https://serverless-stack.com/ logo
Join Slack
Powered by
Hi, I am having a problem creating a VPC. This wor...
# help
r
Hi, I am having a problem creating a VPC. This works under CDK, but under SST it says I do not have permssion:
Copy code
$ npx sst build 
Preparing your SST app 
Transpiling source 
Synthesizing CDK 
[Error at /dev-eco-server-build-job] You are not authorized to perform this operation.
The code is:
Copy code
const ec2 = require("@aws-cdk/aws-ec2");
export default class BuildJobStack extends sst.Stack {
  constructor(scope, id, props) {
    super(scope, id, props);
    const vpc = new ec2.Vpc(this, "eco-vpc", {
      maxAzs: 1
    });
Note, this isn't even deploying it, just running 
build
on command line. Any ideas?
I see the thread above by @Ross Coundon mentions VPC and that it needs to be defined with CDK and not SST, which I guess makes sense so I will do that.
Perhaps this error needs to say something different to a generic "you are not authorized" which gave me no clue. Somehting along the lines of "VPC not allowed in SST, use CDK instead".
a
Hey @Rupert Smith, I'm defining a VPC the same way you are with sst.Stack with no issues. I think the above thread talks about the sst not having a wrapper for ec2.Vpc, you can still use sst.Stack and create a vpc within that using regular cdk constructs.
r
But it gives an error if I do it that way?
f
@Rupert Smith You can use any CDK constructs in SST. @Andreas is correct, SST doesn’t have a wrapper around 
ec2.Vpc
, but you can use 
ec2.Vpc
directly.
The error you are getting is an AWS IAM error. When you run 
build
, CDK needs to look up certain things in your AWS account in order to build the CloudFormation template.
In this case, it needs to make an api call to get the Availability Zones in the EC2 region you are deploying into. And likely the IAM credentials you provided didn’t have the permission.
run 
npx sst build --verbose
and all AWS api calls will be printed out, and you figure out which one failed.
Let me know if that makes sense.
r
Thank you Frank that does indeed take me to the real error:
Copy code
[AWS ec2 403 0.123s 0 retries] describeAvailabilityZones({})
Call failed: describeAvailabilityZones(undefined) => You are not authorized to perform this operation. (code=UnauthorizedOperation)
4 Views
Open in Slack
PreviousNext
Powered by