Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Deploy fails on >1.60.1 when stackKeys are defined

See original GitHub issue

Bug Report

Description

Versions of Serverless >1.60.1 throw an error at the end of a deploy if stackTags are defined in serverless.yml.

  1. What did you do?

     npx sls deploy --stage dev --environment development

  2. What happened?

     Serverless Error ---------------------------------------
 User: arn:aws:iam::00000000:user/my_user is not authorized to perform: apigateway:GET on resource: arn:aws:apigateway:eu-west-1::/restapis

  3. What should’ve happened? The deploy should succeed and should not attempt to perform any API Gateway actions.

  4. What’s the content of your serverless.yml file?

service: test

provider:
  name: aws
  runtime: nodejs12.x
  stage: ${opt:stage, 'dev'}
  region: eu-west-1
  stackTags:
    environment: ${opt:environment, 'development'}

functions:
  trigger:
    handler: handler.hello

  1. What’s the output you get when you use the SLS_DEBUG=* environment variable (e.g. SLS_DEBUG=* serverless deploy)

     $ SLS_DEBUG=* npx sls deploy --stage dev --environment=development
 Serverless: Load command interactiveCli
 Serverless: Load command config
 Serverless: Load command config:credentials
 Serverless: Load command config:tabcompletion
 Serverless: Load command config:tabcompletion:install
 Serverless: Load command config:tabcompletion:uninstall
 Serverless: Load command create
 Serverless: Load command install
 Serverless: Load command package
 Serverless: Load command deploy
 Serverless: Load command deploy:function
 Serverless: Load command deploy:list
 Serverless: Load command deploy:list:functions
 Serverless: Load command invoke
 Serverless: Load command invoke:local
 Serverless: Load command info
 Serverless: Load command logs
 Serverless: Load command metrics
 Serverless: Load command print
 Serverless: Load command remove
 Serverless: Load command rollback
 Serverless: Load command rollback:function
 Serverless: Load command slstats
 Serverless: Load command plugin
 Serverless: Load command plugin
 Serverless: Load command plugin:install
 Serverless: Load command plugin
 Serverless: Load command plugin:uninstall
 Serverless: Load command plugin
 Serverless: Load command plugin:list
 Serverless: Load command plugin
 Serverless: Load command plugin:search
 Serverless: Load command config
 Serverless: Load command config:credentials
 Serverless: Load command rollback
 Serverless: Load command rollback:function
 Serverless: Load command upgrade
 Serverless: Load command uninstall
 Serverless: Load command login
 Serverless: Load command logout
 Serverless: Load command generate-event
 Serverless: Load command test
 Serverless: Load command dashboard
 Serverless: Invoke deploy
 Serverless: Invoke package
 Serverless: Invoke aws:common:validate
 Serverless: Invoke aws:common:cleanupTempDir
 Serverless: Packaging service...
 Serverless: Excluding development dependencies...
 Serverless: Invoke aws:package:finalize
 Serverless: Invoke aws:common:moveArtifactsToPackage
 Serverless: Invoke aws:common:validate
 Serverless: Invoke aws:deploy:deploy
 Serverless: [AWS cloudformation 200 0.349s 0 retries] describeStacks({ StackName: 'test-dev' })
 Serverless: [AWS cloudformation 200 0.162s 0 retries] describeStackResource({
   StackName: 'test-dev',
   LogicalResourceId: 'ServerlessDeploymentBucket'
 })
 Serverless: [AWS s3 200 0.172s 0 retries] listObjectsV2({
   Bucket: 'test-dev-serverlessdeploymentbucket-661rhm3yso39',
   Prefix: 'serverless/test/dev'
 })
 Serverless: [AWS s3 200 0.132s 0 retries] headObject({
