Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Setting existing:true on S3 bucket causes deployment to fail

See original GitHub issue

Bug Report

Setting existing:true on S3 bucket causes deployment to fail

Description

  1. What did you do? Added existing:true to S3 function. The deployment works correctly for a new bucket.

  2. What happened? The deployment fails with:

...
CloudFormation - UPDATE_IN_PROGRESS - AWS::CloudFormation::Stack - pdfcountdebug-dev
CloudFormation - CREATE_IN_PROGRESS - AWS::Logs::LogGroup - S3uploadedLogGroup
CloudFormation - CREATE_IN_PROGRESS - AWS::IAM::Role - IamRoleLambdaExecution
CloudFormation - CREATE_IN_PROGRESS - AWS::IAM::Role - IamRoleCustomResourcesLambdaExecution
CloudFormation - CREATE_IN_PROGRESS - AWS::Logs::LogGroup - S3uploadedLogGroup
CloudFormation - CREATE_IN_PROGRESS - AWS::IAM::Role - IamRoleCustomResourcesLambdaExecution
CloudFormation - CREATE_COMPLETE - AWS::Logs::LogGroup - S3uploadedLogGroup
CloudFormation - CREATE_IN_PROGRESS - AWS::IAM::Role - IamRoleLambdaExecution
CloudFormation - CREATE_COMPLETE - AWS::IAM::Role - IamRoleCustomResourcesLambdaExecution
CloudFormation - CREATE_COMPLETE - AWS::IAM::Role - IamRoleLambdaExecution
CloudFormation - CREATE_IN_PROGRESS - AWS::Lambda::Function - CustomDashresourceDashexistingDashs3LambdaFunction
CloudFormation - CREATE_IN_PROGRESS - AWS::Lambda::Function - S3uploadedLambdaFunction
CloudFormation - CREATE_IN_PROGRESS - AWS::Lambda::Function - CustomDashresourceDashexistingDashs3LambdaFunction
CloudFormation - CREATE_IN_PROGRESS - AWS::Lambda::Function - S3uploadedLambdaFunction
CloudFormation - CREATE_COMPLETE - AWS::Lambda::Function - CustomDashresourceDashexistingDashs3LambdaFunction
CloudFormation - CREATE_COMPLETE - AWS::Lambda::Function - S3uploadedLambdaFunction
CloudFormation - CREATE_IN_PROGRESS - AWS::Lambda::Version - S3uploadedLambdaVersioneyfdcHxB4Kq0aaxjAYGHiQwjGYOm5C3Tr4KbmAP3pY
CloudFormation - CREATE_IN_PROGRESS - Custom::S3 - S3uploadedCustomS31
CloudFormation - CREATE_IN_PROGRESS - AWS::Lambda::Version - S3uploadedLambdaVersioneyfdcHxB4Kq0aaxjAYGHiQwjGYOm5C3Tr4KbmAP3pY
CloudFormation - CREATE_COMPLETE - AWS::Lambda::Version - S3uploadedLambdaVersioneyfdcHxB4Kq0aaxjAYGHiQwjGYOm5C3Tr4KbmAP3pY
CloudFormation - CREATE_IN_PROGRESS - Custom::S3 - S3uploadedCustomS31
CloudFormation - CREATE_FAILED - Custom::S3 - S3uploadedCustomS31
CloudFormation - UPDATE_ROLLBACK_IN_PROGRESS - AWS::CloudFormation::Stack - pdfcountdebug-dev
CloudFormation - UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS - AWS::CloudFormation::Stack - pdfcountdebug-dev
CloudFormation - DELETE_IN_PROGRESS - AWS::CloudFormation::CustomResource - S3uploadedCustomS31
CloudFormation - DELETE_SKIPPED - AWS::Lambda::Version - S3uploadedLambdaVersioneyfdcHxB4Kq0aaxjAYGHiQwjGYOm5C3Tr4KbmAP3pY
CloudFormation - DELETE_FAILED - AWS::CloudFormation::CustomResource - S3uploadedCustomS31
...

and then rolls back everything else. The rollback for S3uploadedCustomS31 fails of course.

  1. What should’ve happened? Deployment should complete. The step that fails is the custom resource handler that attaches the necessary policies to the function handler and the existing bucket. It is not clear which step fails. I suspect it is attaching the permission to the lambda.

  2. What’s the content of your serverless.yml file? Reduced file for clarity

service: pdfcountdebug

provider:
  name: aws
  runtime: nodejs10.x
  stage: ${opt:stage, 'dev'}
  region: ${opt:region, 'sa-east-1'}

  iamRoleStatements:
    - Effect: "Allow"
      Action:
        - "s3:GetObject"
        - "s3:DeleteObject"
      Resource: "*"

functions:
  s3uploaded:
    handler: src/uploaded.handler
    events:
      - s3: 
          bucket: hookohm.test.doutore-documentacao
          event: s3:ObjectCreated:*
          rules:
            - suffix: .pdf
          existing: true
  1. What’s the output you get when you use the SLS_DEBUG=* environment variable (e.g. SLS_DEBUG=* serverless deploy) sls does not fail, but the AWS deployment does.

Similar or dependent issues:

  • #6638 This gave a different error.

Because the whole stack rolls back due to the error, there are no AWS logs to track down the issue. Debugging CloudFormation custom resources is a bit of a dark art.

  1. Environment
  Your Environment Information ---------------------------
     Operating System:          win32
     Node Version:              8.11.3
     Framework Version:         1.53.0
     Plugin Version:            3.1.0
     SDK Version:               2.1.1
     Components Core Version:   1.1.1
     Components CLI Version:    1.2.3

Issue Analytics

  • State:open
  • Created 4 years ago
  • Reactions:21
  • Comments:30 (10 by maintainers)

github_iconTop GitHub Comments

10reactions
ihorfitocommented, Oct 8, 2019

try to check: s3 -> bucket -> configuration -> events delete existing events it helps when you cannot deploy sls application

2reactions
pgrzesikcommented, Oct 20, 2021

@jazwiecki - The error you’re seeing it unrelated to S3 bucket - if you don’t specify a role for Lambda functions to use, one will be created for you by Serverless Framework and used by your functions. You can avoid that by specifying an existing role. You can read more about it here: https://www.serverless.com/framework/docs/providers/aws/guide/iam#iam

Read more comments on GitHub >

github_iconTop Results From Across the Web

Serverless: Deplyment error S3 Bucket already exists in stack
If you add existing: true to the S3 config in your serverless.yml file it won't try to create the S3 bucket like the...
Read more >
Serverless fails to create a S3 trigger for an existing S3 bucket
Deployment of my serverless app to trigger on S3 events fails to create a S3 trigger to the existing bucket. Below my serverless...
Read more >
Amazon S3 replication failure reasons
Amazon S3 is unable to find the destination bucket specified in the replication configuration. DstBucketObjectLockConfigMissing, To replicate objects from a ...
Read more >
Upload to AWS S3 bucket fails with exit code 100
Goal: upload the contents of a package to an S3 bucket. The package is uploaded to Octopus Deploy. AWS Account and permissions are ......
Read more >
10 things you should know about using AWS S3 - Sumo Logic
Set up some sort of configuration file or service, and read S3 locations like buckets and prefixes from that. How to deploy your...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

opt:region var default value not resolved on deploy

Next page

Lambda layer versions are not being retained