My site is not showing creatures.

I completed module 3, and I still cannot see creatures. on my machine.

Am I doing something wrong?

I can load https://www.mythicalmysfits.com/

Within module 5, Step 3 "Create the streaming stack", Section C "C: Deploy The Stack Using AWS CloudFormation" the bash command contains an additional subfolder /cfn which is not existent.

Instead of using the proposed statement

aws cloudformation deploy --template-file /home/ec2-user/environment/MythicalMysfitsStreamingService-Repository/cfn/transformed-streaming.yml --stack-name MythicalMysfitsStreamingStack --capabilities CAPABILITY_IAM

this one is correct:

aws cloudformation deploy --template-file /home/ec2-user/environment/MythicalMysfitsStreamingService-Repository/transformed-streaming.yml --stack-name MythicalMysfitsStreamingStack --capabilities CAPABILITY_IAM

Hi. I'm facing similar issue as #14 , load balancer is not connecting - request expires with a timeout. I tried suggestions from there: seems like I got it right with subnets, and also I checked a running task in a cluster via aws console, it shows a bunch of 200 health check responses, but not mysfits responses. How can I investigate further? Is there a way to see some logs on load balancer itself?

Hi, when I try to run the docker image I get the following error:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'defaultValidator' defined in class path resource [org/springframework/boot/autoconfigure/validation/ValidationAutoConfiguration.class]: Invocation of init method failed; nested exception is java.lang.NoClassDefFoundError: Could not initialize class org.hibernate.validator.internal.engine.valueextraction.ValueExtractorManager
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1699) ~[spring-beans-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:573) ~[spring-beans-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:495) ~[spring-beans-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
        at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:317) ~[spring-beans-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
        at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222) ~[spring-beans-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
        at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:315) ~[spring-beans-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
        at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199) ~[spring-beans-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
        at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:759) ~[spring-beans-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
        at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:869) ~[spring-context-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:550) ~[spring-context-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
        at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:140) ~[spring-boot-2.0.4.RELEASE.jar!/:2.0.4.RELEASE]
        at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:762) [spring-boot-2.0.4.RELEASE.jar!/:2.0.4.RELEASE]
        at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:398) [spring-boot-2.0.4.RELEASE.jar!/:2.0.4.RELEASE]
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:330) [spring-boot-2.0.4.RELEASE.jar!/:2.0.4.RELEASE]
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1258) [spring-boot-2.0.4.RELEASE.jar!/:2.0.4.RELEASE]
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:1246) [spring-boot-2.0.4.RELEASE.jar!/:2.0.4.RELEASE]
        at com.example.MythicalMysfitsApplication.main(MythicalMysfitsApplication.java:17) [classes!/:1.0-SNAPSHOT]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_111]
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_111]
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_111]
        at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_111]
        at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [app.jar:1.0-SNAPSHOT]
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [app.jar:1.0-SNAPSHOT]
        at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [app.jar:1.0-SNAPSHOT]
        at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [app.jar:1.0-SNAPSHOT]
Caused by: java.lang.NoClassDefFoundError: Could not initialize class org.hibernate.validator.internal.engine.valueextraction.ValueExtractorManager
        at org.hibernate.validator.internal.engine.ValidatorFactoryImpl.<init>(ValidatorFactoryImpl.java:140) ~[hibernate-validator-6.0.11.Final.jar!/:6.0.11.Final]
        at org.hibernate.validator.HibernateValidator.buildValidatorFactory(HibernateValidator.java:38) ~[hibernate-validator-6.0.11.Final.jar!/:6.0.11.Final]
        at org.hibernate.validator.internal.engine.ConfigurationImpl.buildValidatorFactory(ConfigurationImpl.java:364) ~[hibernate-validator-6.0.11.Final.jar!/:6.0.11.Final]
        at org.springframework.validation.beanvalidation.LocalValidatorFactoryBean.afterPropertiesSet(LocalValidatorFactoryBean.java:309) ~[spring-context-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1758) ~[spring-beans-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1695) ~[spring-beans-5.0.8.RELEASE.jar!/:5.0.8.RELEASE]
        ... 24 common frames omitted

Originally posted by @eladb in https://github.com/_render_node/MDE3OlB1bGxSZXF1ZXN0UmV2aWV3MjQ0NjM1NDc2/pull_request_reviews/more_threads

The steps outlined in the module calls for the following to be executed in the CLI:

aws s3api put-bucket-policy --bucket bucket-name --policy file://~/environment/aws-modern-application-workshop/module-1/aws-cli/website-bucket-policy.json

However, "website-bucket-policy.json" is not included in the workshop materials.

