Following pipelines readme to set up a deployment pipeline, I ran
$ env CDK_NEW_BOOTSTRAP=1 npx cdk bootstrap \
--cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess \
aws://[ACCOUNT_ID]/us-west-2
to create the necessary roles. I would assume the roles would automatically add sts assume role permissions from my account principle. However, when I run cdk deploy I get the following warning
current credentials could not be used to assume
'arn:aws:iam::[ACCOUNT_ID]:role/cdk-hnb659fds-file-publishing-role-[ACCOUNT_ID]-us-west-2',
but are for the right account. Proceeding anyway.
I have root credentials in ~/.aws/credentials.
Looking at the deploy role policy, I don't see any sts permissions. What am I missing?
You will need to add permission to assume the role to the credentials from which you are trying to execute cdk deploy
{
"Sid": "assumerole",
"Effect": "Allow",
"Action": [
"sts:AssumeRole",
"iam:PassRole"
],
"Resource": [
"arn:aws-cn:iam::*:role/cdk-readOnlyRole",
"arn:aws-cn:iam::*:role/cdk-hnb659fds-deploy-role-*",
"arn:aws-cn:iam::*:role/cdk-hnb659fds-file-publishing-*"
]
}
First thing you need to do is enabling the verbose mode to see what is actually happenning.
cdk deploy --verbose
If you see similar message below. Continue with step 2. Otherwise, you need to address the problem by understanding the error message.
Could not assume role in target account using current credentials User: arn:aws:iam::XXX068599XXX:user/cdk-access is not authorized to perform: sts
:AssumeRole on resource: arn:aws:iam::XXX068599XXX:role/cdk-hnb659fds-deploy-role-XXX068599XXX-us-east-2 . Please make sure that this role exists i
n the account. If it doesn't exist, (re)-bootstrap the environment with the right '--trust', using the latest version of the CDK CLI.
Check S3 buckets related to CDK and CloudFormation stacks from AWS Console. Delete them manually.
Enable the new style bootstrapping by one of the method mentioned here
Bootstrap the stack using below command. Then it should create all required roles automatically.
cdk bootstrap --trust=ACCOUNT_ID --cloudformation-execution-policies=arn:aws:iam::aws:policy/AdministratorAccess --verbose
NOTE: If you are working with docker image assets, make sure you have setup your repository before you deploy. New style bootstrapping does not create the repos automatically for you as mentioned in this comment.
This may be of use to somebody... The issue could be a mismatch of regions. I spotted it in verbose mode - the roles were created for us-east-1 but I had specified eu-west-2 in the bootstrap. For some reason it had not worked. The solution was to set the region (by adding AWS_REGION=eu-west-2 before the cdk deploy command).
I ran into a similar error. The critical part of my error was
failed: Error: SSM parameter /cdk-bootstrap/<>/version not found.
I had to re-run using the new bootstrap method that creates the SSM parameter. To run the new bootstrap method first set CDK_NEW_BOOTSTRAP via export CDK_NEW_BOOTSTRAP=1
Don't forget to run cdk bootstrap with those credentials against your account [ACCOUNT_ID].
For me, the problem was that I was using expired credentials. I was trying to use temporary credentials from AWS SSO, which were expired. The problem was that the error message is misleading: it says
current credentials could not be used to assume 'arn:aws:iam::123456789012:role/cdk-xxx999xxx-deploy-role-123456789012-us-east-1', but are for the right account. Proceeding anyway.
(To get rid of this warning, please upgrade to bootstrap version >= 8)
However, applying the --verbose flag as suggested above showed the real problem:
Assuming role 'arn:aws:iam::123456789012:role/cdk-xxx999xxx-deploy-role-123456789012-us-east-1'.
Assuming role failed: The security token included in the request is expired
Could not assume role in target account using current credentials The security token included in the request is expired . Please make sure that this role exists in the account. If it doesn't exist, (re)-bootstrap the environment with the right '--trust', using the latest version of the CDK CLI.
Getting the latest SSO credentials fixed the problem.
After deploying with --verbose I could see it was a clock issue in my case:
Assuming role failed: Signature expired: 20220428T191847Z is now earlier than 20220428T192528Z (20220428T194028Z - 15 min.)
I resolve the clock issue on ubuntu using:
sudo ntpdate ntp.ubuntu.com
which then resolves the cdk issue.
Good evening.
I have set up Spring Cloud Dataflow 2.7.0-SNAPSHOT to run spring batch's tasks in Openshift.
I registered an app, using a valid docker path, and created a task using this app.
When I execute the task from SCDF dashboard using an specific platform from the drop-down , the task gets properly executed on Openshift.
When I access the task execution screen, I click the button "View Logs", and I get the following error on screen:
"Log could not be retrieved. Verify that deployments are still available."
In SCDF log file I get:
2020-09-15 14:12:16.546 WARN 7 --- [nio-9376-exec-1] .s.c.d.s.s.i.DefaultTaskExecutionService : Failed to retrieve the log, returning verification message.
java.lang.IllegalStateException: No Launcher found for the platform named 'default'. Available platform names are [platform-test, platform-dev]
at org.springframework.cloud.dataflow.server.service.impl.DefaultTaskExecutionService.findTaskLauncher(DefaultTaskExecutionService.java:683)
at org.springframework.cloud.dataflow.server.service.impl.DefaultTaskExecutionService.getLog(DefaultTaskExecutionService.java:605)
I have seen that REST API endpoint(http://localhost:9393/tasks/logs/<external_exec_id>?platformName=platform-dev) to get the log works properly, but, from dashboard we are invoking http://localhost:9393/tasks/logs/<external_exec_id>, not including platformName.
should I configure anything, or add any attribute to the task execution to make this work, or is this a bug?
Thanks and regards.
I have a project which uses Grails 3 on Intellij IDE. When I run my project I get my URL like this:
Now I want to run by project at http://localhost:8080/login/auth where I have a login page.
I tried changing server Context path and urlMapping. But both didn't work. I am using Spring Security Core-3 as authentication plugin.
Hi I have a deployd application that is working fine with its dashboard localhost:2403/dashboard
I want to utilise email with the app the deployd instructions state that I run npm install dpd-email
which creates a dpd-email directory in your app's node_modules directory.
To set up the emails ports etc
Before using the email resource, you must go to its Dashboard page and configure it.
Is this the apps dashboard as I can see no reference to email in localhost:2403/dashboard
or is there a seperate dashboard for dpd-email module ?
After installing the dpd-email module (npm install dpd-email), the dashboard should propose a new type a resource:
After adding this new resource, you can configure the module:
You can send emails by sending requests (see the readme of the module for more information)
I am trying to deploy the sample-app war file that comes with PushSDK.But was not able to deploy the application successfully.Steps followed till now
1) I was able to configure PushSDK.properties log4j.xmlbut didn't change value of ${sampleapp.appid} in sample-app-context.xml.
2)then made the war file using cmd
3) Deployed on the server.
during deployment an error was coming.
Invalid bean definition with name 'registerListeners' defined in class path resource [sample-app-context.xml]: Could not resolve placeholder 'sampleapp.appid'
Tried to register on link but was unsuccessful
I have just started down the path of using the Push SDK, but from what I've read I conclude that you need to get your development registration completed at least before you can run the sample code; unles you're using your own BES.