Deploying China region

Question

Deploying China region

toshilam opened this issue 5 years ago · comments

Please use GitHub issues only to report bugs. To ask a general question or request assistance/support, please use the Claudia.js Gitter Chat instead.

To report a bug or a problem, please fill in the sections below. The more you provide, the better we'll be able to help.

Expected behaviour:
when deploying lambda function to China region "cn-north-1", calling : "claudia create"
the full command :

claudia create --profile cn --name cn-func-prod --region cn-north-1 --api-module src/index --timeout 15 --memory 1024 --config claudia.cn.prod.json --version prod --role lambda-vpc-execution-role --use-s3-bucket xxx

What actually happens:
always return :
InvalidClientTokenId: The security token included in the request is invalid.
in a step get/creating role.

To fix this issue, passing region when initialize aws IAM

new aws.IAM({region: options.region})

Gojko Adzic · Answer 1 · Sun May 05 2019 17:35:09 GMT+0800 (China Standard Time)

Thanks, this is a bug, and I'll fix it in the next release. Meanwhile, setting the AWS_REGION env variable before running claudia should be a workaround, the IAM initialiser should pick that up.

toshilam · Answer 2 · Sun May 05 2019 18:04:54 GMT+0800 (China Standard Time)

Thanks, this is a bug, and I'll fix it in the next release. Meanwhile, setting the AWS_REGION env variable before running claudia should be a workaround, the IAM initialiser should pick that up.

thank you so much @gojko

Gojko Adzic · Answer 3 · Wed May 15 2019 21:06:02 GMT+0800 (China Standard Time)

claudia 5.5.0 is now on NPM, should fix this. can you please try and let me know if it's OK?

toshilam · Answer 4 · Fri May 17 2019 00:11:54 GMT+0800 (China Standard Time)

claudia 5.5.0 is now on NPM, should fix this. can you please try and let me know if it's OK?

cool. will give it a try this weekend. thank you gojko.
by the way, I actually found more things may need to change for CN region. I will create a new branch and fix it on my side. will keep you updated.

Gojko Adzic · Answer 5 · Thu Jun 27 2019 19:03:25 GMT+0800 (China Standard Time)

closing this due to inactivity. if something still needs to be done here, please reopen.

Chao · Answer 6 · Mon May 25 2020 15:14:13 GMT+0800 (China Standard Time)

@toshilam it seems that deployment to China region still fails, I use region cn-northwest-1, claudiajs version 5.12.0. The stack traces are:

{ UnknownEndpoint: Inaccessible host: `iam.cn-northwest-1.amazonaws.com.cn'. This service may not be available in the `cn-northwest-1' region.
    at Request.ENOTFOUND_ERROR (/Users/xiechao/.config/nvm/10.20.1/lib/node_modules/claudia/node_modules/aws-sdk/lib/event_listeners.js:495:46)
    at Request.callListeners (/Users/xiechao/.config/nvm/10.20.1/lib/node_modules/claudia/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
    at Request.emit (/Users/xiechao/.config/nvm/10.20.1/lib/node_modules/claudia/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/Users/xiechao/.config/nvm/10.20.1/lib/node_modules/claudia/node_modules/aws-sdk/lib/request.js:683:14)
    at ClientRequest.error (/Users/xiechao/.config/nvm/10.20.1/lib/node_modules/claudia/node_modules/aws-sdk/lib/event_listeners.js:333:22)
    at ClientRequest.<anonymous> (/Users/xiechao/.config/nvm/10.20.1/lib/node_modules/claudia/node_modules/aws-sdk/lib/http/node.js:96:19)
    at ClientRequest.emit (events.js:198:13)
    at ClientRequest.EventEmitter.emit (domain.js:448:20)
    at TLSSocket.socketErrorListener (_http_client.js:401:9)
    at TLSSocket.emit (events.js:198:13)
  message:
   'Inaccessible host: `iam.cn-northwest-1.amazonaws.com.cn\'. This service may not be available in the `cn-northwest-1\' region.',
  code: 'UnknownEndpoint',
  region: 'cn-northwest-1',
  hostname: 'iam.cn-northwest-1.amazonaws.com.cn',
  retryable: true,
  originalError:
   { Error: getaddrinfo ENOTFOUND iam.cn-northwest-1.amazonaws.com.cn iam.cn-northwest-1.amazonaws.com.cn:443
       at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:56:26)
     message:
      'getaddrinfo ENOTFOUND iam.cn-northwest-1.amazonaws.com.cn iam.cn-northwest-1.amazonaws.com.cn:443',
     errno: 'ENOTFOUND',
     code: 'NetworkingError',
     syscall: 'getaddrinfo',
     hostname: 'iam.cn-northwest-1.amazonaws.com.cn',
     host: 'iam.cn-northwest-1.amazonaws.com.cn',
     port: 443,
     region: 'cn-northwest-1',
     retryable: true,
     time: 2020-05-25T07:06:26.846Z },
  time: 2020-05-25T07:06:26.846Z }

