Update to v7.x.x gives warning that domain does not exist

Question

Update to v7.x.x gives warning that domain does not exist

chris opened this issue a year ago · comments

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Support Question

Question
When I update to serverless-domain-manager version 7.x (from 6.4.4), I now get a warning that says my domain does not exist. Specifically I see:

Warning: V1 - 'api.mycustom-test.io' does not exist.

This is for an existing/deployed service (for a couple years now). I am using Serverless framework 3.30.1, running on macOS.

It concerns me that it doesn't think my domain exists? Yet it obviously does, and this only gets printed with v7 of the plugin, any prior version did not show this warning, and my custom domain is working fine. I have not done a deploy with v7 as this makes me nervous that something will be broken with this version (so I don't know if a deploy would somehow fix this, etc.).

Command Run
sls info

Console Output
(Note, I've substituted "mycustom" for the name of my actual domain.)

❯ sls info
Warning: V1 - 'api.mycustom-test.io' does not exist.
service: mycustom-api
stage: dev
region: us-east-2
stack: mycustom-api-dev
endpoints:
  GET - https://abc12ab123.execute-api.us-east-2.amazonaws.com/dev/mycustom
  GET - https://abc12ab123.execute-api.us-east-2.amazonaws.com/dev/mycustom/widget
functions:
  mycustom: mycustom-api-dev-mycustom
  mycustomWidget: mycustom-api-dev-mycustomWidget

Domain Manager Configuration
Replace this with your own serverless.yml file (anonymized, of course) to help us better resolve your issue.

custom:
  domainNames:
    dev: api.mycustom-test.io
    production: api.mycustom.io
  customDomain:
    domainName: ${self:custom.domainNames.${self:provider.stage}}
    basePath: ''
    stage: ${self:provider.stage}
    createRoute53Record: true
    endpointType: REGIONAL
    securityPolicy: tls_1_2

Versions

Domain Manager version(s): 7.0.2
Node/npm version: Node 19.9.0/npm 9.6.3
Serverless Version: 3.30.1
Lambda Code: Go

Additional context/Screenshots

Dima Revutskyi · Answer 1 · Wed Apr 19 2023 14:20:50 GMT+0800 (China Standard Time)

Hi @chris

It looks like the ApiGateway Custom Domain is not created.

Have you run the create_domain?
Try to add autoDomain=true to the customDomain config

Chris Bailey · Answer 2 · Wed Apr 19 2023 15:29:06 GMT+0800 (China Standard Time)

@rddimon The domain exists - the service has been deployed and using this domain for 3 years. The only change made here is updating the serverless-domain-manager plugin from v6.4.4 to v7.0.2.

Dima Revutskyi · Answer 3 · Wed Apr 19 2023 16:09:45 GMT+0800 (China Standard Time)

@chris hmm then it might be related to the wrong region
My guess is that the ApiGateway V1 tries to check us-east-1 instead of us-east-2

Is the region specified under the provider section in the serverless.yml config?
Can you try to run sls info --region us-east-2?

Chris Bailey · Answer 4 · Thu Apr 20 2023 00:52:35 GMT+0800 (China Standard Time)

@rddimon yes, the region is set in the provider section. And, running sls info --region us-east-2 has the same result (still get the warning). I tried a few other things, like specifying the certificateArn and I've explicitly added in apiType: rest, but no change.

I will see if I can try pulling down the source and using the plugin from source and doing some debugging to see exactly where/what is triggering the alert. If you have any guidance on at least setting up using the plugin from a local copy/source, that'd be helpful (I didn't see that in the GitHub info, but maybe it's fairly standard (I don't do a lot of JavaScript, so not familiar with how to set that up).

Dima Revutskyi · Answer 5 · Thu Apr 20 2023 01:01:56 GMT+0800 (China Standard Time)

You will need to run npm run build to build the source with changes inside the plugin folder
And install the plugin from the folder npm install path/to/the/plugin

Chris Bailey · Answer 6 · Thu Apr 20 2023 09:03:07 GMT+0800 (China Standard Time)

Ok, maybe some insight, although I'd think this would affect nearly anyone and thus would be a much bigger problem. It may have to do with the profile/credentials. I noticed that no credentials are provided to the APIGatewayClient (whereas at least there's a parameter for it in the 6.4.4 where it creates the APIGateway instance.. I am not using the default profile in my AWS config (I am specifying the profile in provider.profile in serverless.yml though).

When I use 7.0.2, and I log the actual error message from AWS for this, I get:
NotFoundException: Invalid domain name identifier specified

So, I made the smallest test program I could to try things out, and indeed, if I don't specify credentials, this is the error I get. If I do specify credentials, then it properly returns the domain.

