copilot-cli icon indicating copy to clipboard operation
copilot-cli copied to clipboard
verified publisher icon aws

[Bug]: Cannot deploy App Runner with Storage add on

Open nitzan-frock opened this issue 1 year ago • 0 comments

Description:

Deploying a service in a new env with an Aurora postgres storage add on fails.

ValidationError: Template error: instance of Fn::GetAtt references undefined resource ServiceSecurityGroup

Details:

Copilot Version: 1.34.0 built for darwin

Observed result:

# copilot/server/manifest.yml
name: server
type: Request-Driven Web Service

image:
  port: 8000
  build:
    context: .
    dockerfile: containers/Dockerfile

https:
  healthcheck:
    path: /
    interval: 5s
    timeout: 2s

cpu: 1024
memory: 2048

observability:
  tracing: awsxray

secrets: # Pass secrets from AWS Systems Manager (SSM) Parameter Store and Secrets Manager.
  DB_SECRET:
    from_cfn: ${COPILOT_APPLICATION_NAME}-${COPILOT_ENVIRONMENT_NAME}-serverclusterAuroraSecret

environments:
  dev:
    variables:
      APP_ENV: dev
    image:
      build:
        target: dev

# copilot/server/addons/addons.parameters.yml
Parameters:
  ServiceSecurityGroupId: !GetAtt ServiceSecurityGroup.GroupId

# copilot/server/addons/server-cluster-ingress.yml

# likely relevant section to error
Resources:
  serverclusterClusterSecurityGroupIngressFromWorkload:
    Type: AWS::EC2::SecurityGroupIngress
    Properties:
      Description: !Sub Ingress from workload ${Name}.
      ToPort: 5432
      FromPort: 5432
      GroupId:
        Fn::ImportValue: !Sub "${App}-${Env}-serverclusterDBClusterSecurityGroup"
      IpProtocol: tcp
      SourceSecurityGroupId: !Ref ServiceSecurityGroupId

> copilot svc deploy -n server -e dev
✘ Proposing infrastructure changes for stack across-dev-server
✘ deploy service server to environment dev: deploy service: check if changeset is empty: create change set copilot-e89eab5a-d627-469f-998e-2c3ff603a47b for stack across-dev-server: ValidationError: Template error: instance of Fn::GetAtt references undefined resource ServiceSecurityGroup
        status code: 400, request id: 8223f634-ca20-471d-bd4c-fb05e90dce64: describe change set copilot-e89eab5a-d627-469f-998e-2c3ff603a47b for stack across-dev-server: ValidationError: Stack [across-dev-server] does not exist
        status code: 400, request id: 306e66b1-1da6-4abd-94fb-c2f18d67f484: describe stack: describe stack events for stack across-dev-server: ValidationError: Stack [across-dev-server] does not exist
        status code: 400, request id: 3c65fdca-53be-4b3e-9219-56103ab80662

Expected result:

The service should deploy successfully when it is being created in the environment or being updated.

Debugging:

  1. copilot env init -n dev
  2. copilot env deploy -n dev
  3. copilot svc init -n server -e dev
  4. copilot storage init -n server-cluster -t Aurora -w server --engine PostgreSQL --initial-db my_db -l environment.
  5. copilot svc deploy -n server -e dev

I've attempted to reset the entire application, I've tried creating new environments, I've looked at all the docs for usage on storage, services and environments.

nitzan-frock avatar Feb 10 '25 23:02 nitzan-frock