Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    cristobalmackenzie
    @cristobalmackenzie

    Hi ! I have a question regarding storage init. The docs state that "By default, only the service you specify during storage init will have access to that storage resource.".

    It seems to imply that there is indeed a way to make the storage resource accesible by more services. How is this accomplished?

    My use case is a webapp running on django, and I'll also have a backend service running a celery worker which'll need access to the same database.

    10 replies
    cristobalmackenzie
    @cristobalmackenzie

    Hi! I'm trying to deploy a service in a multi-account setup. I'm running a load balanced service with a sidecar. I pushed the sidecar image before deploying the service, but the environment account can't pull the image when deploying.

    The task fails with the following error:

    "CannotPullContainerError: inspect image has been retried 1 time(s): failed to resolve ref "227269212688.dkr.ecr.us-east-1.amazonaws.com/pace/traefik:latest": pulling from host 227269212688.dkr.ecr.us-east-1.amazonaws.com failed with status code [manifests latest]: 403 Forbidden"

    I've previously deployed these same containers but without a multi-account setup, so I think that might be the issue.

    There must be something I'm missing. Any pointers greatly appreciated, thanks!

    6 replies
    Gautam
    @gautam-nutalapati
    Hey Copilot!
    Regarding aws/copilot-cli#3609
    If service is deployed for first time, and its trying to create gateway VPC endpoints for private subnets, this approach will fail. Because copilot creates private route tables if at-least one svc is deployed in private subnets, and addOns depend on these being in output of env stack. Kind of circular dependency here.
    A hack would be to deploy a temporary service to fresh env in private subnets.
    A good solution would be to make the option to create private routing tables and NATs configurable in env init. Would this be a good thing to add in aws/copilot-cli#3522 ?
    3 replies
    zz
    @zzhengzhuo
    Hello, if I update manifest.yml for a service, how can I upgrade my deployed service?
    2 replies
    cristobalmackenzie
    @cristobalmackenzie

    Hi !

    I'm wondering, what's the best practice to stop a deployment once you realize the container is failing to run? I sometimes set the desired count to 0, but I guess there must be a better way.

    Or is there a way to make the deployment circuit breaker trigger sooner?

    4 replies
    cristobalmackenzie
    @cristobalmackenzie

    Hi Copilot!

    In order to comply with some "security" requirements from another company, I need to have all requests sent to a service I interact with from a fixed and known IP.

    I thought I might use a NAT Gateway with an Elastic IP attached. I tried setting placement: 'private' for a backend service I'm running but that didn't set up a NAT Gateway for me as I expected.

    Is there a way to set this up via the manifest ?

