Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    errrken
    @errrken
    Hi there. I am trying to set up a service with Copilot. It is actually reachable by the domain name until it gets killed because the target group thinks it is unhealthy. Comparing the target group settings to our current Fargate setup (not using Copilot) the health check settings seems identical. It just says requests timed out. Not really sure how to continue. I am using 1.18 with an imported certificate from ACM
    8 replies
    Cole Crawford
    @ColeDCrawford
    Trying to deploy and running into some permissions issues:
    ➜  mapping-color-in-history git:(feature/manifest-creator) βœ— copilot svc deploy --env dev --name webapp
    ✘ Failed to upgrade environment dev's template to version v1.9.0.
    ✘ execute "env upgrade --app mcih --name dev": upgrade environment dev from version v1.7.0 to version v1.9.0: upload manual/templates/mcih-dev/4975ac48f4d5a06ab41982b884e5f71e90a8abcf6681c78e2b16e81f2e4077d2.yml to bucket stackset-mcih-infrastruc-pipelinebuiltartifactbuc-1lyct64kwvokq: AccessDenied: Access Denied
            status code: 403, request id: VCBW761675S9QF4C, host id: G21HOtXX7ILUEA3OgaPz3IT7my7iZlHx0/Kx9QNdjK3HGw/ACzNH6pf1/NZs0ccJ3aOUwpLx92s=
    14 replies
    Kevin Chin
    @chinkevin25
    Hi! I'm trying to use copilot to set up some API secrets. I'm noticing in the docs that each secret requires two tags, an environment and an application. I have an API key that I'm trying to use across all environments, is there a way to set a secret for every environment?
    4 replies
    Efe Karakus
    @efekarakus

    Hi folks! We just released a patch version v1.18.1: https://github.com/aws/copilot-cli/releases/tag/v1.18.1

    If you ran into the following error with v1.18: upgrade environment preview from version v1.8.0 to version v1.9.0 this patch release should hopefully fix it! Sorry for any inconvenience πŸ™‡β€β™‚οΈ

    errrken
    @errrken
    Hi! Receiving this when trying to deploy a service: ResourceInitializationError: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve secrets from ssm: service call has been retried 1 time(s): AccessDeniedException: User: arn:aws:sts::1111:assumed-role...
    2 replies
    Gerard Garcia
    @GerardGarcia_gitlab

    Hi! I'm getting this error when deploying: deploy service ... to environment stage: deploy service: stack ... is currently being updated and cannot be deployed to: Resource handler returned message: "Error occurred during operation 'ECS Deployment Circuit Breaker was triggered'." (RequestToken: ..., HandlerErrorCode: GeneralServiceException). Right now, the service is properly running and is not rolling back.

    The latest failed deployment was 4 days ago, which is when it failed. That time the pipeline timed out while doing the rollback. Is it possible that we need to manually clean up something to be able to deploy the service again?

    6 replies
    errrken
    @errrken
    Hmm, I am receiving describe secret github-token-xxx: describe secret github-token-xxxand a 400 when trying to run pipeline delete. Don't have such a secret either, any idea what is happening?
    11 replies
    Cole Crawford
    @ColeDCrawford
    Hello - I recently added an Aurora serverless cluster to a dev environment. Wanted to try it out there, seemed like a good fit - usually very little usage with occasional spikes. I'm still using RDS (not managed by Copilot) for production. When I tried deploying updates to my production environment, it looks like Copilot is trying to change that CFN stack to also create an addons stack, which I was not anticipating. The deploy failed (output in thread). Is it possible to have different addons for different environments?
    5 replies
    Cole Crawford
    @ColeDCrawford

    ^ Have not been able to get this working with a Copilot addons template yet. If I add the suggested Conditions block :

    Conditions:
      CreateDevResources: !Not [!Equals [!Ref Env, prod]]

    and add those conditions to all the Resources, then I get an error about the Outputs failing because of dependencies on some of the (not created) Resources:

    ✘ deploy service webapp to environment prod: deploy service: wait for creation of change set copilot-bc18bf0b-dafd-43e8-a49f-365bdc0d35d4 for stack mcih-prod-webapp: ResourceNotReady: failed waiting for successful resource state: Unresolved resource dependencies [mcihdevclusterAuroraSecret] in the Outputs block of the template: Embedded stack arn:aws:cloudformation:us-east-1:***:stack/mcih-prod-webapp-AddonsStack-THUTAGMZK6N5/f848ec10-d602-11ec-8c2c-129993b51b41 was not successfully created: The following resource(s) failed to create: [mcihdevclusterSecurityGroup, mcihdevclusterAuroraSecret, mcihdevclusterDBSubnetGroup, mcihdevclusterDBClusterParameterGroup]. Rollback requested by user.
    17 replies
    Helen Zhang
    @helenzhang43
    I am new to copilot. We are required to spin a new ECS instance with a new version of app and retain the existing one running until we stop it in the same environment. Is it possible? If yes, how? Thanks!
    1 reply
    Jamin Collins
    @jamin-aws-ospo

