https://www.lunasec.io logo
#general
Title
# general
c

Cameron Smart

05/10/2022, 12:39 AM
That moved me on to the next error:P
Copy code
User: arn:aws:iam::862989225104:user/cameron is not authorized to perform: cloudformation:DescribeStacks on resource: arn:aws:cloudformation:us-west-2:862989225104:stack/lunatrace-cam-EtlStorage/* because no identity-based policy allows the cloudformation:DescribeStacks action
b

breadchris

05/10/2022, 12:40 AM
you need to give your aws user more perms
c

Cameron Smart

05/10/2022, 12:41 AM
by attaching policies to the group that the user uses?
b

breadchris

05/10/2022, 12:42 AM
yeah your user
basically if you ever hit one of those errors
that means you need to attach more permissions to your user in iam
c

Cameron Smart

05/10/2022, 12:42 AM
so this one is for
cloudformation:DescribeStacks
it looks like?
adding that worked
here's another one
lunatrace-cam-EtlStorage: This CDK deployment requires bootstrap stack version '6', found an older version. Please run 'cdk bootstrap'.
but I don't have the cdk command
i guess I just install it? Never used the aws cdk before.
running ``cdk bootstrap`` gives me this wild error
Copy code
[cameron@ThePad backend-cdk]$ cdk bootstrap
/home/cameron/.npm/_npx/1bf7c3c15bf47d04/node_modules/ts-node/src/index.ts:820
    return new TSError(diagnosticText, diagnosticCodes);
           ^
TSError: ⨯ Unable to compile TypeScript:
bin/lunatrace-backend.ts:17:30 - error TS2307: Cannot find module 'fs' or its corresponding type declarations.

17 import { readFileSync } from 'fs';
                                ~~~~
bin/lunatrace-backend.ts:19:22 - error TS2307: Cannot find module '@aws-cdk/core' or its corresponding type declarations.

19 import * as cdk from '@aws-cdk/core';
                        ~~~~~~~~~~~~~~~
bin/lunatrace-backend.ts:81:7 - error TS2580: Cannot find name 'process'. Do you need to install type definitions for node? Try `npm i --save-dev @types/node`.

81   if (process.env.DEVELOPMENT === 'true') {
         ~~~~~~~
bin/lunatrace-backend.ts:82:21 - error TS2580: Cannot find name 'process'. Do you need to install type definitions for node? Try `npm i --save-dev @types/node`.

82     const devUser = process.env.DEV_USER;
                       ~~~~~~~
bin/lunatrace-backend.ts:89:7 - error TS2345: Argument of type '{ env: { account: string; region: string; }; publicBaseUrl: string; }' is not assignable to parameter of type 'WorkerStorageStackProps'.
  Object literal may only specify known properties, and 'env' does not exist in type 'WorkerStorageStackProps'.

89       env,
         ~~~
bin/lunatrace-backend.ts:94:5 - error TS2345: Argument of type '{ env: { account: string; region: string; }; appName: string; domainName: string; domainZoneId: string; vpcId: string; certificateArn: string; backendStaticSecretArn: string; databaseSecretArn: string; ... 6 more ...; kratosCipherSecretArn: string; }' is not assignable to parameter of type 'LunaTraceStackProps'.
  Object literal may only specify known properties, and 'env' does not exist in type 'LunaTraceStackProps'.

94     env: env,
       ~~~~~~~~

    at createTSError (/home/cameron/.npm/_npx/1bf7c3c15bf47d04/node_modules/ts-node/src/index.ts:820:12)
    at reportTSError (/home/cameron/.npm/_npx/1bf7c3c15bf47d04/node_modules/ts-node/src/index.ts:824:19)
    at getOutput (/home/cameron/.npm/_npx/1bf7c3c15bf47d04/node_modules/ts-node/src/index.ts:1014:36)
    at Object.compile (/home/cameron/.npm/_npx/1bf7c3c15bf47d04/node_modules/ts-node/src/index.ts:1322:43)
    at Module.m._compile (/home/cameron/.npm/_npx/1bf7c3c15bf47d04/node_modules/ts-node/src/index.ts:1454:30)
    at Module._extensions..js (node:internal/modules/cjs/loader:1153:10)
    at Object.require.extensions.<computed> [as .ts] (/home/cameron/.npm/_npx/1bf7c3c15bf47d04/node_modules/ts-node/src/index.ts:1458:12)
    at Module.load (node:internal/modules/cjs/loader:975:32)
    at Function.Module._load (node:internal/modules/cjs/loader:822:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:77:12) {
  diagnosticCodes: [ 2307, 2307, 2580, 2580, 2345, 2345 ]
}