    10 replies
    michaelt32m
    @michaelt32m
    Hi! Is there a way to prevent copilot from auto-deregistering the previous task definition on deployment?
    3 replies
    Gautam
    @gautam-nutalapati
    Hey Copilot, I want to contribute for aws/copilot-cli#3387
    To avoid wasted effort, I want to ensure approach is approved before I contribute.
    Based on process I observed, I created design proposal aws/copilot-cli#3664. Kindly let me know if this is not the correct approach to start contrbuting. If it is, please review my proposal :)
    1 reply
    Janice Huang
    @huanjani
    Hi all!
    AWS Copilot v1.19.0 is now released! https://github.com/aws/copilot-cli/releases/tag/v1.19.0 πŸŽ‰πŸš€
    1 reply
    tegryan
    @tegryan:matrix.org
    [m]
    Hello everyone - is there a way to change an env to "production" after it is created? I couldn't find the answer to this in the docs, but maybe I should just delete and recreate?
    2 replies
    spelka
    @spelka
    hello! I was wondering if copilot fargate / backend service has a way to customize the count range for autoscaling to be different for various environments. We only have a need for a count of 1-3 tasks for our lowest environments, but for staging we need a count of 1-12 tasks. I don't see any way to discriminate this in the docs (https://aws.github.io/copilot-cli/docs/manifest/backend-service/)
    2 replies
    cristobalmackenzie
    @cristobalmackenzie
    Hi everyone ! I'm adding an addon for an IAM Managed Policy, in order for one of my services to be able to access AWS SES Email Sending APIs. Is there a way to attach this policy to more than one task role without adding the exact same addon file to every service?
    2 replies
    dreaminpast123
    @dreaminzero-cell
    Hi everyone! AWS Copilot does have any plan to support Lambda? Using SAM and Copilot at the same time is somewhat divisive, especially in different formats(one is docker-compose, one is cloudformation-variant)
    1 reply
    Ashish Dubey
    @dash1291
    Hi there - I want to modify ECS_CONTAINER_STOP_TIMEOUT for one of my services to increase the duration for graceful termination as it processes a long running task.. how do I go about it using copilot?
    4 replies
    I'm assuming it won't work as a regular cotainer env variable
    zz
    @zzhengzhuo
    Hello, is there any example for deploying a web server with database and redis by copilot-cli?
    1 reply
    Roman RoΕ‘tΓ‘r
    @romanrostar_twitter
    This message was deleted
    dazl
    @dazl
    Is there a way to specify the number of times updating a task must be tried if the update fails?
    I am deploying a "Load Balanced Web Service" (a Ruby on Rails app) and on copilot svc deploy if the ECS task fails to start it retries 10 times and I would like to specify a lower number -- thanks
    (also: if there is any rails-specific write up for copilot I would be grateful for a link , thanks)
    3 replies
    innix
    @innix
    Hello, what does svc deploy --force do? A few hours ago, I had to change some env vars for one of my Copilot services and deploy the changes. I assumed --force would use the latest image in the ECR and create a new Task Definition with the new options in the manifest.yml. The code hasn't changed, so why would it build a new image? I thought that's what this flag was for. But apparently I was wrong; it proceeded to re-build my project using the Dockerfile as usual.
    1 reply
    dreaminpast123
    @dreaminzero-cell
    Does Copilot has any relationship with Terraform?
    1 reply
    Tom Kerswill
    @tomkerswill
    Hi! Are there any plans to support the EC2 capacity provider, instead of just Fargate? I saw there were some old conversations in 2020, and support was on roadmap at that point and planned for that year; do you know if it got implemented? Very keen to switch to EC2 for some workloads, as a way to reduce cost.
    1 reply
    sudo er
    @sudoerj_twitter
    hi guys, just wondering if it's possible to automatically deploy an app in an environment when using copilot init .
    copilot init -a test -d ./Dockerfile -n web --port 8080 -t "Load Balanced Web Service"
    I am trying something like this and it will ask me if I want to deploy it in a test environment, what's the parameter to pass so I could answer or skip that question?
    2 replies
    jpw-src
    @jpw-src
    Hi! I'm running a load balanced web service with an aurora mysql addon. Now I want to create a second environment "test" and use the latest snapshot from the environment "prod". I tried to do this on the AWS Web Console, but I only was allowed to restore the snapshot to a new db cluster instance. Is there an easy way to restore the snapshot to the existing "test" environment?
    3 replies
    RestonAbaqus
    @RestonAbaqus
    Hey guys is there a way to make envs with "termination protection"? as documented here https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html
    2 replies
    Ronique Ricketts
    @RoniqueRicketts
    Also to prevent the database from deletion
    tegryan
    @tegryan:matrix.org
    [m]

    Has anyone seen this error? I'd like to understand what his happening under the hood. I'm using AWS SSO and am logged in to it. I'm on the latest copilot (1.19). I've set up an env in copilot using a profile from my SSO list, but it seems like it is not passing the role properly maybe?

    execute svc deploy: execute "env upgrade --app redacted --name qa": get template redacted-qa: InvalidParameter: 1 validation error(s) found. minimum field size of 20, AssumeRoleInput.RoleArn.

    3 replies
    Per J
    @perj:matrix.org
    [m]

    Greetings. I've been trying to use copilot storage init to create a postgresql db in eu-north-1. Unfortunately this doesn't seem to work, it errors on the database type

          The engine mode serverless you requested is currently unavailable. (Se                                 
          rvice: AmazonRDS; Status Code: 400; Error Code: InvalidParameterValue;                                 
           Request ID: 95157b6a-94e7-4fdd-a277-83e14f568a46; Proxy: null)

    I believe this is probably because Aurora serverless v1 is not available in eu-north-1...

    Do you guys have any suggestion on how I should proceed? I can't switch region unfortunately. Also, I'd like as much as possible to be managed from within copilot, that's the point of our current project.

    Any input is appreciated.

    2 replies
    Gabe Jackson
    @gj
    Hey, apologies if this has been asked/answered, but I tried searching this Gitter instance, aws/copilot-cli GitHub issues, and the copilot docs and couldn't find anything relevant. When I run copilot init ... as per the Getting Started guide, I see get application demo: get application demo: ExpiredTokenException: The security token included in the request is expired. The AWS creds in my [default] local profile are refreshed and valid (I can use them for non-copilot things just fine). I'm sure it's something wrong on my end, but I'm pretty stumped about what it could be. Any ideas?
    16 replies
    Urvish Patel
    @urpatel86
    Hi guys, Can we run pipeline for monorepos individually?
    4 replies
    johnrlowry
    @johnrlowry

    I appears it's not possible to set up a wildcard alias for my service...I'm trying to do this:

    http.alias: ["example.com", "*.example.com"]

    This however, throwing the following errors:

    ✘ generate workload epic template against environment test: generate stack template: apply task definition overrides: unmarshal YAML template: yaml: line 260: did not find expected alphabetic or numeric character

    Is this not possible today?

