Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Amplify init fails in headless mode and configLevel=general on EC2 #11974

Closed
2 tasks done
vladimirjaric opened this issue Feb 10, 2023 · 7 comments
Closed
2 tasks done
Labels
duplicate If marked with duplicate, issue will be closed & original will be added for traceability feature-request Request a new feature platform-init Issues related to initializing a new Amplify project

Comments

@vladimirjaric
Copy link

How did you install the Amplify CLI?

curl

If applicable, what version of Node.js are you using?

No response

Amplify CLI Version

10.7.1

What operating system are you using?

Amazon Linux 2

Did you make any manual changes to the cloud resources managed by Amplify? Please describe the changes made.

No

Describe the bug

Running amplify init in headless mode and configLevel=general on an EC2 instance returns Failed to resolve AWS credentials with --yes flag.

If --yes parameter is removed, the following prompt is received:
? Initialize the project with the above configuration? Yes
? Select the authentication method you want to use: (Use arrow keys)
❯ AWS profile
AWS access keys

The command works ok on the same EC2 instance in headless mode when configLevel=project and useProfile=false, region, accessKeyId, and secretAccessKey are provided, as described in #9986 (comment)

The command also works ok on a local Ubuntu laptop in headless mode and configLevel=general when AWS credentials are obtained with aws sso login.

Here is the EC2 instance trace, running amplify init with and without the --yes flag:

[ssm-user@ip-<address> ~]$ curl -sL https://aws-amplify.github.io/amplify-cli/install | bash

 Installing the AWS Amplify CLI...

 Downloading binary...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100  186M  100  186M    0     0  6129k      0  0:00:31  0:00:31 --:--:-- 5048k
 Download complete!
 Extracting binary...
 Extraction complete!

Successfully installed the Amplify CLI.
Run 'amplify help' to get started!
[ssm-user@ip-<address> ~]$ amplify version
10.7.1
[ssm-user@ip-<address> ~]$ mkdir ampapp
[ssm-user@ip-<address> ~]$ cd ampapp/
[ssm-user@ip-<address> ampapp]$ amplify init --amplify "{\"projectName\":\"ampapp\",\"envName\":\"devel\",\"defaultEditor\":\"vscode\"}" --providers "{\"awscloudformation\":{\"configLevel\":\"general\"}}" --frontend "{\"frontend\":\"flutter\",\"config\":{\"ResDir\":\"./lib/\"}}" --yes
Note: It is recommended to run this command from the root of your app directory
The following configuration will be applied:

Project information
| Name: ampapp
| Environment: devel
| Default editor: Visual Studio Code
| App type: flutter
| Configuration file location: ./lib/

Failed to resolve AWS credentials with --yes flag.
Access keys for continuous integration can be configured with headless paramaters: https://docs.amplify.aws/cli/usage/headless
🛑 Cannot use 'in' operator to search for 'downstreamException' in Failed to resolve AWS credentials with --yes flag.

Resolution: Please report this issue at https://github.com/aws-amplify/amplify-cli/issues and include the project identifier from: 'amplify diagnose --send-report'
Learn more at: https://docs.amplify.aws/cli/project/troubleshooting/

Session Identifier: 35b4b1e9-eaa3-4804-bd37-cebdd81a31ff
[ssm-user@ip-<address> ampapp]$ amplify init --amplify "{\"projectName\":\"ampapp\",\"envName\":\"devel\",\"defaultEditor\":\"vscode\"}" --providers "{\"awscloudformation\":{\"configLevel\":\"general\"}}" --frontend "{\"frontend\":\"flutter\",\"config\":{\"ResDir\":\"./lib/\"}}"
Note: It is recommended to run this command from the root of your app directory
The following configuration will be applied:

Project information
| Name: ampapp
| Environment: devel
| Default editor: Visual Studio Code
| App type: flutter
| Configuration file location: ./lib/

? Initialize the project with the above configuration? Yes
? Select the authentication method you want to use: AWS profile
🛑 Missing region in config

Learn more at: https://docs.amplify.aws/cli/project/troubleshooting/

Session Identifier: 51ca6ab3-bb16-479b-b703-50a5992e619b

Expected behavior

Initialized provider successfully.
✅ Initialized your environment successfully.