In Module section Update Mythical Mysfits to Call the NLB
Right after Upload to S3
When testing website using the same URL used at the end of Module 1
The page starts OK but the individual MysFits do not sho up just the header and footer.

Maybe this is normal and will be corrected after Module 3

https://github.com/aws-samples/aws-modern-application-workshop/blob/master/module-2/cfn/core.yml

I am confused by Lines 194-209. I am under the impression that internet-facing load balancers needs at minimum to be associated with a subnet that has a IGW. The application and classic load balancers can have a security group associated with them but not a Network Load Balancer. The security group defined in this section (Lines 194-209) is allowing all traffic into the Fargate container instances hosted in ECS, which doesn't really seem to be the intention of the security group.

My proposed solution is to limit the ingress policy of the security group to only that of the VPC range. Because the instances are in a private subnet, the security group is redundant, but some amount of redundancy is good. In the event that someone was able to change the subnet where the containers instances live to a public one, or move the instances into a public subnet, the security group limiting incoming traffic to only from within the VPC would still prevent outside traffic from accessing the resources originally in the private subnet.

In order to encourage visiting the site when exploring the workshop, allow a user to type in the URL and redirect them to the subdomain.

Really appreciated this project. Thanks to AWS. But having issues with clean up.

I am having the same issue raised in #56. As recommended by @abaird986, I deleted ECS resources (i.e. Fargate) but still cannot delete NLB or VPC. When trying to delete mysfits-nlb, I get error:

Load balancer 'arn:aws:elasticloadbalancing:us-east-1:641860735165:loadbalancer/net/mysfits-nlb/82ff6e1df96b980a' cannot be deleted because it is currently associated with another service.

When trying to delete the VPC, I get error:

Unable to delete this VPC:
The VPC contains one or more in-use network interfaces, and cannot be deleted until those network interfaces have been deleted.
View in-use network interfaces in the VPC.
eni-098d350b165da699f
eni-09e539d8f129d5008

When trying to detach a network interface, I get error:

Error deleting network interface
eni-098d350b165da699f: You are not allowed to manage 'ela-attach' attachments.

Thanks in advance.

If successful, you will see the newly created transformed-streaming.yml file exist within the ./cfn/ directory, if you look in its contents, you'll see that the sourceUri parameter of the serverless Lambda function has been updated with the object location where the SAM CLI has uploaded your packaged

There is no cfn directory. the file is in the root of the project. You have to create a cfn directory and move the file there. The command to create the new s3 buckets seems to be missing in the prior step as well.

In Module 6 the instructions for uncommenting do no match the code.
The python code is missing one "M" in "comment"

Instructions
UNCOMMENT_BEFORE_3RD_DEPLOYMENT

Code
UNCOMENT_BEFORE_3RD_DEPLOYMENT

I want to tell the AWS team that this is such a great step-by-step workshop that I am so thankful for the hard work that was put into building this.

This team makes me so proud and I do know any of you but I truly appreciate your hard work and effort and we are all beyond grateful that this was created. Your hard work is truly valued by all that will learn from it.

Wishing you each all the best!
Jovon W.

The Github repo does not match the AWS production tutorial site.

A specific example is Python Module 1, Step B (Update the S3 Bucket Policy).

AWS Documentation does not mention Cloudfront step, Github documentation does.

In module 4, I need to provide an VPC ID for the VPC link, "connectionId": "REPLACE_ME_VPC_LINK_ID"

I have a VPCID from the LoadBalancers, TargetGroups, and the MythicalMysfitsCoreStack:VPCId

Which one should I use?

module1 folder is missing from the master branch. This makes it difficult to continue with the tutorial in Module1 (Create static website) Step3 )Host the website on S3) as the bucket policy is missing.