    1 reply
    julian lyndon-smith
    @jmls_gitlab

    hi all - I'm a complete noob to both fargate and copliot so please excuse any potential ignorant questions ...

    I'm kind of confused about the whole IAM permissions and roles thing. I initially tried to fire up a service with my "root" user credentials and it fell over. Faair enough. So I then went to create a user - but what roles / permissions do I need to assign to the user in order to have the correct permissions. I couldn't seem to find any defaults. If I don't add any permissions then the user console obviously suggests that I do. Is there a default policy I can import / use when setting up a user group to put my "admin" users in ?

    1 reply
    cristobalmackenzie
    @cristobalmackenzie

    Hi Copilot ! I'm seeing pretty high costs in AWS Config for the current month, but I'm not sure where this is coming from.

    The account in question is basically only running an ECS Cluster set up via Copilot, is this AWS Config related to Copilot / AWS CloudFormation?

    The other suspect is our recent adoption of Control Tower...

    Sorry for the vague question, but I'm really lost as to how to find what is generating these costs.

    Any pointer is greatly appreciated.

    3 replies
    eadams162
    @eadams162

    Hello, quick question about SecretsManager in the Copilot manifest.

    The documentation states that you can link to a specific secret -

    secrets:
      # (Recommended) Option 1. Referring to the secret by name.
      DB:
        secretsmanager: 'demo/test/mysql'

    My best case scenario is to throw all of the variables from the .env file into SecretsManager and load them in dynamically. I'd prefer to not link to specific keys for every secret since the .env file has 100+ env variables in there.

    I already know of the env_file feature, however it'd be best to securely store it instead of locally.

    I've tried using SecretsManager before with a couple of env variables within the Secret but the service doesn't load them in as expected -

    secrets:               
      ENV_FILE:
        secretsmanager: 'path/to/secret'

    Any tips/notes on how this could be done? Or does this sound like something that still needs to be added?

    2 replies
    Efe Karakus
    @efekarakus
    Hello Copilots! πŸ‘©β€βœˆοΈπŸ‘¨β€βœˆοΈ
    v1.20 is now out and it introduces environment manifests πŸš€
    Checkout the blog post ➑️ https://aws.github.io/copilot-cli/blogs/release-v120/
    And release notes: https://github.com/aws/copilot-cli/releases/tag/v1.20.0
    1 reply
    Victor M Merino
    @vmerino04_twitter
    Question about the newly released environment manifest feature. If my app has 2 different load balanced web services, each of which is configured differently on a per environment basis, do I need to set up environment manifests under each service? Or do I keep the manifests at the root, and have each environment manifest specify requirements for each service?
    Victor M Merino
    @vmerino04_twitter
    Now my thinking is.. environment manifests are the base manifests and are located at the root. Service manifests override environment manifests if they need to. For example, since we use a different alias per env, per service…I assume that needs to continue to live on the service manifest under environments ?. Is that the correct way to think about it?
    3 replies
    garyj
    @garyj:matrix.org
    [m]
    I would like to deploy a internal Network Load Balancer (NLB). I have managed to deploy an Internal Application Load Balancer (ALB). I have tried several different options and I seem to be able to get only a internet facing NLB. I am missing something? Is it possible to deploy a internal NLB with copilot?
    garyj
    @garyj:matrix.org
    [m]
    :point_up: Edit: I would like to deploy an internal Network Load Balancer (NLB). I have managed to deploy an Internal Application Load Balancer (ALB). I have tried several different options, and I seem to be able to get only an internet-facing NLB. I am missing something? Is it possible to deploy an internal NLB with AWS copilot?
    5 replies
    Niris Okram
    @okram999

    hey all, i am trying to use EFS with a bitnami image. Trying to define the file system and mount it via the app's manifest.yml.

    storage:
      volumes:
        moodle_data:
          efs: true
          path: /bitnami
          read_only: false

    But i am seeing a failure in the log, chown: changing ownership of '/bitnami/moodle': Operation not permitted , have anyone encountered this and if so what was the root cause?

    Niris Okram
    @okram999
    nvm - looks like it due to the EFS IAM that copilot configured
    cristobalmackenzie
    @cristobalmackenzie

    Hi Copilot!, I'm seeing a strange error during deployments, it first happened in our test environment and now our prod environment.

    We have a service that runs a django container, and we added an S3 bucket as an addon. We have another backend service that needs access to this container so we added a policy that allows access to this bucket as an addon in that service.

    During the deployment step of the pipeline, deployment fails with an AccessDenied in S3 error during the update of both AddonStacks.

    Manual deployment works fine, I haven't been able to look at more logs to see more details during the cloudformation update.

