Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[codepipeline] CDK Deploy-Step Fails - Lambda Assets not uploaded to S3 after build -- "Error occurred while GetObject. S3 Error Code: NoSuchKey"

See original GitHub issue

❓ General Issue

I did build a CDK application (let’s call it app “A”) including multiple lambda functions (all single file python code - no dependencies). This CDK application works great and deploys just fine from my local CLI.

Now, I want to deploy app “A” using a CICD Pipeline via a 2nd separate CDK application.

  • I pull the source from a source commit repo - works fine.
  • I build app “A” using a codeBuild job with a custom buildspec.yml (including the cdk synth call). This works fine. The output artifact contains the expected cdk.out including the usual content.
  • Now i want to deploy my application. I pass the output artifact from the build step into a CloudFormationCreateUpdateStackAction() (see code below).

PROBLEM: The CloudFormation deploy step fails. The CloudFormation deploy fails with the error Error occurred while GetObject. S3 Error Code: NoSuchKey. S3 Error Message: The specified key does not exist. (Service: AWSLambdaInternal; Status Code: 400; Error Code: InvalidParameterValueException; Request ID: 7dbfdd63-58cb-4e58-b005-0a464d1b1055; Proxy: null) After closer inspection of the generated CFN template, I notice that the Lambda functions code property references the cdk S3 Bucket and Key (see below). The problem is that the S3 Bucket is empty. It doesn’t contain the Key!

The Question

How do I get the lambda assets from the build step uploaded to the S3 bucket so that CloudFormationCreateUpdateStackAction() can deploy the stack?

What am I missing here? Or should I deploy my cloudformation using another codebuilld action with a cdk deploy inside?

Environment

  • CDK CLI Version: 1.69.0 (build 2b474b9)
  • Module Version: 1.69.0
  • Node.js Version: v10.15.0
  • OS: OSX Catalina
  • Language (Version): Python (3.7)

Other information

Action used to deploy the CloudFormation: The cdk.out content is passed via the artifact source_output_build.

        action = codepipeline_actions.CloudFormationCreateUpdateStackAction(
            action_name=action_name,
            admin_permissions=True,
            stack_name=stack_name,
            replace_on_failure=True,
            template_path= source_output_build.at_path(template_path),
            capabilities=[
                cloudformation.CloudFormationCapabilities.NAMED_IAM,
                cloudformation.CloudFormationCapabilities.ANONYMOUS_IAM,
                cloudformation.CloudFormationCapabilities.AUTO_EXPAND
            ],
            run_order=1,
            region=region,
            extra_inputs=[source_output_build]
     )

Output of template.json with S3Bucket referncnce (the key doesn’t exist - bucket is empty)

"IntegrationTestTriggerXXXX": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Code": {
          "S3Bucket": "cdk-hnb6XXXXXX26-eu-west-1",
          "S3Key": "da663XXXXXXXXbc09fa27e9.zip"
        },

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:11
  • Comments:18 (7 by maintainers)

github_iconTop GitHub Comments

16reactions
scorobogacicommented, Feb 20, 2022

To expand upon @ijemmy 's comments:

  1. If you are using .from_asset() in your Lambda function stack, your CodePipeline will create an extra step Assets.
  2. This is used to upload your asset files from the CDKSynth step to S3.
  3. Looking into the buildspec.yml for that step, you will see something like:
      "commands": [
        "cdk-assets --path \"assembly-STACK/STACK.assets.json\" --verbose publish \"11eecb7b5ccdb7c71db90f9c453ad052b6cdf36b45f7dcfb207bf60e607508c8:ACCOUNT-NUMBER-REGION\""
      ]
  1. With this command, it looks to publish resource 11eecb7b5ccdb7c71db90f9c453ad052b6cdf36b45f7dcfb207bf60e607508c8 in the assembly-STACK/STACK.assets.json file to S3.
  2. On every deployment, that hash value inside the assembly-STACK/STACK.assets.json file (from your Synth step) will change.
  3. HOWEVER, the Assets step’s buildspec.yml file will still reference the old hash value.
  4. This means your local assets will never upload to S3. The step still will succeed with message:
1 assets found
--
Applied selection: 0 assets selected.

Because of this, you must enable SelfMutate in your CodePipeline, in order for the buildspec.yml in your Assets step to update.

Once doing this, you will see the following in your Assets step:


verbose: Applied selection: 1 assets selected.
--
33 | info   : [0%] start: Publishing 95c924c84f5d023be4edee540cb2cb401a49f115d01ed403b288f6cb412771df:ACCOUNT-NUMBER-REGION
34 | verbose: [0%] check: Check s3://cdk-hnb659fds-assets-ACCOUNT-NUMBER-REGION/95c924c84f5d023be4edee540cb2cb401a49f115d01ed403b288f6cb412771df.zip
35 | verbose: [0%] upload: Upload s3://cdk-hnb659fds-assets-ACCOUNT-NUMBER-REGION/95c924c84f5d023be4edee540cb2cb401a49f115d01ed403b288f6cb412771df.zip
36 | info   : [100%] success: Published 95c924c84f5d023be4edee540cb2cb401a49f115d01ed403b288f6cb412771df:ACCOUNT-NUMBER-REGION

are you from this planet ? Did you read the problem ?

5reactions
ijemmycommented, Dec 31, 2020

This happened to me when I forgot to update pipeline (didn’t enable selfMutation). Updating pipeline fixed the issue.

It turns out that some assets building action (in Assets stage) were missing. Redeploying creates those missing actions.

Read more comments on GitHub >

github_iconTop Results From Across the Web

CloudFormation stack Error - Error occurred while GetObject ...
It appears that the object key you are providing as ImageProcessorSourceS3KeyParameter is not a valid key name, or does not exist.
Read more >
Troubleshoot deployment issues in Lambda
General: Permission is denied / Cannot load such file · General: Error occurs when calling the UpdateFunctionCode · Amazon S3: Error Code PermanentRedirect....
Read more >
Error occurred while GetObject. S3 Error Code: NoSuchKey ...
Once the code pipeline gets to cloud formation state I get this error when deploying the lambda function. Has someone been in a...
Read more >
Deploy step in pipeline build fails with access denied
The CDK deploy seems to be ok and the build starts of fine. ... Access Denied (Service: Amazon S3; Status Code: 403; Error...
Read more >
awslabs/aws-cdk - Gitter
objectKey) , i.e. it gets its code from the S3 bucket where the build ... as it throws an error when deploying the...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[elasticsearch] CDK seems not to handle multi-az domains correctly

Next page

CDK throws "ENOENT: no such file or directory, open cdk.out\manifest.json" in most commands