Copilot-cli: Fewer than two subnets (of a type) results in failure
I've been spinning up and tearing down a few apps & environments for testing, and I suspect one of my teardowns left things in an inconsistent state because I'm now unable to create a new environment.
Rough steps I'm following to reproduce:
- Delete all apps & confirm no running clusters
- Create a new app (I provided a custom domain)
- Create a new environment with existing VPC / subnets
- Try deploying, see the following error:
$ copilot svc deploy --name rails --env staging
...
✔ Proposing infrastructure changes for stack retain-staging-rails
- Creating the infrastructure for stack retain-staging-rails [rollback complete] [69.2s]
The following resource(s) failed to create: [Service]. Rollback reques
ted by user.
- Service discovery for your services to communicate within the VPC [delete complete] [2.5s]
- An IAM Role for the Fargate agent to make AWS API calls on your behalf [delete complete] [3.2s]
- A CloudWatch log group to hold your service logs [delete complete] [3.2s]
- An ECS service to run and maintain your tasks in the environment cluster [delete complete] [0.0s]
Template error: Fn::Select cannot select nonexistent value at index 1
- An ECS task definition to group your containers and run them on ECS [delete complete] [2.5s]
- An IAM role to control permissions for the containers in your tasks [delete complete] [3.2s]
✘ deploy service: stack retain-staging-rails did not complete successfully and exited with status ROLLBACK_COMPLETE
Specifically this is the error: Template error: Fn::Select cannot select nonexistent value at index 1
I'm not sure how to get more verbose output to debug the problem.
blampe
All 5 comments
Edit: I was NOT able to work around this by deleting the application and rebuilding everything from scratch. I still get the same error, so I'm now going to look for some orphaned resources that might be causing this.
blampe
on 19 Mar 2021
Hello @blampe!
Thanks to the details you provided, we found a bug and are working on a fix now!
We think the problem is that our template was assuming you had two subnets and only found one. Did you bring your own VPC?
As a workaround before we get the bug fix released, rather than tearing down the entire app and rebuilding (sorry!), you can just recreate the environment making sure you are importing two subnets, not just one.
huanjani
on 19 Mar 2021
We think the problem is that our template was assuming you had two subnets and only found one. Did you bring your own VPC?
I did! Although I passed VPC + 2 subnets on the command-line like so:
copilot env init --name staging --profile default --app retain --import-vpc-id vpc-1234 --import-public-subnets subnet-1234 --import-private-subnets subnet-5678
Do the subnets need some additional configuration to make them available to copilot?
Edit: When I omit the CLI args and provide VPC/subnets via the prompts, I get this error:
Cannot export output PrivateSubnets. Exported values must not be empty or whitespace-only.. Rollback requested by user.
Sorry I wasn't clear earlier. When Copilot generates VPC resources for users, that includes two public and two private subnets. You were importing your subnets correctly (both via flags and prompts), but Copilot was looking for two of each type of subnet to export (from the environment CloudFormation template when running env init)-- the more recent error that you posted, and for placing your rails service (when running svc deploy)-- the first error you posted.
While generating two of each public and private subnet follows ECS best practice, it makes sense that we should support fewer when folks import their own VPCs! We will work to change this (or at least document the requirement), but in the meantime, is it possible for you to try importing two public and two private subnets?
Thanks for all your troubleshooting and apologies for this hidden requirement. Let us know how it goes!
huanjani
on 19 Mar 2021
Ah of course, that makes sense! I appreciate that the tool is encouraging some best practices. I was able to get things working after providing some additional subnets, thank you @huanjani!
blampe
on 19 Mar 2021
Related issues
iamhopaul123
·
3Comments
kohidave
·
3Comments
sundarnarasiman
·
3Comments
bvtujo
·
3Comments
camilosantana
·
3Comments
Most helpful comment
Ah of course, that makes sense! I appreciate that the tool is encouraging some best practices. I was able to get things working after providing some additional subnets, thank you @huanjani!