amazon-genomics-cli
amazon-genomics-cli copied to clipboard
agc account activate fail to create VPC in China region
Try running agc account activate
without specifying custom --vpc
results the following error:
2022-05-22T22:49:10-06:00 ✘ Agc-Core | 10:47:18 PM | CREATE_FAILED | AWS::EC2::VPCEndpoint | Vpc/AgcEcrDkrEndpoint (VpcAgcEcrDkrEndpointXXXXXXXX) The Vpc Endpoint Service 'com.amazonaws.cn-northwest-1.ecr.dkr' does not exist (Service: AmazonEC2; Status Code: 400; Error Code: InvalidServiceName; Request ID: xxxxxxxx; Proxy: null)
I guess this is related to the version of CDK bundled with amazon-genomics-cli. See https://github.com/aws/aws-cdk/issues/9864
AGC Version: 1.4.0
One other error which is related to agc context deploy
(after creating and using a custom cromwell ECR mirror):
Partition "aws" is not valid for resource "arn:aws:ecr:cn-northwest-1:<account_id>:repository/aws/cromwell-mirror".
(Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: xxx; Proxy: null)
Hi @Marlin-Na ,
Amazon Genomics CLI is not officially supported in AWS China regions. It is something we are evaluating for a future release based on customer feedback.
Per your individual errors:
When agc
creates a VPC on its own (the default), it will also create a few VPC endpoints to help reduce costs by reducing traffic through the NAT Gateway - e.g. one for S3 and another for DynamoDB. As the issue you've identified is upstream in the CDK we'd need to wait for it to be resolved there before it can be fixed in agc
.
Can you describe how you are creating a custom Cromwell mirror? It looks like the partition is incorrect for pulling a container from an ECR registry in cn-northwest-1
.
Thanks for your response. I understand it is not supported yet, but want to report the errors anyway to see if that can help you (in future) when you plan to support the China regions.
For the custom cromwell mirror, I am setting it up in the same account and China region where I deploy the AGC, according to #461. Then I use environment variables (ECR_CROMWELL_ACCOUNT_ID
, ECR_CROMWELL_REGION
and ECR_CROMWELL_TAG
) to indicate the image location. I guess the error is probably because the partition aws
is hardcoded somewhere in the code while the actual partition should be aws-cn
, which is understandable since you haven't considered that use case.
Hi @Marlin-Na, you may also need to ensure the repository name is aws/cromwell-mirror
, however if that is what you are using then it could be that CDK is not looking up the container as expected.
@markjschreiber Yes, I was using aws/cromwell-mirror
as the repository name.