    I'm trying to implement the idea/theory outlined here:
    https://github.com/aws/copilot-cli/issues/1982#issuecomment-1048144482

    However, I'm running into the following error:

    ResourceNotReady: failed waiting for successful resource state: Invalid template parameter property 'Fn::GetAtt'

    Which appears to be referencing the attempt to get the ListenerARN as an additional parameter:

    Parameters:
      ListenerARN: !GetAtt EnvControllerAction.HTTPListenerArn
    17 replies
    innix
    @innix
    Hey, I was just reading over the new Certificate Import feature in v1.18. Does using this feature mean I don't have to follow the ${EnvName}.${AppName}.${DomainName} naming convention for my aliases? aka I can just create any sub-domain I want in Route 53 and import it? I always found the domain name restrictions annoying because at my company we've always created sub-domains with EnvName and AppName the other way around e.g. ${AppName}.${EnvName}.${DomainName}.
    5 replies
    Roman RoΕ‘tΓ‘r
    @romanrostar_twitter
    Hey all - we're thinking about splitting our prod and test environments into separate aws accounts. Looking at https://aws.github.io/copilot-cli/docs/credentials/ I'm not sure with what credentials we should initialize the copilot application (should it be a different account the holds shared resources?). Thanks
    3 replies
    Jake Wright
    @jakequalia

    I have an environment with 2 services -- i created the env deployed 1 service and everything was fine but when i deployed the 2nd service I keep running into this issue:

    write log events for service [my-service]: get task log events for log group /copilot/[my-app]-[my-env]-[my-service]: describe log streams of log group /copilot/[my-app]-[my-env]-[my-service]: ResourceNotFoundException: The specified log group does not exist.

    the funny thing is, i ran into this issue before and I think it was a resource configuration issue on set up. I deleted the environment and re-created it and things worked swimmingly

    I think the log group is just missing (hopefully that's the only resource missing) -- is there a way for me to add it manually?

    14 replies
    Jamin Collins
    @jamin-aws-ospo
    Is there any documentation around what attributes are available (can be retrieved via !GetAtt) on EnvControllerAction? As indicated previously, I'm attempting to build on https://github.com/aws/copilot-cli/issues/1982#issuecomment-1048144482, but need a few different attributes and am currently making best guesses and while those guesses are frequently working, documentation would be preferred.
    4 replies
    am gad
    @mgamez0011_gitlab
    Is there a configuration or way for copilot to deploy instances to an existing ECS Cluster vs it creating a new one? If so, what documentation should I reference for this?
    3 replies
    Jamin Collins
    @jamin-aws-ospo
    Is there a way to have copilot dump the CFN template it would use for a deploy? I ask because it would make it easier to see the IDs to leverage/reference in an add-on, like the !Ref TargetGroup that was pointed out previously.
    3 replies
    Sean Quinn
    @seanquinn
    Ok so have a python flask app with celery workers. They all share the same Dockerfile, just different start commands. Very easily done in docker-compose, how can this be achieved in Copilot? E.g. build the flask app image, subsequent celery workers use the most recently built image. Currently in my ecr, seems to be building the same image for each service and adding that to ECR.
    5 replies
    cristobalmackenzie
    @cristobalmackenzie
    Is there a way to roll back a cluster to a previous deployment with copilot?
    5 replies
    Sean Quinn
    @seanquinn
    Another noob question, Heroku had a release phase which allowed me to run things like python manage.py db upgrade on startup. What's the best way to mimic this in Copilot, ideally this gets run prior to the services starting up on ECS?
    5 replies
    Sean Quinn
    @seanquinn

    Have a workflow set up currently where:

    1. Tag a release and push to github, that triggers a GitHub action that builds an image that is pushed to ECR.
    2. Take that newly tagged ECR image and update the manifest to point to the new image. This is required as change of the image at the :latest tag doesn't get detected when the pipeline is changed.
    3. Then I push to the release branch which triggers the code pipeline.

    Would it be possible to:

    1. Tag a release and push to github, that triggers a GitHub action builds an that is pushed to ECR.
    2. Trigger a pipeline redeploy from the Github Action, which makes use of the latest tag. Possibly something like copilot pipeline deploy --force
    11 replies
    sfarley85
    @sfarley85

    Hi there, I'm a bit stuck and hoping for some guidance.

