Aws-cdk: Can not create Pipeline. KMS Alias creation fails

Created on 2 Nov 2019  路  17Comments  路  Source: aws/aws-cdk

:question: General Issue

The Question

I am trying to create a Pipeline, by reusing code I used in the past and was working. The stack creation fails with error 

13/16 | 12:03:25 | CREATE_FAILED        | AWS::CodePipeline::Pipeline | ECSDemoFlaskSignupPipeline (ECSDemoFlaskSignupPipelineB0339F3C) Internal Failure

14/16 | 12:03:26 | CREATE_FAILED        | AWS::KMS::Alias             | ECSDemoFlaskSignupPipeline/ArtifactsBucketEncryptionKeyAlias (ECSDemoFlaskSignupPipelineArtifactsBucketEncryptionKeyAlias34AB1D1E) Resource creation cancelled

The KMS Alias does not exist already, so I don't think this is related to https://github.com/aws/aws-cdk/issues/4374. I tried the workaround proposed there but it still fails. The error message is a bit different although 

 13/15 | 12:18:00 | CREATE_FAILED        | AWS::CodePipeline::Pipeline | ECSDemoFlaskSignupPipeline (ECSDemoFlaskSignupPipelineB0339F3C) Internal Failure

The code I am using is here : https://github.com/sebsto/signup-flask-nginx-docker/blob/master/ecs/cdk-ecs-pipeline/lib/cdk-ecs-pipeline-stack.ts

Environment

  • CDK CLI Version: 
$ cdk --version
1.15.0 (build bdbe3aa)
  • Module Version: 
    "@aws-cdk/aws-codepipeline": "^1.15.0",
    "@aws-cdk/aws-codepipeline-actions": "^1.15.0",

