-2#/stack/detail?stackId=arn%3Aaws%3Acloudformation%3Aus-east-2%3A237632220688%3Astack%2Fapollo-lambda-dev%2Ff261f840-0a36-11ea-88a7-0294f7a52ca2
Serverless: Publishing service to the Serverless Dashboard...
Serverless: Successfully published your service to the Serverless Dashboard: https://dashboard.serverless.com/tenants/ygutfreund/applications/awsapollo/services/apollo-lambda/stage/dev/region/us-east-2
Serverless Error ---------------------------------------
An error occurred: IamRoleLambdaExecution - API: iam:AttachRolePolicy User: arn:aws:sts::237632220688:assumed-role/lambda-role/AWSCloudFormation is not authorized to perform: iam:AttachRolePolicy on resource: role apollo-lambda-dev-us-east-2-lambdaRole.
Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Issues: forum.serverless.com
Your Environment Information ---------------------------
Operating System: win32
Node Version: 10.9.0
Framework Version: 1.57.0
Plugin Version: 3.2.3
SDK Version: 2.2.1
Components Core Version: 1.1.2
Components CLI Version: 1.4.0
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! awsapollo@1.0.0 deploy: `serverless deploy --force`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the awsapollo@1.0.0 deploy script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\ysg4206\AppData\Roaming\npm-cache\_logs\2019-11-18T19_29_43_264Z-debug.log@DrYSG if I see correctly, this error simply points that cfnRole you've attached misses some permissions to successfully deploy your service
This YML file was working before I added the cfnRole and stage:
D:\wwwroot\awsApollo>D:
D:\wwwroot\awsApollo>cd "D:\wwwroot\awsApollo"
D:\wwwroot\awsApollo>npm run deploy
Serverless: Packaging service... Serverless: Excluding development dependencies... Serverless: Installing dependencies for custom CloudFormation resources... Serverless: Safeguards Processing... Serverless: Safeguards Results:
Summary --------------------------------------------------
passed - allowed-regions passed - framework-version passed - no-secret-env-vars passed - allowed-runtimes passed - allowed-stages passed - no-unsafe-wildcard-iam-permissions passed - require-cfn-role
Serverless: Safeguards Summary: 7 passed, 0 warnings, 0 errors Serverless: Creating Stack... Serverless: Publishing service to the Serverless Dashboard... Serverless: Successfully published your service to the Serverless Dashboard: https://dashboard.serverless.com/tenants/ygutfreund/applications/awsapollo/services/apollo-lambda/stage/dev/region/us-east-2
Serverless Error ---------------------------------------
Role arn:aws:iam::237632220688:role/lambda-role is invalid or cannot be assumed
Get Support -------------------------------------------- Docs: docs.serverless.com Bugs: github.com/serverless/serverless/issues Issues: forum.serverless.com
Your Environment Information --------------------------- Operating System: win32 Node Version: 10.9.0 Framework Version: 1.57.0 Plugin Version: 3.2.3 SDK Version: 2.2.1 Components Core Version: 1.1.2 Components CLI Version: 1.4.0
npm ERR! code ELIFECYCLE npm ERR! errno 1 npm ERR! awsapollo@1.0.0 deploy:
serverless deploynpm ERR! Exit status 1 npm ERR! npm ERR! Failed at the awsapollo@1.0.0 deploy script. npm ERR! This is probably not a problem with npm. There is likely additional logging output above.npm ERR! A complete log of this run can be found in: npm ERR! C:\Users\ysg4206\AppData\Roaming\npm-cache_logs\2019-11-15T16_01_23_024Z-debug.log
