Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    David Killmon
    @kohidave
    Yaaaay! I’m glad you like the Roman support. It’s pretty tricky to get right - I’m glad you were able to get it working in terraform!
    Domain *
    Alex
    @ajbeach2
    how does fargate work with the private subnets? i noticed that copilot doesn't setup a NAT gateway
    David Killmon
    @kohidave
    We place them in a public subnet but have very strict security groups - so access is effectively limited but internet access is preserved without the $$$ NAT GW
    Alex
    @ajbeach2
    hmm. well, it looks like copilot created private subnets though, the routing table for the private subnets from copilot dont include a route to an internet gateway
    David Killmon
    @kohidave
    The private subnets are created so that resources which require them (caches, databases, etc) can be placed in them and be connected to your services
    We’re working on adding aurora to ‘storage init’ that’ll take advantage of those private subsets
    Alex
    @ajbeach2
    do those storage optoins setup the routing table associations? the private subnets created don't have any subnet associations
    oh i see nvm they are routed to the main routing table
    John Cantrell
    @johncantrell97
    This message was deleted
    1 reply
    John Cantrell
    @johncantrell97

    copilot svc deploy works fine, I just setup a default pipeline to automatically build and deploy after commit. I can see the pipeline getting triggered automatically on commit to main branch but the build is failing even though it builds fine when I run copilot svc deploy. Are the same env variables and secrets defined in my manifest used in the pipeline build? I don't see any env vars when poking around in CodePipeline admin.

    It fails at this step COMMAND_EXECUTION_ERROR: Error while executing command: for workload in $WORKLOADS; do manifest but no useful error message just Reason: exit status 1 so I'm not sure how to proceed debugging, any ideas?

    6 replies
    srikaransc
    @srikaransc
    Hi Guys i am new to copilot and i am trying to add an IAM policy to the default role which gets created when i deploy a service using copilot can you please help me with how and where to add it
    David Killmon
    @kohidave
    If you create a managed policy via addons it’ll be added to your task role https://aws.github.io/copilot-cli/docs/developing/additional-aws-resources/
    srikaransc
    @srikaransc

    Hi David,
    I have tried to add this to addons:

    Resources:
  SSMAccessPolicy:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Action:
              - ssm:Describe*
              - ssm:Get*
              - ssm:List*
            Resource: "{{ resource ARN }}"
Outputs:
  SSMAccessPolicyArn:
    Description: "The ARN of the ManagedPolicy to attach to the task role."
    Value: !Ref SSMAccessPolicy

    and i get an error saying ResourceNotReady: failed waiting for successful resource state: Parameter values specified for a template which does not require them.

    srikaransc
    @srikaransc
    Or as an alternative is there a way i can attach an existing policy to the task role created by copilot for example "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess"
    madusanka90
    @madusanka90
    can we add a existing instance to ecs with copilot cli
    1 reply
    Efe Karakus
    @efekarakus

    Heya @srikaransc !

    Can you try this:

    Parameters:
  App:
    Type: String
    Description: Your application's name.
  Env:
    Type: String
    Description: The environment name your service, job, or workflow is being deployed to.
  Name:
    Type: String
    Description: The name of the service, job, or workflow being deployed.
Resources:
  SSMAccessPolicy:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Action:
              - ssm:Describe*
              - ssm:Get*
              - ssm:List*
            Resource: "{{ resource ARN }}"
Outputs:
  SSMAccessPolicyArn:
    Description: "The ARN of the ManagedPolicy to attach to the task role."
    Value: !Ref SSMAccessPolicy

    Copilot always passes these parameters to the Addons stack so that you can build your own fancy names, or maybe import values from the environment or service stack

    Anish Dcruz
    @anishdcruz_gitlab

    Hi everyone,
    Please can someone tell me which directory does buildspec post_build execute in?
    I want to upload file to newly created s3 bucket 

    - aws s3 sync public/assets/images s3://bucket-name

    Also is it possbile to get dynamic bucket name inside buildspec?
    Thanks

    6 replies
    srikaransc
    @srikaransc
    Thanks @efekarakus we are running the copilot commands on bitbucket can you please help me to stop interactive terminal for copilot an bitbucket?
    3 replies
    rs-ds
    @rs-ds
    Hi Team, I have two services (1 load balanced web service and 1 backend service). Both images are exactly same but each has its own command to run. How can I use the same Dockerfile with different commands for both the service. Or is there any alternative to do this?
    Also, one of the probelm that I have is although both these images are identical, I end up building it twice because I need to run 2 deploy command to run each service. Is there any way I can avoid building this multiple times?
    6 replies
    oedemis
    @oedemis
    Hello I have the following sitation i have created a service api with rds and redis as addons and outputet the rds_endpoints and redis_endpoint accoringly to the api. But i have another service api-bff and want also use the rds_endpoints / rds_secrets / redis_endpoint from other created service . How can I implement this using service discovery ?
    9 replies
    Marcelo Sousa
    @marcelosousa
    Hi team, I'm currently migrating a microservice build & deployment from gcp to aws. I've been using skaffold to build and push to the registry and I was wondering if there is any tutorial on how to switch from skaffold to copilot? Thank you!
    bennyderickm
    @bennyderickm
    Hi Team, I am using copilot with my external VPC which has 2 public subnets and 2 private subnets. I tried to deploy backend services and it is getting deployed to the public subnet. How can i force this to deploy to private subnets?
    David Killmon
    @kohidave
    @bennyderickm hey hey ! While the service is provisioned in the public subnet - that’s only so it gets an IP address and can make external internet calls. It’s protected through its security group to block all external traffic
    @marcelosousa oh sweet! Best of luck on your move! I don’t know of any such tutorial. I’m sorry 🙏
    bennyderickm
    @bennyderickm
    @kohidave Thanks. I am assuming I don't need a NAT gateway in my VPC if the service can external calls since it resides in a public subnet.
    David Killmon
    @kohidave
    Exactly
    deoson
    @thedeo
    @bennyderickm if you are interested, i was able to force it to deploy into a private subnet for a VPC I created.
    Basically you can update the buildspec file to add a sed command to replace the term “-PublicSubnet” with “-PrivateSubnet”.
    The buildspec file is where it generates the cloudformation that decides what subnets and security groups are assigned at cluster creation.
    bennyderickm
    @bennyderickm
    @thedeo Thanks. I ran copilot svc init but it didn't generate buildspec but it did generate manifest.yml within the serivce folder
    deoson
    @thedeo
    To get the buildspec you have to also have done pipeline init https://aws.github.io/copilot-cli/docs/concepts/pipelines/
    @bennyderickm the buildspec gets used by the pipeline when deploying new containers to the cluster. Its mostly some bash commands that generate cloudformation templates. There you can run commands like sed against the files in the ./infrastructure folder the copilot command creates.
    bennyderickm
    @bennyderickm
    Thanks @thedeo
    Is there a way to get the ARN of the service deployed? I am trying to use the API Gateway V2 with Cloud Map and I need to know the ARN of the service so I can map it in the gateway cloud formation template
    Khairul
    @kahirul