  • OS:
    Mac OS Mojave

  • Language:
    Typescript

Other information

 12/16 | 12:03:25 | CREATE_IN_PROGRESS   | AWS::CodePipeline::Pipeline | ECSDemoFlaskSignupPipeline (ECSDemoFlaskSignupPipelineB0339F3C) 
 13/16 | 12:03:25 | CREATE_FAILED        | AWS::CodePipeline::Pipeline | ECSDemoFlaskSignupPipeline (ECSDemoFlaskSignupPipelineB0339F3C) Internal Failure
        new Pipeline (/Users/stormacq/Documents/amazon/code/training/demo/signup-flask-nginx-docker/ecs/cdk-ecs-pipeline/node_modules/@aws-cdk/aws-codepipeline/lib/pipeline.ts:251:26)
        \_ new CdkEcsPipelineStack (/Users/stormacq/Documents/amazon/code/training/demo/signup-flask-nginx-docker/ecs/cdk-ecs-pipeline/lib/cdk-ecs-pipeline-stack.ts:96:26)
        \_ Object.<anonymous> (/Users/stormacq/Documents/amazon/code/training/demo/signup-flask-nginx-docker/ecs/cdk-ecs-pipeline/bin/cdk-ecs-pipeline.ts:7:1)
        \_ Module._compile (internal/modules/cjs/loader.js:956:30)
        \_ Module.m._compile (/Users/stormacq/Documents/amazon/code/training/demo/signup-flask-nginx-docker/ecs/cdk-ecs-pipeline/node_modules/ts-node/src/index.ts:493:23)
        \_ Module._extensions..js (internal/modules/cjs/loader.js:973:10)
        \_ Object.require.extensions.<computed> [as .ts] (/Users/stormacq/Documents/amazon/code/training/demo/signup-flask-nginx-docker/ecs/cdk-ecs-pipeline/node_modules/ts-node/src/index.ts:496:12)
        \_ Module.load (internal/modules/cjs/loader.js:812:32)
        \_ Function.Module._load (internal/modules/cjs/loader.js:724:14)
        \_ Function.Module.runMain (internal/modules/cjs/loader.js:1025:10)
        \_ Object.<anonymous> (/Users/stormacq/Documents/amazon/code/training/demo/signup-flask-nginx-docker/ecs/cdk-ecs-pipeline/node_modules/ts-node/src/bin.ts:158:12)
        \_ Module._compile (internal/modules/cjs/loader.js:956:30)
        \_ Object.Module._extensions..js (internal/modules/cjs/loader.js:973:10)
        \_ Module.load (internal/modules/cjs/loader.js:812:32)
        \_ Function.Module._load (internal/modules/cjs/loader.js:724:14)
        \_ Function.Module.runMain (internal/modules/cjs/loader.js:1025:10)
        \_ /usr/local/lib/node_modules/npm/node_modules/libnpx/index.js:268:14
 14/16 | 12:03:26 | CREATE_FAILED        | AWS::KMS::Alias             | ECSDemoFlaskSignupPipeline/ArtifactsBucketEncryptionKeyAlias (ECSDemoFlaskSignupPipelineArtifactsBucketEncryptionKeyAlias34AB1D1E) Resource creation cancelled
        new Alias (/Users/stormacq/Documents/amazon/code/training/demo/signup-flask-nginx-docker/ecs/cdk-ecs-pipeline/node_modules/@aws-cdk/aws-kms/lib/alias.ts:153:22)
        \_ new Pipeline (/Users/stormacq/Documents/amazon/code/training/demo/signup-flask-nginx-docker/ecs/cdk-ecs-pipeline/node_modules/@aws-cdk/aws-codepipeline/lib/pipeline.ts:238:7)
        \_ new CdkEcsPipelineStack (/Users/stormacq/Documents/amazon/code/training/demo/signup-flask-nginx-docker/ecs/cdk-ecs-pipeline/lib/cdk-ecs-pipeline-stack.ts:96:26)
        \_ Object.<anonymous> (/Users/stormacq/Documents/amazon/code/training/demo/signup-flask-nginx-docker/ecs/cdk-ecs-pipeline/bin/cdk-ecs-pipeline.ts:7:1)
        \_ Module._compile (internal/modules/cjs/loader.js:956:30)
        \_ Module.m._compile (/Users/stormacq/Documents/amazon/code/training/demo/signup-flask-nginx-docker/ecs/cdk-ecs-pipeline/node_modules/ts-node/src/index.ts:493:23)
        \_ Module._extensions..js (internal/modules/cjs/loader.js:973:10)
        \_ Object.require.extensions.<computed> [as .ts] (/Users/stormacq/Documents/amazon/code/training/demo/signup-flask-nginx-docker/ecs/cdk-ecs-pipeline/node_modules/ts-node/src/index.ts:496:12)
        \_ Module.load (internal/modules/cjs/loader.js:812:32)
        \_ Function.Module._load (internal/modules/cjs/loader.js:724:14)
        \_ Function.Module.runMain (internal/modules/cjs/loader.js:1025:10)
        \_ Object.<anonymous> (/Users/stormacq/Documents/amazon/code/training/demo/signup-flask-nginx-docker/ecs/cdk-ecs-pipeline/node_modules/ts-node/src/bin.ts:158:12)
        \_ Module._compile (internal/modules/cjs/loader.js:956:30)
        \_ Object.Module._extensions..js (internal/modules/cjs/loader.js:973:10)
        \_ Module.load (internal/modules/cjs/loader.js:812:32)
        \_ Function.Module._load (internal/modules/cjs/loader.js:724:14)
        \_ Function.Module.runMain (internal/modules/cjs/loader.js:1025:10)
        \_ /usr/local/lib/node_modules/npm/node_modules/libnpx/index.js:268:14
@aws-cdaws-codepipeline @aws-cdaws-kms guidance response-requested
Source
picture sebsto
👍1

Most helpful comment

+1

I'm getting the same error in us-east-1

$ cdk --version
1.15.0 (build bdbe3aa)

"@aws-cdk/aws-codepipeline": "^1.15.0",
"@aws-cdk/aws-codepipeline-actions": "^1.15.0",

@sebsto Where you able to resolve this?

