agc context deploy fail for regions in China

[Marlin-Na]

I am playing with amazon-genomics-cli but found agc context deploy does not work for an AWS account in a China region (cn-northwest-1).

agc context deploy myContext                                                                                           
2022-05-22T05:51:44-06:00 𝒊  Deploying context(s)
2022-05-22T05:51:52-06:00 ✘  Failed to deploy context 'myContext'. Below is the log for that deployment
2022-05-22T05:51:52-06:00 ✘   error="1 context deployment failures"
Error: an error occurred invoking 'context deploy'
with variables: {contexts:[] deployAll:false}
caused by: 1 context deployment failures
suggestion: To resolve failure 1, determine the cause of: operation error ECR: ListImages, https response error StatusCode: 400, RequestID: xxx, api error AccessDeniedException: User: arn:aws-cn:iam::<myaccountid>:user/<myusername> is not authorized to perform: ecr:ListImages on resource: arn:aws-cn:ecr:cn-northwest-1:680431765560:repository/aws/cromwell-mirror because no resource-based policy allows the ecr:ListImages action

It looks like that it tries to pull image from a mirror arn:aws-cn:ecr:cn-northwest-1:680431765560:repository/aws/cromwell-mirror in that region, but the mirror may not really exist.

Related: #141 AGC Version: 1.4.0

[markjschreiber]

Hi Marlin, currently the containers used by AGC are only distributed to the aws partition. We don't yet support additional partitions such as aws-cn or aws-us-gov.

One work around would be to change the region if your profile to a nearby AWS region. Alternatively, you could pull the container, retag it and then load it to an ECR repository in your account. Having done this you would then need to set environment variables to point to this image.

export ECR_CROMWELL_ACCOUNT_ID=<some-value>
export ECR_CROMWELL_REGION=<some-value>
export ECR_CROMWELL_TAG=<some-value>

[Marlin-Na]

Thank you for the quick response! I will try to set up my own ECR mirror for cromwell.