    6 replies
    Niris Okram
    @okram999
    can copilot deploy an RDS mysql instance?
    6 replies
    Niris Okram
    @okram999
    Does the svc manifest support specifying a container directly from dockerhub (or may be from ECR) instead of a Dockerfile? Use case: i want to pull down an vanila image and run it by passing env variables.
    2 replies
    Niris Okram
    @okram999

    Hi pilots, how do i specify the "Health check grace period" for the ECS scheduler in the manifest. i can see the ALB health check grace period property but not the one in the ECS service level.

    The service that i am deploying runs a script for the initialization - so i need to bump up the grace health checktime in the ECS service definition

    7 replies
    Gleidson Braga
    @gleidin
    Hello, hello, happy Friday! First at all, thanks for the new version, the ability to import new certificates using the env deployment is just amazing <3
    Taking toons of advantage on that! I have a quick question here, I do have some applications that have migration steps at the end of the deployment. Most of them are now doing it directly to the GHA pipeline. However, I was wondering if the copilot has some configurable post-build or post-deploy tasks or if you guys have some recommendations on that scenario using the copilot. Thanks a lot! Keep up the brilliant work!
    2 replies
    fearnycompknowhow
    @fearnycompknowhow

    Hello, I apologize if this question has already been asked. I've been searching the internet for about a day and a half now, and I haven't found anything that works.

    My pipeline builds a docker image. Both the buildspec.yml and the service manifest.yml files were generated through the AWS CLI.

    I'm struggling with how to pass values from Secrets Manager into Dockerfile at build time. Based on my reading, it's possible to pull in values from Secrets Manager using either this syntax in the service's manfiest.yml file:

    secrets:
      SECRET_1: "arn:for:secret"
      SECRET_2: "arn:for:secret"
    
    # Or this instead
    secrets:
      SECRET_1:
        secretsmanager: "secret-name:secret-key-1"
      SECRET_2:
        secretsmanager: "secret-name:secret-key-2"

    Or you can specify them in the top-level buildspec.yml file using the following syntax:

    env:
      secrets-manager:
        SECRET_1: "secret-name:secret-key-1"
        SECRET_2: "secret-name:secret-key-2"

    The problem comes when I attempt to pass the values into the Docker file as build args. Within the service's manifest.yml file:

    image:
      build:
        dockerfile: Dockerfile
        args:
          SECRET_1: ${SECRET_1}
          # Omitting the curly braces doesn't help anything
          SECRET_2: $SECRET_2

    The problem seems to be that neither of the two environment variables are replaced with the environment variable values. Instead the literal string values of "${SECRET_1}" and "$SECRET_2" are passed into the Dockerfile.

    I notice here that the person is referencing custom environment variables in the exact same way that I am, and it seems to have worked for them.

    Am I doing this wrong, or is there some change that I need to make to the pre-canned buildspec.yml and/or manfiest.yml files?

    9 replies
    Gautam
    @gautam-nutalapati

    Hey Copilot!
    A question regarding addons, I am trying to create EC2 instance with some user data. My addons contain user data like below (copied from https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-ecs.html#quickref-ecs-example-1.yaml)

          UserData: !Base64
            'Fn::Join':
              - ''
              - - |
                  #!/bin/bash -xe
                - echo ECS_CLUSTER=
                - Fn::ImportValue: !Sub "${App}-${Env}-ClusterId"
                - |2
                   >> /etc/ecs/ecs.config

    copilot fails to parse the addons when using such syntax. I see error

    ✘ deploy service django to environment gautam-dev: deploy service: generate template: get addons outputs for django: unmarshal addon cloudformation template: yaml: line 1103: did not find expected comment or line break

    It may not be a common use case, but any suggestions on how to overcome this? Has anyone faced this issue before?
    Thanks in advance!

    7 replies
    belsebob
    @belsebob
    Hello, I would like to be able to restrict deployment rights to production. Should I create a prod environment and deploy there with separate credentials than those we use for test env/deploys in order to achieve this?
    2 replies
    Alan Scherger
    @flyinprogrammer

    :wave: so has anyone ever tried to use copilot in an environment where encryption is enforced at the org level? and thus the current S3 Uploader code doesn't seem to work without being able to configure SSE upload flags, like a KMS key id, or simply AES256?

    https://github.com/aws/copilot-cli/blob/bbb70a12f6b5fab2bb9b988828ab5009d3bf5213/internal/pkg/aws/s3/s3.go#L213-L219
    https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3manager/#UploadInput

    8 replies
    Joshua Kleiner
    @surrealchemist
    I have a domain that has DNS managed in a different account, but I want to use subdomains as alias on a load balancer. Is there a way to modify an existing configuration to add https? I saw the init option to specify a certificate arn. I do have a certificate configured now in certificate manager but the DNS is going to be manual configuration later creating a CNAME or alias that points to the ALB. I know how to do this manually but want to get it into my copilot manifest. A couple years ago I ended up using cloudfront to work around things, but a lot has been added to copilot since then.
    9 replies