NOTICES

19836	AWS CDK v1 entering maintenance mode soon

	Overview: AWS CDK v1 is entering maintenance mode on June 1, 2022.
	          Migrate to AWS CDK v2 to continue to get the latest features
	          and fixes!

	Affected versions: framework: 1.*, cli: 1.*

	More information at: <https://github.com/aws/aws-cdk/issues/19836>


If you don't want to see a notice anymore, use "cdk acknowledge <id>". For example, "cdk acknowledge 19836".
Subprocess exited with error 1
maybe I need to set an env file?
b

breadchris

05/10/2022, 1:03 AM
classic javascript
you have run
yarn
already?
c

Cameron Smart

05/10/2022, 1:04 AM
yeah
b

breadchris

05/10/2022, 1:04 AM
man idk, javascript is such a fragmented language
hmm
c

Cameron Smart

05/10/2022, 1:05 AM
I think it might have something to do with a .env file. I see that is in the .gitignore
b

breadchris

05/10/2022, 1:06 AM
nah, that is a left over thing from when we were using that
c

Cameron Smart

05/10/2022, 1:06 AM
ok
yeah
b

breadchris

05/10/2022, 1:06 AM
Copy code
npm i -g @types/node
c

Cameron Smart

05/10/2022, 1:07 AM
I need to upgrade bootstrap
b

breadchris

05/10/2022, 1:07 AM
dont run the command i sent
that isnt what you need
this is a @Forrest Allison or @Free Wortley question
ohhh
@Cameron Smart
c

Cameron Smart

05/10/2022, 1:08 AM
for some reason I need to use sudo to run npm commands. could I have set somethign up incorrectly?
b

breadchris

05/10/2022, 1:08 AM
yarn run cdk bootstrap
not just cdk bootstrap
c

Cameron Smart

05/10/2022, 1:08 AM
that makes sense
Copy code
/home/cameron/projects/lunasec/.yarn/__virtual__/@aws-cdk-aws-ecr-assets-virtual-d656f261fb/0/cache/@aws-cdk-aws-ecr-assets-npm-1.152.0-47555c3df2-76aae6dea7.zip/node_modules/@aws-cdk/aws-ecr-assets/lib/tarball-asset.ts:64
      throw new Error(`Cannot find file at ${props.tarballFile}`);
            ^
Error: Cannot find file at /home/cameron/projects/lunasec/lunatrace/bsl/backend-cdk/build/lunatrace-frontend.tar
    at new TarballImageAsset (/home/cameron/projects/lunasec/.yarn/__virtual__/@aws-cdk-aws-ecr-assets-virtual-d656f261fb/0/cache/@aws-cdk-aws-ecr-assets-npm-1.152.0-47555c3df2-76aae6dea7.zip/node_modules/@aws-cdk/aws-ecr-assets/lib/tarball-asset.ts:64:13)
    at Object.bind (/home/cameron/projects/lunasec/.yarn/__virtual__/@aws-cdk-aws-ecs-virtual-46652ce656/0/cache/@aws-cdk-aws-ecs-npm-1.152.0-06f54df74a-a98f792ce4.zip/node_modules/@aws-cdk/aws-ecs/lib/container-image.ts:69:23)
    at new ContainerDefinition (/home/cameron/projects/lunasec/.yarn/__virtual__/@aws-cdk-aws-ecs-virtual-46652ce656/0/cache/@aws-cdk-aws-ecs-npm-1.152.0-06f54df74a-a98f792ce4.zip/node_modules/@aws-cdk/aws-ecs/lib/container-definition.ts:485:36)
    at FargateTaskDefinition.addContainer (/home/cameron/projects/lunasec/.yarn/__virtual__/@aws-cdk-aws-ecs-virtual-46652ce656/0/cache/@aws-cdk-aws-ecs-npm-1.152.0-06f54df74a-a98f792ce4.zip/node_modules/@aws-cdk/aws-ecs/lib/base/task-definition.ts:590:12)
    at new LunatraceBackendStack (/home/cameron/projects/lunasec/lunatrace/bsl/backend-cdk/lib/lunatrace-backend-stack.ts:137:30)
    at deployStack (/home/cameron/projects/lunasec/lunatrace/bsl/backend-cdk/bin/lunatrace-backend.ts:93:10)
    at Object.<anonymous> (/home/cameron/projects/lunasec/lunatrace/bsl/backend-cdk/bin/lunatrace-backend.ts:112:1)
    at Module._compile (node:internal/modules/cjs/loader:1099:14)
    at Module.m._compile (/home/cameron/.npm/_npx/1bf7c3c15bf47d04/node_modules/ts-node/src/index.ts:1455:23)
b

