search

sparkleformation / sparkle_formation

Ruby orchestration templating library built with unicorns and rainbows
http://www.sparkleformation.io
Apache License 2.0
222 stars 47 forks source link

Issue with VPC peering connection... #242

Closed ghost closed 6 years ago

ghost commented 6 years ago

Hey Chris! Thanks for all your work on this project. Had a great time setting things up for some infra we'll be managing. I did run across one issue; not sure if this is related to sfn specifically, but maybe you could shed some light on it...

I am seeing the following error when trying to generate a vpc connection to a heroku vpc (in their new private spaces) and see the following:

2018-04-26 03:41:08 UTC   my-staging               CREATE_FAILED        The following resource(s) failed to create: [MyVpcPeeringConnection].

I have capabilities ['CAPABILITY_NAMED_IAM'] set in my .sfn config. and the dynamic block looks like this:

  dynamic!(:vpc_peering_connection, :my) do
    #depends_on!(:etison_iam_role)                                                                                                                

    properties do
      vpc_id ref!(:my_vpc)
      peer_vpc_id ref!(:heroku_vpc_id)
      peer_owner_id ref!(:heroku_aws_account_id)                                                                                                 
    end
  end

When I run the aws cli command to establish the VPC peering connection, it works fine with the same vpc / peer vpc info. aws cli is configured with same environment variables for same aws keys.

Seemed a little similar to this issue: https://github.com/sparkleformation/sfn/issues/225

I also tried to create a role with policies defined and then specify the PeerRoleArn as well in the properties block; also to no avail (diff error though: API: ec2:AcceptVpcPeeringConnection Not authorized to perform sts:AssumeRole). This was according to a response on this SO thread: https://stackoverflow.com/a/45672210/1566623

Not sure if I have something basic misconfigured here, but stack / resource creation works up until the point of the vpc connection (creates vpc, internet gateway, etc just fine, so basic authentication seems to be succeeding).

Please let me know if I can provide any other information that would be helpful. This is on latest version 3.0.30.

Thanks again for all your work on this and related projects. It's really nice to work with.

ghost commented 6 years ago

@chrisroberts I'm sorry, I meant to file this on the sfn repo, but I was looking at a former issue that came up on this one. Please let me know if you'd like me to move it to the other repository. Thanks!

ghost commented 6 years ago

Sorry, yeah, gonna go ahead and move this over.

https://github.com/sparkleformation/sfn/issues/276