Upgrading to v1.19.0 causes errors with EIP tag update
See original GitHub issueAfter upgraded to CDK v1.19.0, updating existing EIP for adding auto-generated Tag causes an error at CloudFormation
Reproduction Steps
- Deploy stack with Vpc construct with CDK earlier v1.19.0
- Upgrade to CDK v1.19.0 and deploy
Error Log
$ cdk deploy NetworkStackEnvStg
NetworkStackEnvStg
NetworkStackEnvStg: deploying...
NetworkStackEnvStg: creating CloudFormation changeset...
0/6 | 2:07:22 AM | UPDATE_IN_PROGRESS | AWS::EC2::EIP | Vpc/PublicSubnet1/EIP (VpcPublicSubnet1EIPD7E02669)
1/6 | 2:07:24 AM | UPDATE_FAILED | AWS::EC2::EIP | Vpc/PublicSubnet1/EIP (VpcPublicSubnet1EIPD7E02669) API: ec2:disassociateAddress You do not have permission to access the specified resource.
PublicSubnet.addNatGateway (/codebuild/output/src566679633/src/node_modules/@aws-cdk/aws-ec2/lib/vpc.ts:1538:21)
\_ NatGateway.configureNat (/codebuild/output/src566679633/src/node_modules/@aws-cdk/aws-ec2/lib/nat.ts:145:27)
\_ Vpc.createNatGateways (/codebuild/output/src566679633/src/node_modules/@aws-cdk/aws-ec2/lib/vpc.ts:1129:14)
\_ new Vpc (/codebuild/output/src566679633/src/node_modules/@aws-cdk/aws-ec2/lib/vpc.ts:1044:14)
\_ new NetworkStack (/codebuild/output/src566679633/src/src/network-stack.ts:20:16)
\_ newStack (/codebuild/output/src566679633/src/src/app.ts:52:28)
\_ Records.mapValues (/codebuild/output/src566679633/src/src/lib.ts:62:5)
\_ result.toEntries.map (/codebuild/output/src566679633/src/src/lib.ts:44:31)
\_ Array.map (<anonymous>)
\_ Function.mapValues (/codebuild/output/src566679633/src/src/lib.ts:43:43)
\_ Object.newStackGroup (/codebuild/output/src566679633/src/src/lib.ts:61:18)
\_ Object.<anonymous> (/codebuild/output/src566679633/src/src/app.ts:49:27)
\_ Module._compile (internal/modules/cjs/loader.js:778:30)
\_ Module.m._compile (/codebuild/output/src566679633/src/node_modules/ts-node/src/index.ts:536:23)
\_ Module._extensions..js (internal/modules/cjs/loader.js:789:10)
\_ Object.require.extensions.(anonymous function) [as .ts] (/codebuild/output/src566679633/src/node_modules/ts-node/src/index.ts:539:12)
\_ Module.load (internal/modules/cjs/loader.js:653:32)
\_ tryModuleLoad (internal/modules/cjs/loader.js:593:12)
\_ Function.Module._load (internal/modules/cjs/loader.js:585:3)
\_ Function.Module.runMain (internal/modules/cjs/loader.js:831:12)
\_ main (/codebuild/output/src566679633/src/node_modules/ts-node/src/bin.ts:212:14)
\_ Object.<anonymous> (/codebuild/output/src566679633/src/node_modules/ts-node/src/bin.ts:470:3)
\_ Module._compile (internal/modules/cjs/loader.js:778:30)
\_ Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
\_ Module.load (internal/modules/cjs/loader.js:653:32)
\_ tryModuleLoad (internal/modules/cjs/loader.js:593:12)
\_ Function.Module._load (internal/modules/cjs/loader.js:585:3)
\_ Function.Module.runMain (internal/modules/cjs/loader.js:831:12)
\_ startup (internal/bootstrap/node.js:283:19)
\_ bootstrapNodeJSCore (internal/bootstrap/node.js:622:3)
1/6 | 2:07:25 AM | UPDATE_ROLLBACK_IN_P | AWS::CloudFormation::Stack | NetworkStackEnvStg The following resource(s) failed to update: [VpcPublicSubnet1EIPD7E02669].
1/6 | 2:07:57 AM | UPDATE_IN_PROGRESS | AWS::EC2::EIP | Vpc/PublicSubnet1/EIP (VpcPublicSubnet1EIPD7E02669)
❌ NetworkStackEnvStg failed: Error: The stack named NetworkStackEnvStg is in a failed state: UPDATE_ROLLBACK_FAILED (The following resource(s) failed to update: [VpcPublicSubnet1EIPD7E02669]. )
The stack named NetworkStackEnvStg is in a failed state: UPDATE_ROLLBACK_FAILED (The following resource(s) failed to update: [VpcPublicSubnet1EIPD7E02669]. )
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
Environment
- CLI Version : 1.19.0 (build 5597bbe)
- Framework Version: 1.19.0
- OS : Linux(on a CodeBuild project environment)
- Language : TypeScript
Other
$ cdk diff NetworkStackEnvStg
Stack NetworkStackEnvStg
Resources
[~] AWS::EC2::EIP Vpc/PublicSubnet1/EIP VpcPublicSubnet1EIPD7E02669
└─ [+] Tags
└─ [{"Key":"Name","Value":"NetworkStackEnvStg/Vpc/PublicSubnet1"}]
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 4 years ago
- Reactions:12
- Comments:12 (3 by maintainers)
Top Results From Across the Web
Known issues with PaperCut MF, NG, Hive, Pocket and ...
In some cases, the Print Deploy server fails to start after upgrading to version 1.7.2177. This occurs when there are old print queues...
Read more >Fixed reported problems - IBM
Review the list of fixed problems to see whether your reported problem was fixed in the release or within a fix pack.
Read more >Kubernetes v1.23.0 is live! - Google Groups
Kubernetes v1.23.0 has been built and pushed using Golang version 1.17.3. ... When writing the ConfigMap kubeadm (init, upgrade apply) will ...
Read more >1.21 - kOps - Kubernetes Operations
In 1.21, this feature is behind a feature flag as node role name, labels, taints, and domains can change based on feedback from...
Read more >v1.16 Release Notes - Kubernetes - Wikimedia People
Cluster Lifecycle · Fix error handling and potential go null pointer exception in kubeadm upgrade diff (#80648, @odinuge) · kubeadm: fall back to ......
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Workaround:
I am having the same issue. After this upgrade, my VPC subnets are adding a new tag to each subnet. I am having the:
API: ec2:disassociateAddress You do not have permission to access the specified resource.
The rollback then proceeds to fail as each subnet fails to update.