Hello, n00b question, I'm trying to use copilot to deploy a simple container and call a python script in that container, but couldn't debug why it won't work. Any tips? I have a hunch I'm not using the Backend Service type properly
I did copilot init, created "Backend Service", and ran copilot task run --command "python manage.py runscript send_deal_email --script-args debug save"
and it finishes but I didn't get an email the script was supposed to send.
02c055ef67f5: Layer already exists
latest: digest: sha256:94ba6ef7a0f386af628039e41ba5fe113caf1453ecaed6cb6a69f4bcbdf804fe size: 3049
β Proposing infrastructure changes for stack task-flueth
- Updating the infrastructure for stack task-flueth [update complete] [11.6s]
- An ECS task definition to run your container on ECS [create complete] [3.5s]
β Task flueth is running.
The public IP associated with the task is:
- 54.184.25.172 (for 78f286ba)(django) markx@Marks-MacBook-Pro ~/flueth (main)> copilot svc status 01:27:12
Found only one deployed service flueth-scripts in environment test
Service Status
ACTIVE 0 / 1 running tasks (1 pending)
Last Deployment
Updated At 15 seconds ago
Task Definition arn:aws:ecs:us-west-2:915518705299:task-definition/flueth-scripts-test-flueth-scripts:2
Task Status
ID Image Digest Last Status Started At Stopped At Capacity Provider Health Status
-- ------------ ----------- ---------- ---------- ----------------- -------------
c307a0f - PENDING - - - UNKNOWN
Alarms
Name Condition Last Updated Health
---- --------- ------------ ------copilot svc exec to start bash in the container to debug but couldnt figure out how to do it for a Backend service which doesnt have a running task(django) markx@Marks-MacBook-Pro ~/flueth (main)> copilot svc exec 01:28:44
Found only one deployed service flueth-scripts in environment test
β found no running task for service flueth-scripts in environment test
copilot task run --dockerfile ./path/to/your/Dockerfile --command "python manage.py runscript send_deal_email --script-args debug save". This will deploy a one-off task using an image built from your dockerfile and the command overridden.
copilot svc deploy?
Hi all! I have a service with an addon containing a AWS::ElastiCache::CacheCluster resource. I would like to change this to an AWS::ElastiCache::ReplicationGroup. When I run copilot svc deploy I get the following
deploy service: wait for creation of change set copilot-xxx for stack xxx: ResourceNotReady: failed waiting for successful resource state: Update of resource type is not permitted. The new template modifies resource type of the following resources: [Redis]: Health check interval must be greater than the timeoutI would have expected Cloud Formation to delete the CacheCluster and create a new ReplicationGroup. I there a workaround for this? Do I need to do something like delete the Environment or Service and recreate it?
4 replies
3 replies
Hi all -- I'm having an issue getting my first Copilot for a Bitbucket repository to work... I'm confused by what the value should by for source.properties.repository in the pipeline.yml file. An example for what is generated by the CLI is: https://git@bitbucket.org:<account-name>@bitbucket.org/git@bitbucket.org:<account-name>/<repository-name>
This doesn't seem right. When I manually edit the pipeline in the console and change the repository value to <account-name>/<repository-name>, the SRC download step works, but then the build fails. Anybody else seen this issue?
11 replies
After much trial and error we found this to be copilot app init
Man that could be A LOT CLEARER in your documentation.
It's so critical I think y'all should surround it in red at the top of a page somewhere. It took way too much to figure that out.
2 replies
Question:
So I just setup my first pipeline of my APP with 3 services. I just noticed that since they're all in the same repo, they all get deployed even if only the code/artifacts changed for one service.
How would I go about enabling the ability to deploy separately? Would I just split this across three repos and init it into the same app?
4 replies
Hi folks - I have some frontend devs looking at using AWS Amplify for mobile and front-end components - I realized that it does a lot of the same things as copilot, but it's built in Node.js rather than Typescript.