    I'm moving my infra to another aws account and when I first ran copilot app init I realized I had specified the wrong domain, so as it was creating the initial infrastructure I cmd+C'd out of the process. Now every time I try and run the command with the correct configuration I get the message:

    Failed to create the infrastructure to manage services and jobs under application api.

    stack api-infrastructure-roles is currently being updated and cannot be deployed to

    The AWS account has no cloud formation stacks of any kind for me to inspect/cancel in the console. I've waited 12 hours and still the same result. Not sure how I can cancel/reset this process to proceed. Any ideas?

    4 replies
    Ronique Ricketts
    @RoniqueRicketts
    name: frontend
    type: Load Balanced Web Service
    http:
      path: '/'
    
    image:
      build: Dockerfile
      port: 3000
    
    cpu: 256
    memory: 512 
    count: 1
    exec: true  
    
    environments:
      prod:
        http:
          path: '/'
          alias: app.example.com
    
      test:
        http:
          path: '/'
          alias: test.example.com
    I have the above manifest file in my project but when I go to app.example.com I get This site can’t be reached but when I remove the alias I get a copilot generated url that works. What am I doing wrong here?
    8 replies
    cristobalmackenzie
    @cristobalmackenzie

    Hi ! I have a question regarding storage init. The docs state that "By default, only the service you specify during storage init will have access to that storage resource.".

    It seems to imply that there is indeed a way to make the storage resource accesible by more services. How is this accomplished?

    My use case is a webapp running on django, and I'll also have a backend service running a celery worker which'll need access to the same database.

    10 replies
    cristobalmackenzie
    @cristobalmackenzie

    Hi! I'm trying to deploy a service in a multi-account setup. I'm running a load balanced service with a sidecar. I pushed the sidecar image before deploying the service, but the environment account can't pull the image when deploying.

    The task fails with the following error:

    "CannotPullContainerError: inspect image has been retried 1 time(s): failed to resolve ref "227269212688.dkr.ecr.us-east-1.amazonaws.com/pace/traefik:latest": pulling from host 227269212688.dkr.ecr.us-east-1.amazonaws.com failed with status code [manifests latest]: 403 Forbidden"

    I've previously deployed these same containers but without a multi-account setup, so I think that might be the issue.

    There must be something I'm missing. Any pointers greatly appreciated, thanks!

    6 replies
    Gautam
    @gautam-nutalapati
    Hey Copilot!
    Regarding aws/copilot-cli#3609
    If service is deployed for first time, and its trying to create gateway VPC endpoints for private subnets, this approach will fail. Because copilot creates private route tables if at-least one svc is deployed in private subnets, and addOns depend on these being in output of env stack. Kind of circular dependency here.
    A hack would be to deploy a temporary service to fresh env in private subnets.
    A good solution would be to make the option to create private routing tables and NATs configurable in env init. Would this be a good thing to add in aws/copilot-cli#3522 ?
    3 replies
    zz
    @zzhengzhuo
    Hello, if I update manifest.yml for a service, how can I upgrade my deployed service?
    2 replies
    cristobalmackenzie
    @cristobalmackenzie

    Hi !

    I'm wondering, what's the best practice to stop a deployment once you realize the container is failing to run? I sometimes set the desired count to 0, but I guess there must be a better way.

    Or is there a way to make the deployment circuit breaker trigger sooner?

    4 replies
    cristobalmackenzie
    @cristobalmackenzie

    Hi Copilot!

    In order to comply with some "security" requirements from another company, I need to have all requests sent to a service I interact with from a fixed and known IP.

    I thought I might use a NAT Gateway with an Elastic IP attached. I tried setting placement: 'private' for a backend service I'm running but that didn't set up a NAT Gateway for me as I expected.

    Is there a way to set this up via the manifest ?

