CI/CD pipeline for AWS CloudFormation templates Quick Start
Home Page: https://aws-quickstart.github.io/quickstart-taskcat-ci/
License: Apache License 2.0
We will archive this repository and keep it publicly available until May 1, 2024.
Allow user to create pipeline and use existing IAM role, instead of creating new one as part of the stack.
The deployment guide still pointing to older version of cloud formation which deploys old version of taskcat https://aws-quickstart.s3.amazonaws.com/quickstart-taskcat-ci/templates/pipeline.template
Kindly update the deployment guide.
After deploying the cloudformation stack and pushing the first commit , the build sequence fails due to a TaskCat error:
[Container] 2021/03/28 09:42:17 Running command taskcat test run -l
[WARN ] : failed to load config from /codebuild/output/src591324003/MyCV/.taskcat.yml
[ERROR ] : FileNotFoundError [Errno 2] No such file or directory: '/codebuild/output/src591324003/MyCV/.taskcat.yml'
[Container] 2021/03/28 09:42:19 Command did not exit successfully taskcat test run -l exit status 1
[Container] 2021/03/28 09:42:19 Running command ls -1 taskcat_outputsls: cannot access taskcat_outputs: No such file or directory
[Container] 2021/03/28 09:42:19 Command did not exit successfully ls -1 taskcat_outputs exit status 2
[Container] 2021/03/28 09:42:19 Phase complete: BUILD State: FAILED
[Container] 2021/03/28 09:42:19 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: ls -1 taskcat_outputs. Reason: exit status 2
It seems the taskcat_outputs are not generated. The cf template is being filled with the correct parameters. Could you point me to
a possible solution?
Hello,
The buildspec.yml file contains a hardcoded entry on line 26:
git checkout -ft origin/develop
I believe this should use the SourceRepoBranch parameter of the Cloudformation template, otherwise I would need to ensure that my repo's branch is develop.
Darko
This section of code is causing the following error in my testing. Removing it cause the tests to succeed and I'm unable to find a drawback of removing it.
| 1674333373785 | [Container] 2023/01/21 20:36:11 Running command git checkout --force --track origin/$SOURCE_BRANCH |
| 1674333373785 | Switched to a new branch 'develop' |
| 1674333373785 | branch 'develop' set up to track 'origin/develop'. |
| 1674333373785 | |
| 1674333373785 | [Container] 2023/01/21 20:36:11 Running command git config -f .gitmodules --get-regexp '^submodule\..*\.path$' | |
| 1674333373785 | while read path_key path |
| 1674333373785 | do |
| 1674333373785 | url_key=$(echo $path_key | sed 's/\.path/.url/') |
| 1674333373785 | url=$(git config -f .gitmodules --get "$url_key") |
| 1674333373785 | git submodule add $url $path |
| 1674333373785 | done |
| 1674333373785 | |
| 1674333373785 | fatal: 'submodules/quickstart-aws-vpc' already exists in the index |
| 1674333373785 | fatal: 'submodules/quickstart-linux-bastion' already exists in the index |
| 1674333373785 | |
| 1674333373785 | [Container] 2023/01/21 20:36:11 Command did not exit successfully git config -f .gitmodules --get-regexp '^submodule\..*\.path$' | |
| 1674333373785 | while read path_key path |
| 1674333373785 | do |
| 1674333373785 | url_key=$(echo $path_key | sed 's/\.path/.url/') |
| 1674333373785 | url=$(git config -f .gitmodules --get "$url_key") |
| 1674333373785 | git submodule add $url $path |
| 1674333373785 | done |
| 1674333373785 | exit status 128 |
| 1674333373785 | [Container] 2023/01/21 20:36:11 Phase complete: PRE_BUILD State: FAILED |
| 1674333373785 | [Container] 2023/01/21 20:36:11 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: git config -f .gitmodules --get-regexp '^submodule\..*\.path$' | |
| 1674333373785 | while read path_key path |
| 1674333373785 | do |
| 1674333373785 | url_key=$(echo $path_key | sed 's/\.path/.url/') |
| 1674333373785 | url=$(git config -f .gitmodules --get "$url_key") |
| 1674333373785 | git submodule add $url $path |
| 1674333373785 | done |
| 1674333373785 | . Reason: exit status 128
Currently, pipeline resource is created in the master template. Idea is to separate the pipeline resource into a separate template to provide flexibility and better structuring.
for page in result:
try:
for k in page['Contents']:
objects.append({'Key': k['Key']})
print('deleting objects')
client.delete_objects(Bucket=bucket, Delete={'Objects': objects})
objects = []
except Exception as e:
logging.error('Exception deleting objects from bucket: %s' % e)
pass
print('bucket empty')It is conceivable here to have an exception, thus an object is not deleted. However, the function will report "bucket empty" even if an exception occurs.
A similar issue exists for the delete_versionedobjects function.
delete_versionedobjects function:
for page in result:
try:
for k in page['Versions']:
objects.append({'Key': k['Key'], 'VersionId': k['VersionId']})
try:
for k in page['DeleteMarkers']:
version = k['VersionId']
key = k['Key']
objects.append({'Key': key, 'VersionId': version})
except Exception as e:
# Note that I don't believe an exception can be thrown, so
# this code should never execute. Leaving it here in case I
# am wrong
logging.error('Exception assembling delete markers: %s' % e)
pass
print('deleting objects')
client.delete_objects(Bucket=bucket, Delete={'Objects': objects})
# objects = []
except Exception as e:
logging.error('Exception deleting versioned objects: %s' % e)
pass
print('bucket empty')Since last weeks commands in PREBUILD phase doesn't succeed.