Here is the test program I'm using:

import { APIGatewayClient, ainNameCommand } from "@aws-sdk/-api-gateway";
import { fromIni } from "@aws-sdk/tial-providers";

async function testIt() {
    const credentials = fromIni({profile: mycustom-admin-dev'});
    const client = new APIGatewayClient({credentials: credentials, region: 'us-east-2'});
    const command = new GetDomainNameCommand({ domainName: "api.mycustom-test.io" });
    const response = await client.send(command);
    console.log(`response: ${JSON.stringify(response)}`);
}

testIt()

Here's the case with failure (i.e. if I don't include the credentials: credentials when creating the APIGatewayClient:

❯ node ./index.mjs
/Users/chris/Code/aws-api-gateway-domain-check/node_modules/@aws-sdk/client-api-gateway/dist-cjs/protocols/Aws_restJson1.js:8668
    const exception = new models_0_1.NotFoundException({
                      ^

NotFoundException: Invalid domain name identifier specified
    at de_NotFoundExceptionRes (/Users/chris/Code/aws-api-gateway-domain-check/node_modules/@aws-sdk/client-api-gateway/dist-cjs/protocols/Aws_restJson1.js:8668:23)
    at de_GetDomainNameCommandError (/Users/chris/Code/aws-api-gateway-domain-check/node_modules/@aws-sdk/client-api-gateway/dist-cjs/protocols/Aws_restJson1.js:5291:25)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async /Users/chris/Code/aws-api-gateway-domain-check/node_modules/@aws-sdk/middleware-serde/dist-cjs/deserializerMiddleware.js:7:24
    at async /Users/chris/Code/aws-api-gateway-domain-check/node_modules/@aws-sdk/middleware-signing/dist-cjs/middleware.js:14:20
    at async /Users/chris/Code/aws-api-gateway-domain-check/node_modules/@aws-sdk/middleware-retry/dist-cjs/retryMiddleware.js:27:46
    at async /Users/chris/Code/aws-api-gateway-domain-check/node_modules/@aws-sdk/middleware-logger/dist-cjs/loggerMiddleware.js:7:26
    at async testIt (file:///Users/chris/Code/aws-api-gateway-domain-check/index.mjs:15:19) {
  '$fault': 'client',
  '$metadata': {
    httpStatusCode: 404,
    requestId: '40d82d61-9d23-4f82-8d93-1408659d32d4',
    extendedRequestId: undefined,
    cfId: undefined,
    attempts: 1,
    totalRetryDelay: 0
  }
}

When I specify the credentials, then the success response is the following (I obscured a few values):

❯ node ./index.mjs
response: {"$metadata":{"httpStatusCode":200,"requestId":"730b3cb3-5581-4774-b749-c7cd16ba4bb4","attempts":1,"totalRetryDelay":0},"certificateUploadDate":"2020-01-15T00:37:51.000Z","domainName":"api.mycustom-test.io","domainNameStatus":"AVAILABLE","endpointConfiguration":{"ipv6":false,"types":["REGIONAL"]},"regionalCertificateArn":"arn:aws:acm:us-east-2:111111111111:certificate/12345678-1234-1234-1234-1234567890","regionalDomainName":"d-1234567890.execute-api.us-east-2.amazonaws.com","regionalHostedZoneId":"ABCDEFGHIJ","securityPolicy":"TLS_1_2","tags":{}}

Dima Revutskyi · Answer 7 · Thu Apr 20 2023 19:02:13 GMT+0800 (China Standard Time)

Thank you for the investigation!

In version 6.4.4 we used AWS SDK V2 to get credentials

In the new AWS SDK V3 I haven't found alternatives

The provider.profile is serverless feature and AWS SDK does not handle it
I will add support for it

Very helpful work, thank you!

Dima Revutskyi · Answer 8 · Fri May 05 2023 15:19:57 GMT+0800 (China Standard Time)

Hi @chris

Will you be able to try the latest version and let us know the result?

Chris Bailey · Answer 9 · Tue May 09 2023 08:00:49 GMT+0800 (China Standard Time)

I've updated to 7.0.3, and this does indeed seem to fix things. No more errors/alerts, and my deploy seems to be correct. Thanks for the fix!

liam-ot · Answer 10 · Fri Jun 23 2023 03:13:44 GMT+0800 (China Standard Time)

using v7.0.4, same set up as @chris and i am getting the same warning and the custom domain is deploying a new API gateway endpoint rather than linking to the existing API gateway resource

config:

  customDomain:
    hostedZoneId: "FOOBAR"
    domainName: api.domain.com
    stage: acceptance
    certificateArn: arn:aws:acm:eu-central-1:123456789:certificate/foo-bar-certificate-1234
    certificateName: "*.domain.com"
    createRoute53Record: true
    createRoute53IPv6Record: true
    endpointType: "regional"
    securityPolicy: tls_1_2
    apiType: rest