Your project has been successfully initialized and connected to the cloud!

Reproduction steps

  1. Start a new EC2 instance with Amazon Linux 2
  2. Connect to the instance with AWS Session Manager
  3. Install amplify using curl -sL https://aws-amplify.github.io/amplify-cli/install | bash
  4. Run amplify init --amplify "{\"projectName\":\"ampapp\",\"envName\":\"devel\",\"defaultEditor\":\"vscode\"}" --providers "{\"awscloudformation\":{\"configLevel\":\"general\"}}" --frontend "{\"frontend\":\"flutter\",\"config\":{\"ResDir\":\"./lib/\"}}" --yes
  5. Receive error Failed to resolve AWS credentials with --yes flag.
  6. Run amplify init --amplify "{\"projectName\":\"ampapp\",\"envName\":\"devel\",\"defaultEditor\":\"vscode\"}" --providers "{\"awscloudformation\":{\"configLevel\":\"general\"}}" --frontend "{\"frontend\":\"flutter\",\"config\":{\"ResDir\":\"./lib/\"}}"
  7. Choose authentication method=AWS profile
  8. Receive error Missing region in config

Project Identifier

No response

Log output

# Put your logs below this line
2023-02-10T10:42:51.711Z|info : amplify plugin core scan
2023-02-10T10:42:51.756Z|info : amplify-cli-core.banner-message/index.ts.fetch banner messages from https://aws-amplify.github.io/amplify-cli/banner-message.json({}
2023-02-10T10:43:00.824Z|info : amplify version core
2023-02-10T10:44:18.567Z|info : amplify init core  [***]{"amplify":"{\"projectName\":\"[***]mp-[***]pp\",\"envName\":\"[***]el\",\"defaultEditor\":\"vscode\"}","providers":"{\"awscloudformation\":{\"configLevel\":\"general\"}}","frontend":"{\"frontend\":\"flutter\",\"config\":{\"ResDir\":\"./lib/\"}}","yes":true}
2023-02-10T10:44:18.614Z|info : amplify-cli-core.banner-message/index.ts.fetch banner messages from https://aws-amplify.github.io/amplify-cli/banner-message.json({}
2023-02-10T10:44:20.319Z|error : Cannot use 'in' operator to search for 'downstreamException' in Failed to resolve AWS credentials with --yes flag.
UnknownFault: Cannot use 'in' operator to search for 'downstreamException' in Failed to resolve AWS credentials with --yes flag.

Additional information

No response

Before submitting, please confirm:

  • I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.
  • I have removed any sensitive information from my code snippets and submission.
@vladimirjaric vladimirjaric added the pending-triage Issue is pending triage label Feb 10, 2023
@vladimirjaric vladimirjaric changed the title Amplify init fails in headless mode and configLevel=general on an AWS EC2 instance Amplify init fails in headless mode and configLevel=general on EC2 Feb 10, 2023
@ykethan
Copy link
Member

ykethan commented Feb 13, 2023

Hey @vladimirjaric, thank you for reaching out. Wanted to get some information. Currently, is the AWS profile in the credentials and config file set/named as default? (normally stored at ~/. aws/credentials and ~/.aws/config)
if no, could you try setting a AWS profile as default and retry the init with --yes. As the yes flag depends on the default profile.