I guess the failure is due to that claudiajs use the IAM service URL iam.cn-northwest-1.amazonaws.com.cn is not valid in China regions.
I find a workaround that specifying an existing role with lambda permissions in command-line arguments like claudia create ... --role <rolearn>. However it is still a bug, may you consider to reopen this issue?

toshilam · Answer 7 · Tue Jun 09 2020 10:17:46 GMT+0800 (China Standard Time)

@toshilam it seems that deployment to China region still fails, I use region cn-northwest-1, claudiajs version 5.12.0. The stack traces are:

{ UnknownEndpoint: Inaccessible host: `iam.cn-northwest-1.amazonaws.com.cn'. This service may not be available in the `cn-northwest-1' region.
    at Request.ENOTFOUND_ERROR (/Users/xiechao/.config/nvm/10.20.1/lib/node_modules/claudia/node_modules/aws-sdk/lib/event_listeners.js:495:46)
    at Request.callListeners (/Users/xiechao/.config/nvm/10.20.1/lib/node_modules/claudia/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
    at Request.emit (/Users/xiechao/.config/nvm/10.20.1/lib/node_modules/claudia/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/Users/xiechao/.config/nvm/10.20.1/lib/node_modules/claudia/node_modules/aws-sdk/lib/request.js:683:14)
    at ClientRequest.error (/Users/xiechao/.config/nvm/10.20.1/lib/node_modules/claudia/node_modules/aws-sdk/lib/event_listeners.js:333:22)
    at ClientRequest.<anonymous> (/Users/xiechao/.config/nvm/10.20.1/lib/node_modules/claudia/node_modules/aws-sdk/lib/http/node.js:96:19)
    at ClientRequest.emit (events.js:198:13)
    at ClientRequest.EventEmitter.emit (domain.js:448:20)
    at TLSSocket.socketErrorListener (_http_client.js:401:9)
    at TLSSocket.emit (events.js:198:13)
  message:
   'Inaccessible host: `iam.cn-northwest-1.amazonaws.com.cn\'. This service may not be available in the `cn-northwest-1\' region.',
  code: 'UnknownEndpoint',
  region: 'cn-northwest-1',
  hostname: 'iam.cn-northwest-1.amazonaws.com.cn',
  retryable: true,
  originalError:
   { Error: getaddrinfo ENOTFOUND iam.cn-northwest-1.amazonaws.com.cn iam.cn-northwest-1.amazonaws.com.cn:443
       at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:56:26)
     message:
      'getaddrinfo ENOTFOUND iam.cn-northwest-1.amazonaws.com.cn iam.cn-northwest-1.amazonaws.com.cn:443',
     errno: 'ENOTFOUND',
     code: 'NetworkingError',
     syscall: 'getaddrinfo',
     hostname: 'iam.cn-northwest-1.amazonaws.com.cn',
     host: 'iam.cn-northwest-1.amazonaws.com.cn',
     port: 443,
     region: 'cn-northwest-1',
     retryable: true,
     time: 2020-05-25T07:06:26.846Z },
  time: 2020-05-25T07:06:26.846Z }