The error happens when aws cli configure is called. It breaks when it tries to import docevents inside botocore library.
from botocore.docs.bcdoc import docevents
ImportError: cannot import name 'docevents'
The error is known for some aws cli version.
aws-solutions/aws-control-tower-customizations#34
A sufficient workaround could be using latest aws cli version.
aws-solutions/aws-control-tower-customizations#34 (comment)
You will find more details in the logs:
log-events-viewer-result_csv.log
I wanted to use this quickstart template 2 times in parallel at 1 account. There where 2 problems.
FunctionName: Git_Merge2020-10-16 10:18:43 UTC+0200 | GitMergeLambda | CREATE_IN_PROGRESS | -
2020-10-16 10:18:43 UTC+0200 | GitMergeLambda | CREATE_FAILED | Git_Merge already exists in stack arn:aws:cloudformation:us-east-1:1234567890:stack/gh-ssm-tunnel-workshop/46eb5680-0dfc-11eb-8d83-0acbfa2a24c9
GITHUBTOKENI am getting below error please help !
Embedded stack arn:aws:cloudformation:us-east-1:790982781160:stack/test-CopyLambdasStack-L59QQULCDQBN/adf67e50-f8be-11ec-b4b0-0ebca9b9add5 was not successfully created: The following resource(s) failed to create: [CopyObjectsFunction, CleanUpS3BucketFunction].
I am trying to follow workshop https://workshop.quickstart.awspartner.com/
Pipeline fails on the Deploy Stage. The Lambda merge code Git_Merge expects the GitHub token to be in the SSM Parameter Store in us-east-1
ssm = boto3.client('ssm', region_name='us-east-1')
code_pipeline = boto3.client('codepipeline')
…
# Get github token from parameter store
github_token = get_ssm_parameter('GITHUBTOKEN')
Temporary workaround:
Manually create the parameter in us-east-1
Proposed solution:
CloudFormation to create the expected parameter via the Quick Start stack in the same region
Allow using existing lambda function with pipeline
Not sure if this is the right place to report the problem, but when I try to deploy the QuickStart: CI/CD Pipeline for AWS CloudFormation Templates on the AWS Cloud Using AWS TaskCat, I get the following error:
S3 error: The specified key does not exist. For more information check http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html
It seems this S3 URL is broken, which is the one that gets auto populated when I try to launch this Quick Start
Error when deploying the cloudformation stack:
I get error with cloudformation stack deployment : "S3 error: Access Denied: bucket you are attempting to access must be addressed using the specified endpoint." But I'm using admin user when deploying the stack (so it's should not be an issue with role & permission on local bucket access).
Add support for recursive cloning
Hello,
while deploying your solution, customer run into the errors. Particularly when deploying nested stack CICD-TaskCat-CopyLambdasStack
I have noticed that the source code in your S3 bucket is still using Python runtime 2.7, which has been now deprecated.
See the cfn log for two lambda functions in question:
# CleanUpS3BucketFunction
Resource handler returned message: "The runtime parameter of python2.7 is no longer supported for creating or updating AWS Lambda functions. We recommend you use the new runtime (python3.9) while creating or updating functions. (Service: Lambda, Status Code: 400,{...}
# CopyObjectsFunction
Resource handler returned message: "The runtime parameter of python2.7 is no longer supported for creating or updating AWS Lambda functions. We recommend you use the new runtime (python3.9) while creating or updating functions. (Service: Lambda, Status Code: 400, {...}
Workaround:
Clone the repository and upload to own S3 bucket
Fix:
Please trigger the build at your backend to update the templates in your QS S3 buckets.
Currently this Quick Start makes use of taskcat release 0.8.36.
Modernise the Quick Start to us taskcat v9
Status reason is :
Embedded stack arn:aws:cloudformation:ap-southeast-1:499316192974:stack/morning-cognito-cicd-CopyLambdasStack-ZSXGPBKSQ43F/ba526200-52de-11ea-b12a-020de04cec9a was not successfully created: The following resource(s) failed to create: [S3CleanUpRole, LambdaZipsBucket].
Before launching the stack, do I need to copy "copy-lambdas.template" to an s3 bucket of mine?
when trigger the code build automatically, the error happened.
regarding the document , I am sure complete the whole configure, and setting the github secret.
I recently tried this quick start template for creating the CI/CD pipeline and faced issue which described here.
version 0.9.17
--
353 |
354 | ·[0;30;43m[WARN ] : A newer version of taskcat is available (0.9.20)
355 | ·[0;30;47m[INFO ] : To upgrade pip version ·[0;30;47m[ pip install --upgrade taskcat]
356 | ·[0;30;47m[INFO ] : To upgrade docker version ·[0;30;47m[ docker pull taskcat/taskcat ]
357 |
358 | ·[0;30;41m[ERROR ] : ValidationError None is not of type 'object'
359 |
360 | Failed validating 'type' in schema:
Same error also with version 0.9.20
Reference commit: 71b8850
In local testing, we can specify global parameters (e.g. KeyPairName, S3QuickStart bucket name) in our local home folder .taskcat.yml.
How do we specify global parameters/config when it is running in CodeBuild?
1 validation error detected: Value at 'pipeline.stages.1.member.actions.1.member.configuration' failed to satisfy constraint: Map value must satisfy constraint: [Member must have length less than or equal to 50000, Member must have length greater than or equal to 1]
copylambda function is using python 2.7 handler which is not a supported runtime
Here is the URL that is invoke - it is my own public repo.
https://api.github.com:443 "POST /repos/vennemp/cloudformation-cicd/merges HTTP/1.1" 403 None
403 Client Error: Forbidden for url: https://api.github.com/repos/vennemp/cloudformation-cicd/merges
The token used has admin:repo_webhook permissions (read and write).
Lambda no longer supports Python 2.7 so the CopyLambdasStack fails to deploy
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.