@ykethan ykethan added pending-response Issue is pending response from the issue author platform-init Issues related to initializing a new Amplify project labels Feb 13, 2023
@vladimirjaric
Copy link
Author

Hi @ykethan, thank you for responding promptly. EC2 instance uses credentials from the IAM role rather than the ~/.aws folder. The ~/.aws folder is not there at all. This is what I get when I list the configuration:

[ssm-user@ip-<address> bin]$ aws configure list
      Name                    Value             Type    Location
      ----                    -----             ----    --------
   profile                <not set>             None    None
access_key     ****************5RGP         iam-role
secret_key     ****************QIne         iam-role
    region                <not set>             None    None

Let me know if you need any other info. Thanks

@github-actions github-actions bot removed the pending-response Issue is pending response from the issue author label Feb 14, 2023
@ykethan
Copy link
Member

ykethan commented Feb 14, 2023

Hey @vladimirjaric, interesting. I was able to reproduce the issue in Amazon Linux2 EC2 instance. To mitigate the issue, could you run amplify configure? then flow should be as follows. If you already have a Amplify user created you can just hit enter and input the access credentials.

amplify configure
Follow these steps to set up access to your AWS account:

Sign in to your AWS administrator account:
https://console.aws.amazon.com/
Press Enter to continue

Specify the AWS Region
? region:  us-east-1
Specify the username of the new IAM user:
? user name:  amplify-00gxJ
Complete the user creation using the AWS console
https://console.aws.amazon.com/iam/home?region=us-east-1#/users$new?step=final&accessKey&userNames=amplify-00gxJ&permissionType=policies&policies=arn:aws:iam::aws:policy%2FAdministratorAccess-Amplify
Press Enter to continue

Enter the access key of the newly created user:
? accessKeyId:  ****************
? secretAccessKey:  *****************
This would update/create the AWS Profile in your local machine
? Profile Name:  default

Successfully set up the new user.

Note: if you observe an error spawn xdg-open ENOENT you will need to run sudo yum -y install xdg-utils to install the utils.

After the user have been configure you can the run the headless command as posted with the --yes flag to create an application. I was able to successfully create an Amplify project as well.

amplify init --amplify "{\"projectName\":\"ampapp\",\"envName\":\"devel\",\"defaultEditor\":\"vscode\"}" --providers "{\"awscloudformation\":{\"configLevel\":\"general\"}}" --frontend "{\"frontend\":\"flutter\",\"config\":{\"ResDir\":\"./lib/\"}}" --yes
Note: It is recommended to run this command from the root of your app directory
The following configuration will be applied:

Project information
| Name: ampapp
| Environment: devel
| Default editor: Visual Studio Code
| App type: flutter
| Configuration file location: ./lib/

Adding backend environment devel to AWS Amplify app: <ID>

Deployment completed.
Deploying root stack ampapp [ ---------------------------------------- ] 0/4
        amplify-ampapp-devel-151516    AWS::CloudFormation::Stack     CREATE_IN_PROGRESS             Tue Feb 14 2023 15:15:17…     
        DeploymentBucket               AWS::S3::Bucket                CREATE_IN_PROGRESS             Tue Feb 14 2023 15:15:21…     
        UnauthRole                     AWS::IAM::Role                 CREATE_IN_PROGRESS             Tue Feb 14 2023 15:15:22…     
        AuthRole                       AWS::IAM::Role                 CREATE_IN_PROGRESS             Tue Feb 14 2023 15:15:22…     

Deployment state saved successfully.
✔ Initialized provider successfully.
✅ Initialized your environment successfully.

Your project has been successfully initialized and connected to the cloud!

Some next steps:
"amplify status" will show you what you've added already and if it's locally configured or deployed
"amplify add <category>" will allow you to add features like user login or a backend API
"amplify push" will build all your local backend resources and provision it in the cloud
"amplify console" to open the Amplify Console and view your project status
"amplify publish" will build all your local backend and frontend resources (if you have hosting category added) and provision it in the cloud

Pro tip:
Try "amplify add api" to create a backend API and then "amplify push" to deploy everything

Could you let us know how was the AWS credential configured with the role? As in my reproduction on creating a new EC2 instance I observed an empty list when running aws configure list.

@ykethan ykethan added the pending-response Issue is pending response from the issue author label Feb 14, 2023
@vladimirjaric
Copy link
Author

Hi @ykethan, as soon as an IAM role is attached to an EC2 instance aws configure list will return a non-empty list. In my case, I have attached a simple EC2 role that includes AWS-managed policy arn:aws:iam::aws:policy/AdministratorAccess-Amplify.