breadchris

05/10/2022, 1:10 AM
ah
c

Cameron Smart

05/10/2022, 1:10 AM
Where should I run that from?
b

breadchris

05/10/2022, 1:10 AM
you need
DEV_USER=<username> yarn run cdk bootstrap
c

Cameron Smart

05/10/2022, 1:10 AM
oh yeah
f

Free Wortley

05/10/2022, 1:11 AM
I semi-around. Are you blocked and needing help?
f

Forrest Allison

05/10/2022, 1:11 AM
That's just to keep our resources straight right Chris?
c

Cameron Smart

05/10/2022, 1:11 AM
DEV_USER=<username> yarn run cdk bootstrap
didn't seem to work
b

breadchris

05/10/2022, 1:12 AM
@Cameron Smart you have to sub your username
c

Cameron Smart

05/10/2022, 1:12 AM
I did
b

breadchris

05/10/2022, 1:12 AM
what was the error
f

Free Wortley

05/10/2022, 1:12 AM
You also have to set
DEVELOPMENT=true
right?
f

Forrest Allison

05/10/2022, 1:12 AM
Shouldnt it be like dev:cdk
f

Free Wortley

05/10/2022, 1:12 AM
both DEVELOPMENT and DEV_USER must be set
f

Forrest Allison

05/10/2022, 1:12 AM
Or yeah development=true, right
b

breadchris

05/10/2022, 1:12 AM
no @Free Wortley we dont use development anymore
f

Free Wortley

05/10/2022, 1:12 AM
gotcha
b

breadchris

05/10/2022, 1:13 AM
it is just DEV_USER
f

Forrest Allison

05/10/2022, 1:13 AM
What tells it it's doing a dev deployment?
Ah I see
f

Free Wortley

05/10/2022, 1:13 AM
Well if you have any specific questions, please ping me. Otherwise I'm in the zone on other stuff 🙏
c