Request: As a DevOps engineer, I wish I had a better way to compare these tools so I can better advise these developers on what they should be using. I really like Copilot, but if Amplify is more useful for what we're doing, then we should probably switch sooner rather than later. Googling "AWS Copilot vs AWS Amplify" doesn't really return much useful information.
From the developer perspective, it looks like Amplify does more and covers more of our use case. I just wish I had a more cut and dry way of comparing these tools given the existing momentum on Copilot.
Request 2: As a DevOps engineer, some guides about how to share resources between CoPilot/Amplify/SAM could help alleviate the need for Request 1. I don't want to have to care about the tools my developers decide to use. If I know how to comfortably share resources between the different verticals/tools then it won't matter what they decide to use. Conceptually, it makes sense to simply use parameter store to surface stack export values to other verticals, but perhaps there's a simpler way.
I can totally open these up as feature requests somewhere, but the Copilot repo might not be the right place for this.
1 reply
Hello every one.
I 've been looking through the docs for a way to customize/add an IAM role to the task definition that copilot creates for me.
I can do that afterwards with aws-cli or at the aws web, but then that turns into a problem where whenever I want to clean the copilot app I need to hunt and delete those first or the copilot clean won't finish.
Do anyone knows if attaching IAM roles is possible?
thanks in advance!
2 replies
Hello everyone. I was experimenting with addons, beginning with copilot storage init for an S3 bucket. I noticed that the addon resources are provisioned "per-service". I was particularly looking for a way to provision one S3 bucket and share it between two different services. I ended up provisioning it outside of copilot using Terraform, and then adding the necessary policies to Copilot's generated task execution role, which was a little painful. I have two questions:
1) Do you have a preferred solution for sharing addon resources between multiple services?
2) Would you consider exposing more of the resources in the "service" CloudFormation stacks as outputs (particularly the task execution ARN) so it's easier to hook into them with Terraform or other external tools?
1 reply
17 replies
Hi Everyone,
I am trying to deploy WordPress using https://github.com/bvtujo/copilot-wordpress/ and I am getting "/bin/sh: 1: /opt/copilot/scripts/startup.sh: not found" error.
Can you please help?
3 replies
Copilot 1.7.1 creates cloudformation resource for post deployment tests as BuildTestCommands<ENV>
When environment name contains '-' in its name, resulting resource name ends up being something like
BuildTestCommandsandbox-dev which conflicts with cloudformation resource id naming pattern (A-Za-z0-9).Error
ValidationError: Template format error: Resource name BuildTestCommandssandbox-dev is non alphanumeric. is thrown in our case.Any ideas to overcome this other than renaming our ENVs?
Should copilot environments names be alpha numeric as well?
4 replies
Error: ECR repository not found for application api-prod in region us-west-1 and account 219450226639 anyone familiar with this error when trying to deploy? my pipelines were working for more than a year I think and just got this error. Note that this issue is when deploying, I am sure that the ECR repo actually exists.
5 replies
Hi again! Is it possible to get a reference to the load balancer's ARN within a CloudFormation template used to create additional resources. I have a need to create WAF Web ACLs. The CloudFormation template requires an ARN to the associated resource (i.e. the load balancer). Here is an example:
Resources:
SampleWebACLAssociation:
Type: 'AWS::WAFv2::WebACLAssociation'
Properties:
WebACLArn: ExampleARNForWebACL
ResourceArn: ExampleARNForRegionalResourceIs this possible with Copilot?
7 replies
Hi folks! Copilot v1.8.0 is out :tada: ! https://github.com/aws/copilot-cli/releases/tag/v1.8.0
There are lots of features and bug fixes in this release, if you have any feedback please let us know! π
Hi all -- i'm trying to deploy hydra using copilot, so i need a service and DB. Using the following commands:
copilot app init my-app
copilot svc init \
--name auth-server \
--svc-type "Load Balanced Web Service" \
--image oryd/hydra:v1.10.2 \
--port 4444
copilot storage init \
--name my-app-cluster \
--storage-type Aurora \
--workload auth-server \
--engine PostgreSQL \
--initial-db my_db
copilot env init --name test
copilot deploy --env test --app my_appduring deployment is where i run into issues. The hydra server requires a DSN environment variable, which I put in the manifest.yml as so:
DSN : postgres://<username>:<password>@<hostname>:5432/hydra?sslmode=disablebut I'm not sure how to get the username/password/hostname values here. I see that they're supposed to be in the MYAPPCLUSTER_SECRET environment variable as a json object, but how can i extract & use them
Any suggestions?
