`jets deploy` fails on a newly created project which uses VPC
yamamoto40 opened this issue · comments
Checklist
- Upgrade Jets: Are you using the latest version of Jets? This allows Jets to fix issues fast. There's a
jets upgradecommand that makes this a simple task. There's also an Upgrading Guide: http://rubyonjets.com/docs/upgrading/ - Reproducibility: Are you reporting a bug others will be able to reproduce and not asking a question. If you're unsure or want to ask a question, do so on https://community.boltops.com
- Code sample: Have you put together a code sample to reproduce the issue and make it available? Code samples help speed up fixes dramatically. If it's an easily reproducible issue, then code samples are not needed. If you're unsure, please include a code sample.
My Environment
| Software | Version |
|---|---|
| Operating System | Amazon Linux 2 |
| Jets | 4.0.3 |
| Ruby | 3.2.2 |
Expected Behaviour
jets deploy to success.
Current Behavior
jets deploy fails with the error:
12:11:24AM UPDATE_IN_PROGRESS AWS::CloudFormation::Stack test-jets-api-dev User Initiated
12:11:27AM CREATE_IN_PROGRESS AWS::CloudFormation::Stack ApiGateway
12:11:27AM CREATE_IN_PROGRESS AWS::Lambda::LayerVersion GemLayer
12:11:27AM CREATE_IN_PROGRESS AWS::IAM::Role IamRole
12:11:28AM CREATE_IN_PROGRESS AWS::IAM::Role IamRole Resource creation Initiated
12:11:28AM CREATE_IN_PROGRESS AWS::CloudFormation::Stack ApiGateway Resource creation Initiated
12:11:37AM CREATE_IN_PROGRESS AWS::Lambda::LayerVersion GemLayer Resource creation Initiated
12:11:37AM CREATE_COMPLETE AWS::Lambda::LayerVersion GemLayer
12:11:38AM CREATE_COMPLETE AWS::CloudFormation::Stack ApiGateway
12:11:39AM CREATE_IN_PROGRESS AWS::CloudFormation::Stack ApiResources1
12:11:40AM CREATE_IN_PROGRESS AWS::CloudFormation::Stack ApiResources1 Resource creation Initiated
12:11:43AM CREATE_COMPLETE AWS::IAM::Role IamRole
12:11:44AM CREATE_IN_PROGRESS AWS::IAM::Policy IamPolicy
12:11:44AM CREATE_IN_PROGRESS AWS::CloudFormation::Stack JetsPreheatJob
12:11:45AM CREATE_IN_PROGRESS AWS::CloudFormation::Stack JetsPreheatJob Resource creation Initiated
12:11:46AM CREATE_IN_PROGRESS AWS::IAM::Policy IamPolicy Resource creation Initiated
12:11:50AM CREATE_COMPLETE AWS::CloudFormation::Stack ApiResources1
12:11:51AM CREATE_IN_PROGRESS AWS::CloudFormation::Stack JetsPublicController
12:11:52AM CREATE_IN_PROGRESS AWS::CloudFormation::Stack JetsPublicController Resource creation Initiated
12:12:02AM CREATE_COMPLETE AWS::IAM::Policy IamPolicy
12:12:02AM CREATE_FAILED AWS::CloudFormation::Stack JetsPublicController Embedded stack arn:aws:cloudformation:ap-northeast-1:xxxxxxxxxxxx:stack/test-jets-api-dev-JetsPublicController-xxxxxxxxxxxxx/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx was not successfully created: The following resource(s) failed to create: [ShowLambdaFunction].
12:12:02AM CREATE_FAILED AWS::CloudFormation::Stack JetsPreheatJob Resource creation cancelled
12:12:03AM UPDATE_ROLLBACK_IN_PROGRESS AWS::CloudFormation::Stack test-jets-api-dev The following resource(s) failed to create: [JetsPublicController, JetsPreheatJob].
12:12:06AM UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS AWS::CloudFormation::Stack test-jets-api-dev
12:12:07AM DELETE_IN_PROGRESS AWS::IAM::Policy IamPolicy
12:12:07AM DELETE_IN_PROGRESS AWS::CloudFormation::Stack JetsPreheatJob
12:12:07AM DELETE_IN_PROGRESS AWS::CloudFormation::Stack JetsPublicController
12:12:08AM DELETE_COMPLETE AWS::IAM::Policy IamPolicy
12:12:18AM DELETE_COMPLETE AWS::CloudFormation::Stack JetsPublicController
12:12:18AM DELETE_IN_PROGRESS AWS::CloudFormation::Stack ApiResources1
12:12:29AM DELETE_COMPLETE AWS::CloudFormation::Stack JetsPreheatJob
12:12:29AM DELETE_COMPLETE AWS::CloudFormation::Stack ApiResources1
12:12:29AM DELETE_IN_PROGRESS AWS::IAM::Role IamRole
12:12:30AM DELETE_IN_PROGRESS AWS::Lambda::LayerVersion GemLayer
12:12:30AM DELETE_IN_PROGRESS AWS::CloudFormation::Stack ApiGateway
12:12:31AM DELETE_COMPLETE AWS::Lambda::LayerVersion GemLayer
12:12:31AM DELETE_COMPLETE AWS::IAM::Role IamRole
12:12:40AM DELETE_COMPLETE AWS::CloudFormation::Stack ApiGateway
12:12:41AM UPDATE_ROLLBACK_COMPLETE AWS::CloudFormation::Stack test-jets-api-dev
Stack rolled back: UPDATE_ROLLBACK_COMPLETE
Time took: 1m 16s
The Jets application failed to deploy. Jets creates a few CloudFormation stacks to deploy your application.
The logs above show the CloudFormation parent stack events and points to the stack with the error.
Please go to the CloudFormation console and look for the specific stack with the error.
The specific child stack usually shows more detailed information and can be used to resolve the issue.
Example of checking the CloudFormation console: https://rubyonjets.com/docs/debugging/cloudformation/
Step-by-step reproduction instructions
- Create a new api project.
jets new test-jets-api --mode api - Configure the project to use VPC. (see: https://rubyonjets.com/docs/considerations/vpc/)
- Deploy the project.
AWS_REGION=ap-northeast-1 jets deploy
Code Sample
Solution Suggestion
The cause of the error is that the role lacks CreateNetworkInterface permission:
"The provided execution role does not have permissions to call CreateNetworkInterface on EC2" (from CloudTrail event log of CreateFunction20150331)
This may be a timing issue.
The IAM Policy is not attached to the IAM Role when the IAM Role is created. So subsequent resource creations were failed.
(IAM Role and its policy was separated from this commit 8f960ef)
I resolved this issue by adding DependsOn: IamPolicy for every resource that requires IAMRole to the CloudFormation files(parent stack and child stack).
But it also breaks Prewarming functionalities...
Thanks for the detailed report. Fixed in #662