Cameron Smart

05/10/2022, 1:14 AM
I'm still stuck on that last error
i'll get it again
Copy code
[cameron@ThePad backend-cdk]$ DEV_USER=cameron yarn run cdk bootstrap
/home/cameron/projects/lunasec/.yarn/__virtual__/@aws-cdk-aws-ecr-assets-virtual-d656f261fb/0/cache/@aws-cdk-aws-ecr-assets-npm-1.152.0-47555c3df2-76aae6dea7.zip/node_modules/@aws-cdk/aws-ecr-assets/lib/tarball-asset.ts:64
      throw new Error(`Cannot find file at ${props.tarballFile}`);
            ^
Error: Cannot find file at /home/cameron/projects/lunasec/lunatrace/bsl/backend-cdk/build/lunatrace-frontend.tar
    at new TarballImageAsset (/home/cameron/projects/lunasec/.yarn/__virtual__/@aws-cdk-aws-ecr-assets-virtual-d656f261fb/0/cache/@aws-cdk-aws-ecr-assets-npm-1.152.0-47555c3df2-76aae6dea7.zip/node_modules/@aws-cdk/aws-ecr-assets/lib/tarball-asset.ts:64:13)
    at Object.bind (/home/cameron/projects/lunasec/.yarn/__virtual__/@aws-cdk-aws-ecs-virtual-46652ce656/0/cache/@aws-cdk-aws-ecs-npm-1.152.0-06f54df74a-a98f792ce4.zip/node_modules/@aws-cdk/aws-ecs/lib/container-image.ts:69:23)
    at new ContainerDefinition (/home/cameron/projects/lunasec/.yarn/__virtual__/@aws-cdk-aws-ecs-virtual-46652ce656/0/cache/@aws-cdk-aws-ecs-npm-1.152.0-06f54df74a-a98f792ce4.zip/node_modules/@aws-cdk/aws-ecs/lib/container-definition.ts:485:36)
    at FargateTaskDefinition.addContainer (/home/cameron/projects/lunasec/.yarn/__virtual__/@aws-cdk-aws-ecs-virtual-46652ce656/0/cache/@aws-cdk-aws-ecs-npm-1.152.0-06f54df74a-a98f792ce4.zip/node_modules/@aws-cdk/aws-ecs/lib/base/task-definition.ts:590:12)
    at new LunatraceBackendStack (/home/cameron/projects/lunasec/lunatrace/bsl/backend-cdk/lib/lunatrace-backend-stack.ts:137:30)
    at deployStack (/home/cameron/projects/lunasec/lunatrace/bsl/backend-cdk/bin/lunatrace-backend.ts:93:10)
    at Object.<anonymous> (/home/cameron/projects/lunasec/lunatrace/bsl/backend-cdk/bin/lunatrace-backend.ts:112:1)
    at Module._compile (node:internal/modules/cjs/loader:1099:14)
    at Module.m._compile (/home/cameron/.npm/_npx/1bf7c3c15bf47d04/node_modules/ts-node/src/index.ts:1455:23)
    at Module._extensions..js (node:internal/modules/cjs/loader:1153:10)

NOTICES

19836	AWS CDK v1 entering maintenance mode soon

	Overview: AWS CDK v1 is entering maintenance mode on June 1, 2022.
	          Migrate to AWS CDK v2 to continue to get the latest features
	          and fixes!

	Affected versions: framework: 1.*, cli: 1.*

	More information at: <https://github.com/aws/aws-cdk/issues/19836>


If you don't want to see a notice anymore, use "cdk acknowledge <id>". For example, "cdk acknowledge 19836".
Subprocess exited with error 1
b

breadchris

05/10/2022, 1:15 AM
oh i guess DEVELOPMENT is needed
i dont remember putting that there
DEVELOPMENT=true DEV_USER=<user> yarn run cdk bootstrap
c

Cameron Smart

05/10/2022, 1:17 AM
it appears to be working
it appears to be failing in a new way
Copy code
^C[cameron@ThePad backend-cdk]DEVELOPMENT=true DEV_USER=cameron yarn run cdk bootstrap
(node:187545) [MODULE_NOT_FOUND] Error: @types/node tried to access events (a peer dependency) but it isn't provided by its ancestors; this makes the require call ambiguous and unsound.
(Use `node --trace-warnings ...` to show where the warning was created)
(node:187545) [MODULE_NOT_FOUND] Error: @types/node tried to access util (a peer dependency) but it isn't provided by its ancestors; this makes the require call ambiguous and unsound.
(node:187545) [MODULE_NOT_FOUND] Error: @types/node tried to access url (a peer dependency) but it isn't provided by its ancestors; this makes the require call ambiguous and unsound.
(node:187545) [MODULE_NOT_FOUND] Error: @types/node tried to access tty. While this module is usually interpreted as a Node builtin, your resolver is running inside a non-Node resolution context where such builtins are ignored. Since tty isn't otherwise declared in @types/node's dependencies, this makes the require call ambiguous and unsound.
(node:187545) [MODULE_NOT_FOUND] Error: @types/node tried to access querystring (a peer dependency) but it isn't provided by its ancestors; this makes the require call ambiguous and unsound.
 ⏳  Bootstrapping environment <aws://862989225104/us-west-2>...
Trusted accounts for deployment: (none)
Trusted accounts for lookup: (none)
Using default execution policy of 'arn:aws:iam::aws:policy/AdministratorAccess'. Pass '--cloudformation-execution-policies' to customize.
CDKToolkit: creating CloudFormation changeset...
6:17:22 PM | CREATE_FAILED        | AWS::IAM::Role        | LookupRole
API: iam:GetRole User: arn:aws:iam::862989225104:user/cameron is not authorized to perform: iam:GetRole on resource: role cdk-hnb659fds-lookup-role-862989225104-us-west-2 because no identity-based policy allows the iam:GetRole action

