aws-sam-cli
aws-sam-cli copied to clipboard
aws
Translator Wrapper defaults to `us-east-1` for SAR applications
This seems to be the same issue reported in #2065 and fixed in v1.27.2, as per comment https://github.com/aws/aws-sam-cli/issues/2065#issuecomment-886450375
However, we are seeing something very similar with the latest version v1.40.1.
Description:
sam package doesn't seem to replace the region when using FindInMap to specify the ApplicationId of a SAR Application.
Steps to reproduce:
Using a template like this:
Mappings:
ApplicationRegionMap:
eu-west-1:
apparn: arn:aws:serverlessrepo:eu-west-1:123456789012:applications/your-runner-application
us-east-1:
apparn: arn:aws:serverlessrepo:us-east-1:123456789012:applications/your-runner-application
us-west-2:
apparn: arn:aws:serverlessrepo:us-west-2:123456789012:applications/your-runner-application
Resources:
YourSARApp:
Type: AWS::Serverless::Application
Properties:
Location:
ApplicationId:
!FindInMap [ApplicationRegionMap, !Ref "AWS::Region", apparn]
SemanticVersion: 0.0.1
Run sam package:
- sam package
--template "your-template.yaml"
--s3-bucket "${S3_BUCKET}"
--s3-prefix "My-Artifacts"
--output-template-file "mock-template-export.yaml"
Observed result:
When running this command in us-west-2, the command fails:
[Container] 2022/03/18 21:04:16 Running command sam package --template "mock-template.yaml" --s3-bucket "${S3_BUCKET}" --s3-prefix "My-Artifacts" --output-template-file "mock-template-export.yaml"
543 | 2022-03-18 21:04:17 Requesting to create CFN template arn:aws:serverlessrepo:us-east-1:123456789012:applications/your-runner-application/0.0.1 in serverless application repo...
544 | Traceback (most recent call last):
545 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/samlib/wrapper.py", line 68, in run_plugins
546 | parser.parse(template_copy, all_plugins) # parse() will run all configured plugins
547 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/samlib/wrapper.py", line 102, in parse
548 | raise InvalidDocumentException(document_errors)
549 | samtranslator.model.exceptions.InvalidDocumentException: [InvalidResourceException('SafeDeploymentsTenantManagementNewmanRunner', 'User: arn:aws:sts::123456789012:assumed-role/######################/AWSCodeBuild-######## is not authorized to perform: serverlessrepo:CreateCloudFormationTemplate on resource: arn:aws:serverlessrepo:us-east-1:123456789012:applications/your-runner-application')]
550 |
551 | The above exception was the direct cause of the following exception:
552 |
553 | Traceback (most recent call last):
554 | File "/root/.pyenv/versions/3.8.10/bin/sam", line 8, in <module>
555 | sys.exit(cli())
556 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/click/core.py", line 829, in __call__
557 | return self.main(*args, **kwargs)
558 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/click/core.py", line 782, in main
559 | rv = self.invoke(ctx)
560 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/click/core.py", line 1259, in invoke
561 | return _process_result(sub_ctx.command.invoke(sub_ctx))
562 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/click/core.py", line 1066, in invoke
563 | return ctx.invoke(self.callback, **ctx.params)
564 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/click/core.py", line 610, in invoke
565 | return callback(*args, **kwargs)
566 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/cli_validation/image_repository_validation.py", line 92, in wrapped
567 | return func(*args, **kwargs)
568 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/click/decorators.py", line 73, in new_func
569 | return ctx.invoke(f, obj, *args, **kwargs)
570 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/click/core.py", line 610, in invoke
571 | return callback(*args, **kwargs)
572 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/telemetry/metric.py", line 166, in wrapped
573 | raise exception # pylint: disable=raising-bad-type
574 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/telemetry/metric.py", line 124, in wrapped
575 | return_value = func(*args, **kwargs)
576 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/utils/version_checker.py", line 41, in wrapped
577 | actual_result = func(*args, **kwargs)
578 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/telemetry/metric.py", line 88, in wrapped
579 | return func(*args, **kwargs)
580 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/cli/main.py", line 87, in wrapper
581 | return func(*args, **kwargs)
582 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/commands/_utils/cdk_support_decorators.py", line 38, in wrapped
583 | return func(*args, **kwargs)
584 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/commands/package/command.py", line 109, in cli
585 | do_cli(
586 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/commands/package/command.py", line 173, in do_cli
587 | package_context.run()
588 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/commands/package/package_context.py", line 102, in run
589 | stacks, _ = SamLocalStackProvider.get_stacks(
590 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/providers/sam_stack_provider.py", line 242, in get_stacks
591 | current = SamLocalStackProvider(
592 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/providers/sam_stack_provider.py", line 51, in __init__
593 | self._template_dict = self.get_template(
594 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/providers/sam_base_provider.py", line 189, in get_template
595 | template_dict = SamTranslatorWrapper(template_dict, parameter_values=parameters_values).run_plugins()
596 | File "/root/.pyenv/versions/3.8.10/lib/python3.8/site-packages/samcli/lib/samlib/wrapper.py", line 70, in run_plugins
597 | raise InvalidSamDocumentException(
598 | samcli.commands.validate.lib.exceptions.InvalidSamDocumentException: [InvalidResourceException('SafeDeploymentsTenantManagementNewmanRunner', 'User: arn:aws:sts::123456789012:assumed-role/######################/AWSCodeBuild-############# is not authorized to perform: serverlessrepo:CreateCloudFormationTemplate on resource: arn:aws:serverlessrepo:us-east-1:123456789012:applications/your-runner-application')] ('SafeDeploymentsTenantManagementNewmanRunner', 'User: arn:aws:sts::123456789012:assumed-role/##################/AWSCodeBuild-########### is not authorized to perform: serverlessrepo:CreateCloudFormationTemplate on resource: arn:aws:serverlessrepo:us-east-1:123456789012:applications/your-runner-application')
because it's trying to create the resource using the app in us-east-1, which is not the region where this instance of CodeBuild is running.
Expected result:
When running in a region different from us-east-1, I would expect the translator wrapper to resolve the region correctly. I would expect my command to try to use the app in us-west-2,
Additional environment details (Ex: Windows, Mac, Amazon Linux etc)
- OS:
aws/codebuild/amazonlinux2-x86_64-standard:3.0 -
sam --version: 1.40.1 - AWS region: us-west-2
Let me know if you need any further details.
Thanks!
Thanks for reaching out to us! Please allow us some time to start investigation on this so that we can assist you!
I've found a workaround for this by explicitly providing the region as a parameter from the command line when running package. So my command would be
- sam package
--template "your-template.yaml"
--s3-bucket "${S3_BUCKET}"
--s3-prefix "My-Artifacts"
--output-template-file "mock-template-export.yaml"
--region "${AWS_REGION}"