Sorry, perhaps I was not clear with my initial description...

I agree amplify init works on EC2 when using IAM user credentials in the headless mode. I was able to initialise it like this:

amplify init --amplify "{\"projectName\":\"ampapp\",\"envName\":\"devel\",\"defaultEditor\":\"vscode\"}" \
--providers "{\"awscloudformation\":{\"configLevel\":\"project\",\"useProfile\":false,\"region\":\"<region>\",\"accessKeyId\":\"<access-key-id>\",\"secretAccessKey\":\"<secret-access-key>\"}}" \
--frontend "{\"frontend\":\"flutter\",\"config\":{\"ResDir\":\"./lib/\"}}" --yes
Note: It is recommended to run this command from the root of your app directory
The following configuration will be applied:

Project information
| Name: ampapp
| Environment: devel
| Default editor: Visual Studio Code
| App type: flutter
| Configuration file location: ./lib/

Adding backend environment devel to AWS Amplify app: <id>

Deployment completed.
Deploying root stack ampapp [ ==========------------------------------ ] 1/4
	amplify-ampapp-devel-03406     AWS::CloudFormation::Stack     CREATE_IN_PROGRESS             Wed Feb 15 2023 00:34:07…     
	UnauthRole                     AWS::IAM::Role                 CREATE_IN_PROGRESS             Wed Feb 15 2023 00:34:11…     
	AuthRole                       AWS::IAM::Role                 CREATE_IN_PROGRESS             Wed Feb 15 2023 00:34:11…     
	DeploymentBucket               AWS::S3::Bucket                CREATE_COMPLETE                Wed Feb 15 2023 00:34:35…     

Deployment state saved successfully.
✔ Initialized provider successfully.
✅ Initialized your environment successfully.

Your project has been successfully initialized and connected to the cloud!

Some next steps:
"amplify status" will show you what you've added already and if it's locally configured or deployed
"amplify add <category>" will allow you to add features like user login or a backend API
"amplify push" will build all your local backend resources and provision it in the cloud
"amplify console" to open the Amplify Console and view your project status
"amplify publish" will build all your local backend and frontend resources (if you have hosting category added) and provision it in the cloud

Pro tip:
Try "amplify add api" to create a backend API and then "amplify push" to deploy everything

The issue I am reporting here is that amplify init doesn't work with IAM role credentials, as with attaching an EC2 role that includes AWS-managed policy arn:aws:iam::aws:policy/AdministratorAccess-Amplify.

AWS CLI works with the above IAM role, i.e. aws s3 ls lists the S3 buckets. We would prefer to use IAM roles with Amplify CLI too. Do you think this is an issue or a feature request?

Many thanks

@github-actions github-actions bot removed the pending-response Issue is pending response from the issue author label Feb 15, 2023
@ykethan
Copy link
Member

ykethan commented Feb 15, 2023

Hey @vladimirjaric, thank you for the information. Currently, Amplify CLI expects the temporary credentials to be stored in ~/.aws/credentials and ~/.aws/config which needs to be acquired by AWS CLI STS. The comment on #407 (comment) provides this information.
Additionally, a feature request tracking this on #10484.

@ykethan ykethan added the pending-response Issue is pending response from the issue author label Feb 15, 2023
@vladimirjaric
Copy link
Author

Hi @ykethan, thank you for clarifying. Cheers

@github-actions github-actions bot removed the pending-response Issue is pending response from the issue author label Feb 16, 2023
@josefaidt josefaidt added feature-request Request a new feature duplicate If marked with duplicate, issue will be closed & original will be added for traceability and removed pending-triage Issue is pending triage labels Feb 20, 2023
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
duplicate If marked with duplicate, issue will be closed & original will be added for traceability feature-request Request a new feature platform-init Issues related to initializing a new Amplify project
Projects
None yet
Development

No branches or pull requests

3 participants