Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Luis Vieira
    @vieirajluis
    Hey guys. Does anybody had used copilot to deploy an ECS service, and later converted it to support blue/green on its CodePipeline/CodeDeploy? The reason of my question is: seems that copilot creates the service setting "Rolling update" as deployment type option, and its make impossible to set the CodeDeploy with blue/green deployment directly from the CodePipeline (Issue: Deployment group's ECS service must be configured for a CODE_DEPLOY deployment controller.). Thanks for any help.
    John Lucas
    @jlucas91
    :wave: Is anyone using Copilot in production yet? I'm evaluating it to replatform a startup stuck on 2010s infra. It looks like exactly what the team needs, but I'm worried that it's still relatively new.
    Luis Vieira
    @vieirajluis
    We are planning to have it on prod @jlucas91 , but there are limitations such as Blue/Green deployments out of the box.
    Joshua Kleiner
    @surrealchemist
    It looks like this installs just fine in the new cloudshell environments, are there any plans in getting it included by default? Right now you have to manually install in each region and no auto-updates so it would be convenient.
    David Killmon
    @kohidave
    Yea - the CodeDeploy deployment integration story for CloudFormation isn't super great right now unfortunately - but we're working on adding more deployment controls soon, especially with the circut breaker support that's just come out.
    @jlucas91 I don't want to speak for customers (I'm a maintainer) - but I'd just mention that under the hood, Copilot provisions all its resources through CloudFormation - if you decide it's not a great fit, you can still manage the resources that way!
    @surrealchemist Yea! We're working with the CloudShell folks to see what the best way to include Copilot is. There's no way to update built in binaries in CloudShell - so we're trying to find a good answer to that :D
    Mikael Fridh
    @frimik
    What a pleasure it was launching an app via Copilot! ... too bad it stops right there due to it only supporting Github right now. Looking forward to it having more flexibility in the future!
    jaybauson
    @jaybauson
    @frimik not sure what you meant by that, I've been using it since ecs-preview(copilot beta) in bitbucket.
    2 replies
    Maurizio Turatti
    @mkjsix
    Hi all, I'm following the tutorial at https://aws.github.io/copilot-cli/docs/getting-started/first-app-tutorial/ step by step.
    The deployment fails with the below error. What am I doing wrong?
    ✘ Failed to deploy service.
    
    ✘ deploy service: check if changeset is empty: create change set copilot-41c097c6-ae59-4169-a782-98581c856efa for stack example-app-test-front-end: AccessDenied: User: arn:aws:sts::935157358684:assumed-role/example-app-test-EnvManagerRole/1608798589915407000 is not authorized to perform: iam:PassRole on resource: arn:aws:iam::935157358684:role/example-app-test-CFNExecutionRole
            status code: 403, request id: 994c34cc-8ceb-467b-99bf-35f2321d51cb: describe change set copilot-41c097c6-ae59-4169-a782-98581c856efa for stack example-app-test-front-end: ValidationError: Stack [example-app-test-front-end] does not exist
            status code: 400, request id: 854b78d1-0ac5-4a7d-b2f5-f090236fdc91: describe stack: describe stack events for stack example-app-test-front-end: ValidationError: Stack [example-app-test-front-end] does not exist
            status code: 400, request id: a87925c9-7e7c-46c0-b2f6-2abb7d477479
    Alex
    @ajbeach2
    so copilot assumes that all related services are contain in the same repo? (ie, the dockerfiles)
    what happens if you have services in multiple github repos, but you want them to share the same ecs cluster
    David Killmon
    @kohidave
    It doesn’t assume that :smile: you can go to another repo - run copilot init, and Copilot will ask@if you’d like to associate the new service/job to an existing app
    Here’s an (old) example set of services that are in different hit repos
    Alex
    @ajbeach2
    nice nice
    does copilot only support fargate right now? or is ec2 an option
    i ultimately will need ec2 and spot instances
    its pretty darn sweet that copilot does the subsomain/host header conditions
    i more or less built the same thing entirely in terraform :\
    David Killmon
    @kohidave
    Yea - Fargate only. Fargate spot support is coming soon, and ec2 is on the roadmap but maybe sometime later this year
    Yaaaay! I’m glad you like the Roman support. It’s pretty tricky to get right - I’m glad you were able to get it working in terraform!
    Domain *
    Alex
    @ajbeach2
    how does fargate work with the private subnets? i noticed that copilot doesn't setup a NAT gateway
    David Killmon
    @kohidave
    We place them in a public subnet but have very strict security groups - so access is effectively limited but internet access is preserved without the $$$ NAT GW
    Alex
    @ajbeach2
    hmm. well, it looks like copilot created private subnets though, the routing table for the private subnets from copilot dont include a route to an internet gateway
    David Killmon
    @kohidave
    The private subnets are created so that resources which require them (caches, databases, etc) can be placed in them and be connected to your services
    We’re working on adding aurora to ‘storage init’ that’ll take advantage of those private subsets
    Alex
    @ajbeach2
    do those storage optoins setup the routing table associations? the private subnets created don't have any subnet associations
    oh i see nvm they are routed to the main routing table
    John Cantrell
    @johncantrell97
    This message was deleted
    1 reply
    John Cantrell
    @johncantrell97

    copilot svc deploy works fine, I just setup a default pipeline to automatically build and deploy after commit. I can see the pipeline getting triggered automatically on commit to main branch but the build is failing even though it builds fine when I run copilot svc deploy. Are the same env variables and secrets defined in my manifest used in the pipeline build? I don't see any env vars when poking around in CodePipeline admin.

