imagebuilder custom_script.yaml is incompatible with GovCloud regions (work-around provided)
alfred-stokespace opened this issue · comments
Your problem is here
https://github.com/aws/aws-parallelcluster/blob/release-3.8/cli/src/pcluster/resources/imagebuilder/custom_script.yaml#L36
- name: Download
action: ExecuteBash
inputs:
commands:
- |
set -v
if [[ {{ build.ScriptUrlScheme.outputs.stdout }} == "https" ]]; then
curl --retry 3 -L -o {{ build.TempScript.outputs.stdout }} {{ build.ScriptUrl.outputs.stdout }}
elif [[ {{ build.ScriptUrlScheme.outputs.stdout }} == "s3" ]]; then
aws s3 cp {{ build.ScriptUrl.outputs.stdout }} {{ build.TempScript.outputs.stdout }}
else
echo "Invalid script url"
exit {{ build.Fail.outputs.stdout }}
fi
specifically
aws s3 cp {{ build.ScriptUrl.outputs.stdout }} {{ build.TempScript.outputs.stdout }}
The problem:
region is assumed and if you are in, say us-gov-west-1, that fails.
Confirmed work around:
When you are declaring your imagebuilder yaml you need to game the system.
Build:
Components:
- Type: script
Value: 's3://bucketname/path/to/wonderfull/things/necessary-script.sh --region us-gov-west-1'
Why that works...
Since aws s3 cp {{ build.ScriptUrl.outputs.stdout }} {{ build.TempScript.outputs.stdout }} gets interpreted by bash, bash doesn't care that s3://bucketname/path/to/wonderfull/things/necessary-script.sh --region us-gov-west-1 is actually two strings, so aws s3 gets the --region ... option.
This was confirmed to work in us-gov-west-1
Thanks @alfred-stokespace for sharing the finding and the workaround!