    10 replies
    michaelt32m
    @michaelt32m
    Hi! Is there a way to prevent copilot from auto-deregistering the previous task definition on deployment?
    3 replies
    Gautam
    @gautam-nutalapati
    Hey Copilot, I want to contribute for aws/copilot-cli#3387
    To avoid wasted effort, I want to ensure approach is approved before I contribute.
    Based on process I observed, I created design proposal aws/copilot-cli#3664. Kindly let me know if this is not the correct approach to start contrbuting. If it is, please review my proposal :)
    1 reply
    Janice Huang
    @huanjani
    Hi all!
    AWS Copilot v1.19.0 is now released! https://github.com/aws/copilot-cli/releases/tag/v1.19.0 πŸŽ‰πŸš€
    1 reply
    tegryan
    @tegryan:matrix.org
    [m]
    Hello everyone - is there a way to change an env to "production" after it is created? I couldn't find the answer to this in the docs, but maybe I should just delete and recreate?
    2 replies
    spelka
    @spelka
    hello! I was wondering if copilot fargate / backend service has a way to customize the count range for autoscaling to be different for various environments. We only have a need for a count of 1-3 tasks for our lowest environments, but for staging we need a count of 1-12 tasks. I don't see any way to discriminate this in the docs (https://aws.github.io/copilot-cli/docs/manifest/backend-service/)
    2 replies
    cristobalmackenzie
    @cristobalmackenzie
    Hi everyone ! I'm adding an addon for an IAM Managed Policy, in order for one of my services to be able to access AWS SES Email Sending APIs. Is there a way to attach this policy to more than one task role without adding the exact same addon file to every service?
    2 replies
    dreaminpast123
    @dreaminzero-cell
    Hi everyone! AWS Copilot does have any plan to support Lambda? Using SAM and Copilot at the same time is somewhat divisive, especially in different formats(one is docker-compose, one is cloudformation-variant)
    1 reply
    Ashish Dubey
    @dash1291
    Hi there - I want to modify ECS_CONTAINER_STOP_TIMEOUT for one of my services to increase the duration for graceful termination as it processes a long running task.. how do I go about it using copilot?
    4 replies
    I'm assuming it won't work as a regular cotainer env variable
    zz
    @zzhengzhuo
    Hello, is there any example for deploying a web server with database and redis by copilot-cli?
    1 reply
    Roman RoΕ‘tΓ‘r
    @romanrostar_twitter
    This message was deleted
    dazl
    @dazl
    Is there a way to specify the number of times updating a task must be tried if the update fails?
    I am deploying a "Load Balanced Web Service" (a Ruby on Rails app) and on copilot svc deploy if the ECS task fails to start it retries 10 times and I would like to specify a lower number -- thanks
    (also: if there is any rails-specific write up for copilot I would be grateful for a link , thanks)
    3 replies
    innix
    @innix
    Hello, what does svc deploy --force do? A few hours ago, I had to change some env vars for one of my Copilot services and deploy the changes. I assumed --force would use the latest image in the ECR and create a new Task Definition with the new options in the manifest.yml. The code hasn't changed, so why would it build a new image? I thought that's what this flag was for. But apparently I was wrong; it proceeded to re-build my project using the Dockerfile as usual.
    1 reply
    dreaminpast123
    @dreaminzero-cell
    Does Copilot has any relationship with Terraform?
    1 reply
    Tom Kerswill
    @tomkerswill
    Hi! Are there any plans to support the EC2 capacity provider, instead of just Fargate? I saw there were some old conversations in 2020, and support was on roadmap at that point and planned for that year; do you know if it got implemented? Very keen to switch to EC2 for some workloads, as a way to reduce cost.
    1 reply
    sudo er
    @sudoerj_twitter
    hi guys, just wondering if it's possible to automatically deploy an app in an environment when using copilot init .
    copilot init -a test -d ./Dockerfile -n web --port 8080 -t "Load Balanced Web Service"
    I am trying something like this and it will ask me if I want to deploy it in a test environment, what's the parameter to pass so I could answer or skip that question?
    2 replies
    jpw-src
    @jpw-src
    Hi! I'm running a load balanced web service with an aurora mysql addon. Now I want to create a second environment "test" and use the latest snapshot from the environment "prod". I tried to do this on the AWS Web Console, but I only was allowed to restore the snapshot to a new db cluster instance. Is there an easy way to restore the snapshot to the existing "test" environment?
    3 replies
    RestonAbaqus
    @RestonAbaqus
    Hey guys is there a way to make envs with "termination protection"? as documented here https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.html
    2 replies
    Ronique Ricketts
    @RoniqueRicketts
    Also to prevent the database from deletion
    tegryan
    @tegryan:matrix.org
    [m]

    Has anyone seen this error? I'd like to understand what his happening under the hood. I'm using AWS SSO and am logged in to it. I'm on the latest copilot (1.19). I've set up an env in copilot using a profile from my SSO list, but it seems like it is not passing the role properly maybe?

    execute svc deploy: execute "env upgrade --app redacted --name qa": get template redacted-qa: InvalidParameter: 1 validation error(s) found. minimum field size of 20, AssumeRoleInput.RoleArn.

    3 replies
    Per J
    @perj:matrix.org
    [m]

    Greetings. I've been trying to use copilot storage init to create a postgresql db in eu-north-1. Unfortunately this doesn't seem to work, it errors on the database type

          The engine mode serverless you requested is currently unavailable. (Se                                 
          rvice: AmazonRDS; Status Code: 400; Error Code: InvalidParameterValue;                                 
           Request ID: 95157b6a-94e7-4fdd-a277-83e14f568a46; Proxy: null)

    I believe this is probably because Aurora serverless v1 is not available in eu-north-1...

    Do you guys have any suggestion on how I should proceed? I can't switch region unfortunately. Also, I'd like as much as possible to be managed from within copilot, that's the point of our current project.

    Any input is appreciated.

    1 reply