Update: I fixed my issue. It ended up being that I forgot to add CodePipeline as an OAuth app on github. Once I did that and added the OAuth token to my SecretsManager, everything worked like a charm.

picture tleef on 7 Nov 2019
👍4 🎉2

All 17 comments

Hey @sebsto ,

this looks like a 500 from the CodePipeline API :(. What region were you trying to deploy into?

Thanks,
Adam

skinny85 picture skinny85 on 4 Nov 2019

It was us-west-2 (Oregon). I did not try other regions yet.

sebsto picture sebsto on 4 Nov 2019

Can you retry?

skinny85 picture skinny85 on 4 Nov 2019

(In us-west-2)

skinny85 picture skinny85 on 4 Nov 2019

No changes :-(

sebsto picture sebsto on 4 Nov 2019

Let me try it.

skinny85 picture skinny85 on 4 Nov 2019

Tried it with my own CodePipeline, worked without an issue. I'll try your code.

skinny85 picture skinny85 on 4 Nov 2019

Can you give my user (skinny85) permissions to the GitHub repo sebsto/ecs-demo?

skinny85 picture skinny85 on 4 Nov 2019

Thanks for the permissions. I just deployed your stack in us-west-2 (see attached screenshot; the build is failing because the build/buildspec.yml file that you set as the buildspec of the project does not exist).

Sorry, I really don't know what else to tell you :(

Screen Shot 2019-11-04 at 12 22 40 PM

skinny85 picture skinny85 on 4 Nov 2019

If this happens during deployment, actually opening an issue to the CodePipeline team might be a better way forward (the Internal failure message looks to me like a response from their service).

skinny85 picture skinny85 on 4 Nov 2019

+1

I'm getting the same error in us-east-1

$ cdk --version
1.15.0 (build bdbe3aa)

"@aws-cdk/aws-codepipeline": "^1.15.0",
"@aws-cdk/aws-codepipeline-actions": "^1.15.0",

@sebsto Where you able to resolve this?

Update: I fixed my issue. It ended up being that I forgot to add CodePipeline as an OAuth app on github. Once I did that and added the OAuth token to my SecretsManager, everything worked like a charm.

tleef picture tleef on 7 Nov 2019
👍4 🎉2

Closing this issue since the problem seems to be directly with CodePipeline API. Feel free to reopen.

SomayaB picture SomayaB on 13 Nov 2019

If still someone coming here facing the same problem, following is a another scenario that you see this useless error message.

  • Make sure that your GITHUB_TOKEN is created and configured with the pipeline source action.
jkdilunika picture jkdilunika on 24 Feb 2020
👍3 🎉1

Sorry, what is the resolution again? can we specify?

larroy picture larroy on 28 May 2020

@larroy Like I said here: https://github.com/aws/aws-cdk/issues/4821#issuecomment-549531425 , I was unable to reproduce the issue.

Most likely, the problem is with your OAuth Token, so I would make sure to check that (a good first step might be hard-coding it using SecretValue.plainText('token-value').

skinny85 picture skinny85 on 28 May 2020

I think this happened to me because I used a non-existing Secret when I accessed it with 

oauth_token=core.SecretValue.secrets_manager(...)
larroy picture larroy on 28 May 2020

I think this happened to me because I used a non-existing Secret when I accessed it with

oauth_token=core.SecretValue.secrets_manager(...)

Yes, unfortunately that problem manifests itself in a rather ugly 500 error currently. However, I do know the CloudFormation team is planning to change that to handle it more gracefully.

skinny85 picture skinny85 on 28 May 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

thibaut-singlefile picture thibaut-singlefile  路  27Comments
laimonassutkus picture laimonassutkus  路  34Comments
julienlepine picture julienlepine  路  39Comments
DrLuke picture DrLuke  路  45Comments
juhofriman picture juhofriman  路  33Comments