@bvtujo well, in theory that works, but i'm having trouble getting it to work.
The service is this one: https://github.com/ory/hydra/blob/v1.9.0/.docker/Dockerfile-alpine
I try to wrap it with a Dockerfile like this:
FROM oryd/hydra:v1.10.2
RUN apk -U --no-cache add jq
ENTRYPOINT ["./launch-hydra.sh"] # <-- contains the secret parsing and DSN settingbut it doesn't even build, complaining that it is unable to find user 1000: invalid argument
19 replies
service $SERVICE_NAME was unable to place a task. Reason: You've reached the limit on the number of
tasks you can run concurrently. For more information, see the Troubles
hooting section of the Amazon ECS Developer Guide.
Quick question, can I add an existing RDS addon to a new service? I have one service providing an API using a MySQL DB. I need to grant access to the same DB instance on another service within the same application. The new services does not have access to the DB by default, unless I add or amend security groups after creating the new service. Thanks.
2 replies
Great tool! One question I have -> when can I expect the next patch release to be released? There's an important bug fix with regards to the environment section not getting picked up for job deploys. Wouldn't wanna look into alternative solutions if it's just around the corner :)
2 replies
Hi there...
I need to run database migration (on mongo atlas) before deploying. I thought of doing that from the CI pipeline, but... as it's on Atlas I need to know the public IP of the incoming connection to whitelist it.
At the app's vpc I got a private subnet with a NAT gw for the main app to be whitelisted into Mongo Atlas.
Is it possible to run a one-off task specifically to run the migrations? I would like to run it on that same private subnet so it's already whitelisted
I thought copilot task run was what I needed, tried it.. but didn't work
% copilot task run
In which application would you like to run this task? my-app
In which environment would you like to run this task? test
β provision resources for task my-app: read template for task stack: read template task/cf.yml: stat /Users/xxx/git/my-app/task/cf.yml: no such file or directorymy-app is a Load Balanced Web Service and was created by importing it into an existing vpc. (also, I 'm using copilot 1.8.0)
Do you think it would be possible to achieve this with tasks? Why do you think the command failed?
thanks in advance
2 replies
i have an environment deployed with copilot 1.4.0 ... i ran copilot svc deploy ... from a different machine using copilot 1.8.0. it expectedly went to upgrade infrastructure. However, I've added a certificate to the load balancer and a few custom rules (to accommodate a friendly URL instead of the auto-generated ones).
i'm currently in an UPDATE_ROLLBACK_FAILED state on the cloudformation stacks. I've removed the custom certificate and tried to continue the rollback but i get the following error:
Resource handler returned message:
"Uploaded file must be a non-empty zip (Service: Lambda, Status Code: 400,
Request ID: ##########, Extended Request ID: null)"
(RequestToken: ##########, HandlerErrorCode: InvalidRequest)any general idea on how to clear this up and move forward so we can deploy again?
15 replies
8 replies
I am trying to use Copilot to deploy a CloudFront distribution that uses my application's load balancer as an origin. I am using the load balancer's domain name to specify the origin within the CF template:
Origins:
- DomainName:
Fn::ImportValue:
!Sub "${App}-${Env}-PublicLoadBalancerDNS"The distribution deploys successfully, but when I try to access a resource that exists on the origin, I get a 502 error. According to the CloudFront docs this is usually because of SSL errors.
I think the problem is that the certificate created by Copilot is for my application's domain (environment.application.domain.com), and CloudFront sees that as a host name mismatch. I can think to define the origin as ${Env}.${App}.domain.com in the template. But is there a better way to do this?
3 replies
2 replies