Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Upgrading to v1.19.0 causes errors with EIP tag update

See original GitHub issue

After upgraded to CDK v1.19.0, updating existing EIP for adding auto-generated Tag causes an error at CloudFormation

Reproduction Steps

  1. Deploy stack with Vpc construct with CDK earlier v1.19.0
  2. Upgrade to CDK v1.19.0 and deploy

Error Log

$ cdk deploy NetworkStackEnvStg

NetworkStackEnvStg 
NetworkStackEnvStg: deploying... 
NetworkStackEnvStg: creating CloudFormation changeset... 
 0/6 | 2:07:22 AM | UPDATE_IN_PROGRESS   | AWS::EC2::EIP                         | Vpc/PublicSubnet1/EIP (VpcPublicSubnet1EIPD7E02669)  
 1/6 | 2:07:24 AM | UPDATE_FAILED        | AWS::EC2::EIP                         | Vpc/PublicSubnet1/EIP (VpcPublicSubnet1EIPD7E02669) API: ec2:disassociateAddress You do not have permission to access the specified resource. 
    PublicSubnet.addNatGateway (/codebuild/output/src566679633/src/node_modules/@aws-cdk/aws-ec2/lib/vpc.ts:1538:21) 
    \_ NatGateway.configureNat (/codebuild/output/src566679633/src/node_modules/@aws-cdk/aws-ec2/lib/nat.ts:145:27) 
    \_ Vpc.createNatGateways (/codebuild/output/src566679633/src/node_modules/@aws-cdk/aws-ec2/lib/vpc.ts:1129:14) 
    \_ new Vpc (/codebuild/output/src566679633/src/node_modules/@aws-cdk/aws-ec2/lib/vpc.ts:1044:14) 
    \_ new NetworkStack (/codebuild/output/src566679633/src/src/network-stack.ts:20:16) 
    \_ newStack (/codebuild/output/src566679633/src/src/app.ts:52:28) 
    \_ Records.mapValues (/codebuild/output/src566679633/src/src/lib.ts:62:5) 
    \_ result.toEntries.map (/codebuild/output/src566679633/src/src/lib.ts:44:31) 
    \_ Array.map (<anonymous>) 
    \_ Function.mapValues (/codebuild/output/src566679633/src/src/lib.ts:43:43) 
    \_ Object.newStackGroup (/codebuild/output/src566679633/src/src/lib.ts:61:18) 
    \_ Object.<anonymous> (/codebuild/output/src566679633/src/src/app.ts:49:27) 
    \_ Module._compile (internal/modules/cjs/loader.js:778:30) 
    \_ Module.m._compile (/codebuild/output/src566679633/src/node_modules/ts-node/src/index.ts:536:23) 
    \_ Module._extensions..js (internal/modules/cjs/loader.js:789:10) 
    \_ Object.require.extensions.(anonymous function) [as .ts] (/codebuild/output/src566679633/src/node_modules/ts-node/src/index.ts:539:12) 
    \_ Module.load (internal/modules/cjs/loader.js:653:32) 
    \_ tryModuleLoad (internal/modules/cjs/loader.js:593:12) 
    \_ Function.Module._load (internal/modules/cjs/loader.js:585:3) 
    \_ Function.Module.runMain (internal/modules/cjs/loader.js:831:12) 
    \_ main (/codebuild/output/src566679633/src/node_modules/ts-node/src/bin.ts:212:14) 
    \_ Object.<anonymous> (/codebuild/output/src566679633/src/node_modules/ts-node/src/bin.ts:470:3) 
    \_ Module._compile (internal/modules/cjs/loader.js:778:30) 
    \_ Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10) 
    \_ Module.load (internal/modules/cjs/loader.js:653:32) 
    \_ tryModuleLoad (internal/modules/cjs/loader.js:593:12) 
    \_ Function.Module._load (internal/modules/cjs/loader.js:585:3) 
    \_ Function.Module.runMain (internal/modules/cjs/loader.js:831:12) 
    \_ startup (internal/bootstrap/node.js:283:19) 
    \_ bootstrapNodeJSCore (internal/bootstrap/node.js:622:3) 
 1/6 | 2:07:25 AM | UPDATE_ROLLBACK_IN_P | AWS::CloudFormation::Stack            | NetworkStackEnvStg The following resource(s) failed to update: [VpcPublicSubnet1EIPD7E02669].  
 1/6 | 2:07:57 AM | UPDATE_IN_PROGRESS   | AWS::EC2::EIP                         | Vpc/PublicSubnet1/EIP (VpcPublicSubnet1EIPD7E02669)  
 
 ❌  NetworkStackEnvStg failed: Error: The stack named NetworkStackEnvStg is in a failed state: UPDATE_ROLLBACK_FAILED (The following resource(s) failed to update: [VpcPublicSubnet1EIPD7E02669]. ) 
The stack named NetworkStackEnvStg is in a failed state: UPDATE_ROLLBACK_FAILED (The following resource(s) failed to update: [VpcPublicSubnet1EIPD7E02669]. ) 
error Command failed with exit code 1. 
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

Environment

  • CLI Version : 1.19.0 (build 5597bbe)
  • Framework Version: 1.19.0
  • OS : Linux(on a CodeBuild project environment)
  • Language : TypeScript

Other

$ cdk diff NetworkStackEnvStg

Stack NetworkStackEnvStg 
Resources 
[~] AWS::EC2::EIP Vpc/PublicSubnet1/EIP VpcPublicSubnet1EIPD7E02669  
 └─ [+] Tags 
     └─ [{"Key":"Name","Value":"NetworkStackEnvStg/Vpc/PublicSubnet1"}]

Related: https://github.com/aws-cloudformation/aws-cloudformation-coverage-roadmap/issues/84#issuecomment-559187499

This is 🐛 Bug Report

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Reactions:12
  • Comments:12 (3 by maintainers)

github_iconTop GitHub Comments

14reactions
idm-ryoucommented, Dec 18, 2019

Workaround:

cdk.Tag.remove(this.vpc, "Name", {
  includeResourceTypes: ["AWS::EC2::EIP"]
});
5reactions
danlycommented, Dec 18, 2019

I am having the same issue. After this upgrade, my VPC subnets are adding a new tag to each subnet. I am having the: API: ec2:disassociateAddress You do not have permission to access the specified resource.

The rollback then proceeds to fail as each subnet fails to update.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Known issues with PaperCut MF, NG, Hive, Pocket and ...
In some cases, the Print Deploy server fails to start after upgrading to version 1.7.2177. This occurs when there are old print queues...
Read more >
Fixed reported problems - IBM
Review the list of fixed problems to see whether your reported problem was fixed in the release or within a fix pack.
Read more >
Kubernetes v1.23.0 is live! - Google Groups
Kubernetes v1.23.0 has been built and pushed using Golang version 1.17.3. ... When writing the ConfigMap kubeadm (init, upgrade apply) will ...
Read more >
1.21 - kOps - Kubernetes Operations
In 1.21, this feature is behind a feature flag as node role name, labels, taints, and domains can change based on feedback from...
Read more >
v1.16 Release Notes - Kubernetes - Wikimedia People
Cluster Lifecycle · Fix error handling and potential go null pointer exception in kubeadm upgrade diff (#80648, @odinuge) · kubeadm: fall back to ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

CDK Upgrading & Versioning
Read More >

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

CDK tool does not include installed external packages in virtualenvs when deploying

Next page

AWS SSO Named Profiles Support