   Bucket: 'test-dev-serverlessdeploymentbucket-661rhm3yso39',
   Key: 'serverless/test/dev/1578482804260-2020-01-08T11:26:44.260Z/test.zip'
 })
 Serverless: [AWS s3 200 0.153s 0 retries] headObject({
   Bucket: 'test-dev-serverlessdeploymentbucket-661rhm3yso39',
   Key: 'serverless/test/dev/1578482804260-2020-01-08T11:26:44.260Z/compiled-cloudformation-template.json'
 })
 Serverless: [AWS lambda 200 0.187s 0 retries] getFunction({ FunctionName: 'test-dev-trigger' })
 Serverless: [AWS sts 200 0.394s 0 retries] getCallerIdentity({})
 Serverless: Uploading CloudFormation file to S3...
 Serverless: [AWS s3 200 0.149s 0 retries] putObject({
   Body: <Buffer 7b 22 41 57 53 54 65 6d 70 6c 61 74 65 46 6f 72 6d 61 74 56 65 72 73 69 6f 6e 22 3a 22 32 30 31 30 2d 30 39 2d 30 39 22 2c 22 44 65 73 63 72 69 70 74 ... 2519 more bytes>,
   Bucket: 'test-dev-serverlessdeploymentbucket-661rhm3yso39',
   Key: 'serverless/test/dev/1578483151632-2020-01-08T11:32:31.632Z/compiled-cloudformation-template.json',
   ContentType: 'application/json',
   Metadata: { filesha256: 'G39+Rp0x/oIEk2fNnxAOHdzzTDuDuc9KSGPq3Pp6p28=' }
 })
 Serverless: Uploading artifacts...
 Serverless: Uploading service test.zip file to S3 (53.4 KB)...
 Serverless: [AWS s3 200 0.297s 0 retries] putObject({
   Body: <Buffer 50 4b 03 04 14 00 08 00 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 12 00 00 00 2e 69 64 65 61 2f 64 69 63 74 69 6f 6e 61 72 69 65 73 45 cd ... 54628 more bytes>,
   Bucket: 'test-dev-serverlessdeploymentbucket-661rhm3yso39',
   Key: 'serverless/test/dev/1578483151632-2020-01-08T11:32:31.632Z/test.zip',
   ContentType: 'application/zip',
   Metadata: { filesha256: '93QNpDiyI8C3IEfV0+1OWeZJaQykZfE/2AB+g+8E0Dw=' }
 })
 Serverless: Validating template...
 Serverless: [AWS cloudformation 200 0.619s 0 retries] validateTemplate({
   TemplateURL: 'https://s3.amazonaws.com/test-dev-serverlessdeploymentbucket-661rhm3yso39/serverless/test/dev/1578483151632-2020-01-08T11:32:31.632Z/compiled-cloudformation-template.json'
 })
 Serverless: Updating Stack...
 Serverless: [AWS cloudformation 200 0.701s 0 retries] updateStack({
   StackName: 'test-dev',
   Capabilities: [ 'CAPABILITY_IAM', 'CAPABILITY_NAMED_IAM', [length]: 2 ],
   Parameters: [ [length]: 0 ],
   TemplateURL: 'https://s3.amazonaws.com/test-dev-serverlessdeploymentbucket-661rhm3yso39/serverless/test/dev/1578483151632-2020-01-08T11:32:31.632Z/compiled-cloudformation-template.json',
   Tags: [
     { Key: 'STAGE', Value: 'dev' },
     { Key: 'environment', Value: 'development' },
     [length]: 2
   ]
 })
 Serverless: Checking Stack update progress...
 Serverless: [AWS cloudformation 200 0.551s 0 retries] describeStackEvents({
   StackName: 'arn:aws:cloudformation:eu-west-1:00000000:stack/test-dev/c01d94c0-3209-11ea-ae99-0637bdb794d0'
 })
 ...Serverless: [AWS cloudformation 200 0.206s 0 retries] describeStackEvents({
   StackName: 'arn:aws:cloudformation:eu-west-1:00000000:stack/test-dev/c01d94c0-3209-11ea-ae99-0637bdb794d0'
 })
 ......
 Serverless: Stack update finished...
 Serverless: Invoke aws:info
 Serverless: [AWS cloudformation 200 0.151s 0 retries] describeStacks({ StackName: 'test-dev' })
 Serverless: [AWS cloudformation 200 0.148s 0 retries] listStackResources({ StackName: 'test-dev' })
 Service Information
 service: test
 stage: dev
 region: eu-west-1
 stack: test-dev
 resources: 6
 api keys:
   None
 endpoints:
   None
 functions:
   trigger: test-dev-trigger
 layers:
   None
 Serverless: [AWS sts 200 0.382s 0 retries] getCallerIdentity({})
 Serverless: [AWS apigateway 403 0.179s 0 retries] getRestApis({ position: undefined, limit: 500 })
  