0 info it worked if it ends with ok 1 verbose cli [ 'C:\Program Files\nodejs\node.exe', 1 verbose cli 'C:\Users\ysg4206\AppData\Roaming\npm\node_modules\npm\bin\npm-cli.js', 1 verbose cli 'run', 1 verbose cli 'deploy' ] 2 info using npm@6.9.0 3 info using node@v10.9.0 4 verbose run-script [ 'predeploy', 'deploy', 'postdeploy' ] 5 info lifecycle awsapollo@1.0.0~predeploy: awsapollo@1.0.0 6 info lifecycle awsapollo@1.0.0~deploy: awsapollo@1.0.0 7 verbose lifecycle awsapollo@1.0.0~deploy: unsafe-perm in lifecycle true 8 verbose lifecycle awsapollo@1.0.0~deploy: PATH: C:\Users\ysg4206\AppData\Roaming\npm\node_modules\npm\node_modules\npm-lifecycle\node-gyp-bin;D:\wwwroot\awsApollo\node_modules.bin;D:\Program Files (x86)\Python37-32\Scripts\;D:\Program Files (x86)\Python37-32\;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\ProgramData\Oracle\Java\javapath;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\ProgramData\chocolatey\bin;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;D:\Program Files (x86)\PFPS\system;C:\Program Files\dotnet\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files (x86)\GtkSharp\2.12\bin;c:\program files\MATLAB\R2018a\runtime\win64;c:\program files\MATLAB\R2018a\bin;D:\Program Files\TortoiseSVN\bin;D:\Program Files\CMake\bin;C:\ProgramData\WebEx\WebEx\Applications;C:\Program Files\nodejs\;D:\Program Files\FME\;C:\Program Files (x86)\HID Global\ActivClient\;C:\Program Files\HID Global\ActivClient\;C:\Program Files\Git\cmd;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\PuTTY\;C:\Program Files\ibm\gsk8\lib64;C:\Program Files\ibm\gsk8\lib64;D:\Program Files\FME2020\;C:\Program Files\Amazon\AWSCLI\bin\;C:\Program Files\Amazon\AWSSAMCLI\bin\;C:\Users\ysg4206\AppData\Local\Microsoft\WindowsApps;C:\Users\ysg4206\AppData\Local\Programs\Fiddler;C:\Users\ysg4206\AppData\Roaming\npm;C:\Users\ysg4206\AppData\Local\Programs\Microsoft VS Code\bin;D:\Program Files (x86)\Microsoft Visual Studio\2017\Professional\MSBuild\15.0\Bin;D:\Program Files\CMake\bin;C:\Users\ysg4206\AppData\Local\Microsoft\WindowsApps; 9 verbose lifecycle awsapollo@1.0.0~deploy: CWD: D:\wwwroot\awsApollo 10 silly lifecycle awsapollo@1.0.0~deploy: Args: [ '/d /s /c', 'serverless deploy' ] 11 silly lifecycle awsapollo@1.0.0~deploy: Returned: code: 1 signal: null 12 info lifecycle awsapollo@1.0.0~deploy: Failed to exec deploy script 13 verbose stack Error: awsapollo@1.0.0 deploy: (C:\Users\ysg4206\AppData\Roaming\npm\node_modules\npm\node_modules\npm-lifecycle\index.js:301:16)
13 verbose stack at EventEmitter.emit (events.js:182:13)
13 verbose stack at ChildProcess. (C:\Users\ysg4206\AppData\Roaming\npm\node_modules\npm\node_modules\npm-lifecycle\lib\spawn.js:55:14)
13 verbose stack at ChildProcess.emit (events.js:182:13)
13 verbose stack at maybeClose (internal/child_process.js:961:16)
13 verbose stack at Process.ChildProcess._handle.onexit (internal/child_process.js:250:5)
14 verbose pkgid awsapollo@1.0.0
15 verbose cwd D:\wwwroot\awsApollo
16 verbose Windows_NT 10.0.17763
17 verbose argv "C:\Program Files\nodejs\node.exe" "C:\Users\ysg4206\AppData\Roaming\npm\node_modules\npm\bin\npm-cli.js" "run" "deploy"
18 verbose node v10.9.0
19 verbose npm v6.9.0
20 error code ELIFECYCLE
21 error errno 1
22 error awsapollo@1.0.0 deploy:
serverless deploy13 verbose stack Exit status 1 13 verbose stack at EventEmitter.serverless deploy22 error Exit status 1 23 error Failed at the awsapollo@1.0.0 deploy script. 23 error This is probably not a problem with npm. There is likely additional logging output above. 24 verbose exit [ 1, true ]