6:17:22 PM | CREATE_FAILED        | AWS::IAM::Role        | FilePublishingRole
API: iam:GetRole User: arn:aws:iam::862989225104:user/cameron is not authorized to perform: iam:GetRole on resource: role cdk-hnb659fds-file-publishing-role-862989225104-us-west-2 because no identity-based policy allows the iam:GetRole action
 ❌  Environment <aws://862989225104/us-west-2> failed bootstrapping: Error: The stack named CDKToolkit failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE
    at waitForStackDeploy (/home/cameron/projects/lunasec/.yarn/unplugged/aws-cdk-npm-2.20.0-29fc6b61e0/node_modules/aws-cdk/lib/api/util/cloudformation.ts:311:11)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at prepareAndExecuteChangeSet (/home/cameron/projects/lunasec/.yarn/unplugged/aws-cdk-npm-2.20.0-29fc6b61e0/node_modules/aws-cdk/lib/api/deploy-stack.ts:376:26)
    at /home/cameron/projects/lunasec/.yarn/unplugged/aws-cdk-npm-2.20.0-29fc6b61e0/node_modules/aws-cdk/lib/cdk-toolkit.ts:575:24
    at async Promise.all (index 0)
    at CdkToolkit.bootstrap (/home/cameron/projects/lunasec/.yarn/unplugged/aws-cdk-npm-2.20.0-29fc6b61e0/node_modules/aws-cdk/lib/cdk-toolkit.ts:572:5)
    at initCommandLine (/home/cameron/projects/lunasec/.yarn/unplugged/aws-cdk-npm-2.20.0-29fc6b61e0/node_modules/aws-cdk/lib/cli.ts:342:12)

NOTICES

19836	AWS CDK v1 entering maintenance mode soon

	Overview: AWS CDK v1 is entering maintenance mode on June 1, 2022.
	          Migrate to AWS CDK v2 to continue to get the latest features
	          and fixes!

	Affected versions: framework: 1.*, cli: 1.*

	More information at: <https://github.com/aws/aws-cdk/issues/19836>


If you don't want to see a notice anymore, use "cdk acknowledge <id>". For example, "cdk acknowledge 19836".
The stack named CDKToolkit failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE
b

breadchris

05/10/2022, 1:19 AM
your user needs more permissions
Copy code
API: iam:GetRole User: arn:aws:iam::862989225104:user/cameron is not authorized to perform: iam:GetRole on resource: role cdk-hnb659fds-file-publishing-role-862989225104-us-west-2 because no identity-based policy allows the iam:GetRole action
f

Free Wortley

05/10/2022, 1:19 AM
@Cameron Smart that looks to be because your credentials are limited in AWS. You need to be a user with admin credentials.
c

Cameron Smart

05/10/2022, 1:20 AM
I can add iam:GetRole i think
at one point I had a root account but had to change to the iam one
f

Free Wortley

05/10/2022, 1:21 AM
@Cameron Smart You should just use the root account or you're going to be in for a world of pain
it'll take hours to figure out every permission you need to deploy
c

Cameron Smart

05/10/2022, 1:23 AM
mmk. I'll try the root account.
It all seems to be working with the root account
11 Views