Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

(aws-ecs) FargateTaskDefinition EnvironmentFile.fromBucket fails

See original GitHub issue

Description

When creating a Fargate Task Definition with CDK the task pulling an env file from S3 fails with this error “ResourceInitializationError: failed to download env files: file download command: non empty error stream: RequestCanceled: request context canceled caused by: context deadline exceeded” but what appears to be the exact same configuration created in the console by hand works.

What I’m trying

import * as ec2 from '@aws-cdk/aws-ec2';
import * as ecr from '@aws-cdk/aws-ecr';
import * as ecs from '@aws-cdk/aws-ecs';
import * as ecs_patterns from '@aws-cdk/aws-ecs-patterns';
import * as s3 from '@aws-cdk/aws-s3';
import * as cdk from '@aws-cdk/core';
import * as iam from '@aws-cdk/aws-iam';

export class EcsFargateService extends cdk.Stack {
  constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const vpc = ec2.Vpc.fromLookup(this, 'DefaultVPC',{isDefault: true});

    const cluster = new ecs.Cluster(this, "docker-demo", {
      vpc: vpc
    });

    const ecRepo = ecr.Repository.fromRepositoryName(this, 'ecRepo', 'docker-demo');

    const iamRole = iam.Role.fromRoleArn(
      this,
      'IamRole',
      'arn:aws:iam::##########:role/ecsTaskExecutionRole'
    );

    const taskDefinition = new ecs.FargateTaskDefinition(this, 'TaskDef', {
      executionRole: iamRole,
      taskRole: iamRole
    });

    const s3Bucket = s3.Bucket.fromBucketName(this, 's3Bucket', 'cdk-docker-demo');

    taskDefinition.addContainer('DefaultContainer', {
      image: ecs.ContainerImage.fromEcrRepository(ecRepo),
      memoryLimitMiB: 256,
      environmentFiles: [
        ecs.EnvironmentFile.fromBucket(s3Bucket, 'demo-env-file.env'),
      ],

    });

    const ecsService = new ecs.FargateService(this, 'Service', {
      cluster,
      taskDefinition,
      platformVersion: ecs.FargatePlatformVersion.VERSION1_4
    });
  }
}

IAM (that works in the console just fine)

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": "*"
        }
    ]
}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ecr:GetAuthorizationToken",
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "*"
        }
    ]
}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage"
            ],
            "Resource": "arn:aws:ecr:us-east-1:#######:repository/docker-demo",
            "Effect": "Allow"
        },
        {
            "Action": "ecr:GetAuthorizationToken",
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

Environment

CDK CLI Version : 1.84.0
Framework Version: ???
Node.js Version: v12.19.0
OS : MacOS 10.15.7
Language (Version): TypeScript

Other

This is 🐛 Bug Report

Issue Analytics

State:
Created 3 years ago
Reactions:3
Comments:6

Top GitHub Comments

8reactions

banjerlukecommented, Feb 5, 2021

Same here. Whether creating the service from the web console or the CLI, this error prevents tasks from starting up:

ResourceInitializationError: failed to download env files: file download command: non empty error stream: RequestCanceled: request context canceled caused by: context deadline exceeded

Steps I’ve taken:

Added S3 permissions to ecsTaskExecutionRole as in documentation.
Ensured env file is accessible through that role through the IAM simulator.
Ensured I’m using Fargate platform 1.4.0. (This is a new project I’m setting up.)
Enabling public IP assignment for the container (was disabled).
Banged my head against the nearest wall.

None of the steps had any effect beyond a headache.

2reactions

carlosfvpcommented, Jan 27, 2021

I’m having the same issue at the time but from the Web Console. My task execution role has policies to read the s3 bucket and .env files. Then Fargate task is stopping with this message:

Stopped reason ResourceInitializationError: failed to download env files: file download command: non empty error stream: RequestCanceled: request context canceled caused by: context deadline exceeded

Also, I make sure my subnet can assign public IPs. The fargate task has indeed a public IP assigned while it’s running.

Top Results From Across the Web

class EnvironmentFile · AWS CDK

Loads the environment file from a local disk path. static fromBucket(bucket, key, objectVersion?) Loads the environment file from an S3 bucket. bind( ...

AWS Fargate task error - ResourceInitializationError: failed to ...

I am trying to access ".env" file stored in S3 bucket from Fargate ECS tasks using the Environment Files configuration (S3 ARN) under...

@aws-cdk/aws-ecs - npm

Use the Ec2TaskDefinition and Ec2Service constructs to run tasks on Amazon EC2 instances running in your account. Use the FargateTaskDefinition and ...

aws-cdk/aws-ecs/README.md - UNPKG

The CDN for @aws-cdk/aws-ecs. ... 61, - Use the `FargateTaskDefinition` and `FargateService` constructs to run tasks on ... 373, If a task fails,....

@aws-cdk/aws-ecs | Yarn - Package Manager

EnvironmentFile.fromAsset('./demo-env-file.env'), ecs.EnvironmentFile.fromBucket(s3Bucket, 'assets/demo-env-file.env'), ], secrets: { // Retrieved from AWS ...