    Hi, I'm trying to ship log from my container to Datadog with logging sidecars
    Here is how my manifest.yml look like

    logging:
  image: amazon/aws-for-fluent-bit:latest
  destination:
    Name: datadog
    TLS: on
    apikey: <DD_API_KEY>
  enableMetadata: true
  configFile: /fluent-bit/configs/parse-json.conf

    Is it possible to set this apikey from SSM?

    Penghao He
    @iamhopaul123
    Hello @kahirul it is not possible yet. Could you cut an issue for it? So that we can track and prioritize it.
    1 reply
    shaktek
    @shaktek

    Hi everyone, I am trying to apply a custom firelens config to make the Fargate logs work better with our Kinesis + Function Beat setup.

    Our manifest.yml looks like:

    logging:
  image: 123456789.dkr.ecr.us-east-1.amazonaws.com/ns/firelens-custom:v0.2
  destination:
    Name: cloudwatch
    region: us-east-1
    log_group_name: /copilot/test-fargate-services
    log_stream_prefix: copilot/
  configFile: /extra.conf

    The Fargate service works well, however the custom configuration changes don't get applied to the generated logs.

    I reckon its because of the service task definition generated by copilot. The custom config is missing from the firelensConfiguration :

     "image": "123456789.dkr.ecr.us-east-1.amazonaws.com/ns/firelens-custom:v0.2",
"startTimeout": null,
"firelensConfiguration": {
  "type": "fluentbit",
  "options": {
    "enable-ecs-log-metadata": "true"
  }
},

    Any ideas on why copilot is not adding the custom config to task definition?

    Penghao He
    @iamhopaul123
    Hello @shaktek, the field name on the doc is not correct. This PR should fix the doc aws/copilot-cli#1859. The field name should be configFilePath instead.
    Sorry for the inconvenience.
    shaktek
    @shaktek
    No worries @iamhopaul123 . configFilePath works. Thank you
    bennyderickm
    @bennyderickm
    Is there to add the output to the cf templates created by the copilot. I am looking to expose additional outputs that can be used by other services such as API Gateway and Lambda
    John Cantrell
    @johncantrell97

    i've been using copilot with a pipeline to deploy an app. today when I went to merge it triggered my codepipeline just fine, build worked, but it has been stuck on the deploy step. Upon further investigation the ECS update is what is stuck. If I watch the ECS service there are actually two tasks (one that is active) and then one that goes PROVISIONING -> PENDING -> ACTIVE then disappears. It just continues that loop over and over and over again. In the logs everything looks perfect, I can see server started successfully with no errors.

    Any idea why this infinite loop is happening? I can't find any more information anywhere in the console

    4 replies
    shaktek
    @shaktek

    Hi everyone, is there a way to force the copilot scheduled job to use the private subnets?

    Our use case requires the requests to originate from a specific IP address that's whitelisted by a 3rd party and our VPC setup provides that for ECS services running from private subnets.

    3 replies
    tactevo
    @tactevo
    What's best practice for tearing down infrastructure (svc/env) temporarily to save aws costs while not working on a project? Is it just a svc delete?
    1 reply
    Steve
    @DropKickHume_twitter
    Hi, I'm testing copilot and I saw earlier that it's possible to have multiple repos per service that refer to the same app via the workspace file. How can I restrict permissions so that the owner of service A does not have permissions to make changes to service B that is under a different owner?
    2 replies
    bennyderickm
    @bennyderickm
    Hi, I am wondering in what order the addons are deployed on CF? Do they get executed before or after the ECS task templates? Is there way to force addons to execute after the ECS task is deployed?
    2 replies
    rmarap
    @rmarap
    Hello - Pretty impressive stuff. I have one minor issue though - the addons don't seem to execute anymore after it ran for the first time. I deleted the app and recreated the app again under the same name, and add-ons don't seem to run anymore.
    33 replies
    Steve
    @DropKickHume_twitter
    Is app mesh supported? I see in issue #644 there was mention of something like ecs-preview mesh init and was closed on Nov 16th, 2020. However I don't see in the docs how to setup a mesh for the app
    3 replies