    It fails at this step COMMAND_EXECUTION_ERROR: Error while executing command: for workload in $WORKLOADS; do manifest but no useful error message just Reason: exit status 1 so I'm not sure how to proceed debugging, any ideas?

    6 replies
    srikaransc
    @srikaransc
    Hi Guys i am new to copilot and i am trying to add an IAM policy to the default role which gets created when i deploy a service using copilot can you please help me with how and where to add it
    David Killmon
    @kohidave
    If you create a managed policy via addons it’ll be added to your task role https://aws.github.io/copilot-cli/docs/developing/additional-aws-resources/
    srikaransc
    @srikaransc

    Hi David,
    I have tried to add this to addons:

    Resources:
      SSMAccessPolicy:
        Type: AWS::IAM::ManagedPolicy
        Properties:
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - ssm:Describe*
                  - ssm:Get*
                  - ssm:List*
                Resource: "{{ resource ARN }}"
    Outputs:
      SSMAccessPolicyArn:
        Description: "The ARN of the ManagedPolicy to attach to the task role."
        Value: !Ref SSMAccessPolicy

    and i get an error saying ResourceNotReady: failed waiting for successful resource state: Parameter values specified for a template which does not require them.

    srikaransc
    @srikaransc
    Or as an alternative is there a way i can attach an existing policy to the task role created by copilot for example "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess"
    madusanka90
    @madusanka90
    can we add a existing instance to ecs with copilot cli
    1 reply
    Efe Karakus
    @efekarakus

    Heya @srikaransc !

    Can you try this:

    Parameters:
      App:
        Type: String
        Description: Your application's name.
      Env:
        Type: String
        Description: The environment name your service, job, or workflow is being deployed to.
      Name:
        Type: String
        Description: The name of the service, job, or workflow being deployed.
    Resources:
      SSMAccessPolicy:
        Type: AWS::IAM::ManagedPolicy
        Properties:
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - ssm:Describe*
                  - ssm:Get*
                  - ssm:List*
                Resource: "{{ resource ARN }}"
    Outputs:
      SSMAccessPolicyArn:
        Description: "The ARN of the ManagedPolicy to attach to the task role."
        Value: !Ref SSMAccessPolicy

    Copilot always passes these parameters to the Addons stack so that you can build your own fancy names, or maybe import values from the environment or service stack

    Anish Dcruz
    @anishdcruz_gitlab

    Hi everyone,
    Please can someone tell me which directory does buildspec post_build execute in?
    I want to upload file to newly created s3 bucket

    - aws s3 sync public/assets/images s3://bucket-name

    Also is it possbile to get dynamic bucket name inside buildspec?
    Thanks

    6 replies
    srikaransc
    @srikaransc
    Thanks @efekarakus we are running the copilot commands on bitbucket can you please help me to stop interactive terminal for copilot an bitbucket?
    3 replies
    rs-ds
    @rs-ds
    Hi Team, I have two services (1 load balanced web service and 1 backend service). Both images are exactly same but each has its own command to run. How can I use the same Dockerfile with different commands for both the service. Or is there any alternative to do this?
    Also, one of the probelm that I have is although both these images are identical, I end up building it twice because I need to run 2 deploy command to run each service. Is there any way I can avoid building this multiple times?
    6 replies
    oedemis
    @oedemis
    Hello I have the following sitation i have created a service api with rds and redis as addons and outputet the rds_endpoints and redis_endpoint accoringly to the api. But i have another service api-bff and want also use the rds_endpoints / rds_secrets / redis_endpoint from other created service . How can I implement this using service discovery ?
    9 replies
    Marcelo Sousa
    @marcelosousa
    Hi team, I'm currently migrating a microservice build & deployment from gcp to aws. I've been using skaffold to build and push to the registry and I was wondering if there is any tutorial on how to switch from skaffold to copilot? Thank you!
    bennyderickm
    @bennyderickm
    Hi Team, I am using copilot with my external VPC which has 2 public subnets and 2 private subnets. I tried to deploy backend services and it is getting deployed to the public subnet. How can i force this to deploy to private subnets?
    David Killmon
    @kohidave
    @bennyderickm hey hey ! While the service is provisioned in the public subnet - that’s only so it gets an IP address and can make external internet calls. It’s protected through its security group to block all external traffic
    @marcelosousa oh sweet! Best of luck on your move! I don’t know of any such tutorial. I’m sorry 🙏
    bennyderickm
    @bennyderickm
    @kohidave Thanks. I am assuming I don't need a NAT gateway in my VPC if the service can external calls since it resides in a public subnet.
    David Killmon
    @kohidave
    Exactly