I guess the failure is due to that claudiajs use the IAM service URL iam.cn-northwest-1.amazonaws.com.cn is not valid in China regions.
I find a workaround that specifying an existing role with lambda permissions in command-line arguments like claudia create ... --role <rolearn>. However it is still a bug, may you consider to reopen this issue?

@xiechao06 ya, claudiajs is not supporting well for CN region. and there a some restrictions in CN region (not sure still valid today)

lambda ENV variables is not supported
API gateway in edge mode is not supported

kucheech · Answer 8 · Thu Jun 11 2020 14:30:44 GMT+0800 (China Standard Time)

Is deployment to AWS China possible?

I have the following error now
creating REST API apigateway.setAcceptHeader BadRequestException: Endpoint Configuration type EDGE is not supported in this region: cn-north-1 at Object.extractError (d:\tools\nvm\v12.16.1\node_modules\claudia\node_modules\aws-sdk\lib\protocol\json.js:51:27) at Request.extractError (d:\tools\nvm\v12.16.1\node_modules\claudia\node_modules\aws-sdk\lib\protocol\rest_json.js:55:8) at Request.callListeners (d:\tools\nvm\v12.16.1\node_modules\claudia\node_modules\aws-sdk\lib\sequential_executor.js:106:20) at Request.emit (d:\tools\nvm\v12.16.1\node_modules\claudia\node_modules\aws-sdk\lib\sequential_executor.js:78:10) at Request.emit (d:\tools\nvm\v12.16.1\node_modules\claudia\node_modules\aws-sdk\lib\request.js:683:14) at Request.transition (d:\tools\nvm\v12.16.1\node_modules\claudia\node_modules\aws-sdk\lib\request.js:22:10) at AcceptorStateMachine.runTo (d:\tools\nvm\v12.16.1\node_modules\claudia\node_modules\aws-sdk\lib\state_machine.js:14:12) at d:\tools\nvm\v12.16.1\node_modules\claudia\node_modules\aws-sdk\lib\state_machine.js:26:10 at Request.<anonymous> (d:\tools\nvm\v12.16.1\node_modules\claudia\node_modules\aws-sdk\lib\request.js:38:9) at Request.<anonymous> (d:\tools\nvm\v12.16.1\node_modules\claudia\node_modules\aws-sdk\lib\request.js:685:12) at Request.callListeners (d:\tools\nvm\v12.16.1\node_modules\claudia\node_modules\aws-sdk\lib\sequential_executor.js:116:18) at Request.emit (d:\tools\nvm\v12.16.1\node_modules\claudia\node_modules\aws-sdk\lib\sequential_executor.js:78:10) at Request.emit (d:\tools\nvm\v12.16.1\node_modules\claudia\node_modules\aws-sdk\lib\request.js:683:14) at Request.transition (d:\tools\nvm\v12.16.1\node_modules\claudia\node_modules\aws-sdk\lib\request.js:22:10) at AcceptorStateMachine.runTo (d:\tools\nvm\v12.16.1\node_modules\claudia\node_modules\aws-sdk\lib\state_machine.js:14:12) at d:\tools\nvm\v12.16.1\node_modules\claudia\node_modules\aws-sdk\lib\state_machine.js:26:10 { message: 'Endpoint Configuration type EDGE is not supported in this region: cn-north-1', code: 'BadRequestException', time: 2020-06-11T06:14:32.588Z, requestId: 'f6a1163f-6291-4c41-9e9e-fc612c10dba6', statusCode: 400, retryable: false, retryDelay: 40.66469435102611 }