   Serverless Error ---------------------------------------
  
   ServerlessError: User: arn:aws:iam::00000000:user/gitlab is not authorized to perform: apigateway:GET on resource: arn:aws:apigateway:eu-west-1::/restapis
       at /Users/joenyland/Code/Zuko/es-snapshot-trigger/node_modules/serverless/lib/plugins/aws/provider/awsProvider.js:326:27
       at processTicksAndRejections (internal/process/task_queues.js:93:5)
  
   Get Support --------------------------------------------
      Docs:          docs.serverless.com
      Bugs:          github.com/serverless/serverless/issues
      Issues:        forum.serverless.com
  
   Your Environment Information ---------------------------
      Operating System:          darwin
      Node Version:              12.14.0
      Framework Version:         1.60.5
      Plugin Version:            3.2.7
      SDK Version:               2.2.1
      Components Core Version:   1.1.2
      Components CLI Version:    1.4.0

Similar or dependent issues:

  • #5367 - This is different in that the action is on a different API Gateway resource (not authorized to perform: apigateway:GET on resource: arn:aws:apigateway:us-east-2::/apikeys)

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Reactions:3
  • Comments:11 (5 by maintainers)

github_iconTop GitHub Comments

3reactions
rdsedmundocommented, Feb 10, 2020

I confirmed that the issue was indeed introduced by e93ef64.

I made a fix #7305, let me know your thoughts on the proposed solution @medikoo. Instead of looking for HTTP events I went to check the CloudFormation templates altogether, similarly by how the updateStage by itself does it.

3reactions
JoeNylandcommented, Jan 8, 2020

I understand that the error is indicating a permission issue, but I don’t see why I should give the deploy user permissions to something that it should not be accessing.

Serverless: [AWS apigateway 403 0.179s 0 retries] getRestApis({ position: undefined, limit: 500 })

I’m not using API Gateway in the stack, so why is Serverless attempting to query it for APIs?

Serverless <=1.60.1 doesn’t exhibit this behaviour, so it seems like it’s a bug in 1.60.2 onwards.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Resolve the "Internal Failure" error in CloudFormation - AWS
To resolve this issue, complete the steps in the Deploy a test stack to find the incorrect values for your resources or properties...
Read more >
Top 10 Serverless Deployment Errors (and How to Fix Them)
1. Invalid CloudFormation state · 2. Unable to fetch parameters · 3. API Gateway: No integration defined for method · 4. Codebuild deploy...
Read more >
MS Deploy task failed DeploymentBaseOptions does not ...
For me the solution was to install Web Deploy 3.5 ... does not contain a definition for 'UserAgent') Publish failed to deploy.
Read more >
salesforcedx - DeployFailed: Deploy failed. Visual studio code
In my case this told me "Can't create lightning component bundle if there is already an aura definition bundle with the same name...
Read more >
Resolving problems that occur during deployment of message ...
Any user-defined extensions that you are using in your message flow ... Error messages about your integration node mode are issued when you ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Breaking change introduced for Custom Authorizer Lambdas

Next page

After upgrading to 1.60.5, can't set environment variables via CLI