I had to checkout the python branch before i could see the bucket policy in module-1/aws-cli/website-bucket-policy.json.

http://d3dztcudgkj2nd.cloudfront.net/

I'm at the first step of the second module...and I've been here sometime. I presume my IAM user doesn't have a correct policy assigned? How can I proceed? Thank you.

Marksdaily:/environment $ aws cloudformation create-stack --stack-name MythicalMysfitsCoreStack --capabilities CAPABILITY_NAMED_IAM --template-body file:///environment/aws-modern-application-workshop/module-2/cfn/core.yml

An error occurred (AccessDenied) when calling the CreateStack operation: User: arn:aws:iam::780963802580:user/Marksdaily is not authorized to perform: cloudformation:CreateStack on resource: arn:aws:cloudformation:us-west-2:780963802580:stack/MythicalMysfitsCoreStack/*
Marksdaily:~/environment $

Hello,
on the webpage https://aws.amazon.com/getting-started/projects/build-modern-app-fargate-lambda-dynamodb-python/module-one/
in step2, use "git clone https://github.com/aws-samples/aws-modern-application-workshop.git" cannot download artifact correctly. It seems that "git clone -b python https://github.com/aws-samples/aws-modern-application-workshop.git" does work.

https://github.com/aws-samples/aws-modern-application-workshop/tree/fargate/workshop-3#42-generate-load-to-test-the-scaling-policy
Stack creation for this section will fail.

The specified instance type can only be used in a VPC. A subnet ID or network interface ID is required to carry out the request. (Service: AmazonEC2; Status Code: 400; Error Code: VPCResourceNotSpecified;

I have identified the problem.
https://s3.amazonaws.com/mythical-mysfits-website/fargate-ops/load-gen-lab4.yml
The InstanceType in this yaml is wrong.

The error has been resolved by changing it as follows.

-      InstanceType: m4.large
+      InstanceType: m3.large

You will want to add

npm install --save-dev @angular-devkit/build-angular

in the frontend folder before running the script.

After finishing 2a part - my mysfits were not showing up :( Reason being - API was not returning proper CORS headers (they are only set up later in API Gateway).

I was able to solve it by adding https://github.com/rs/cors as a middleware and using default configuration, would it be fine to create a PR with this addition?

As per the guide https://aws.amazon.com/getting-started/projects/build-modern-app-fargate-lambda-dynamodb-python/module-one/ I can't progress passed the bucket policy step, as it appears the module directories are missing.

For example, the following directories are missing:
/module-1/aws-cli/website-bucket-policy.json
/module-1/web/index.html

Any chance these could be added back to the git repo so I can continue the workshop?

Thank you.

First thank you for this excellent tutorial.

When I do the clean up, I found that I'm not allowed to detach/delete two ENI due to their attachment to public IP address.

eni-058655ea3334df9f0: You are not allowed to manage 'ela-attach' attachments.
eni-03aababc6088212ab: You are not allowed to manage 'ela-attach' attachments.

➜  aws aws ec2 detach-network-interface --force --attachment-id ela-attach-e44a54d4

An error occurred (OperationNotPermitted) when calling the DetachNetworkInterface operation: You are not allowed to manage 'ela-attach' attachments.
➜  aws aws ec2 detach-network-interface --force --attachment-id ela-attach-6d438c50

An error occurred (OperationNotPermitted) when calling the DetachNetworkInterface operation: You are not allowed to manage 'ela-attach' attachments.

Therefore all other attach components cannot be deleted. I also found people have similar problem https://forums.aws.amazon.com/thread.jspa?messageID=877939&#877939

Any idea how to remove these ENI ?

  "executionRoleArn": "REPLACE_ME_ECS_ROLE_ARN",
  "taskRoleArn": "REPLACE_ME_ECS_TASK_ROLE_ARN",

I'm not certain which value to place in these. I have an arn for cloud formation and only one from ecs that I got when I created the cluster. What goes where?

"repositoryArn": "arn:aws:ecr:"
"StackId": "arn:aws:cloudformation:"
"Arn": "arn:aws:iam:"
"clusterArn": "arn:aws:ecs:"

Is there a command I can run at this point to retrieve in information in case I forgot to save the file?

Thank you for clarifying

Originally posted by @eladb in https://github.com/_render_node/MDE3OlB1bGxSZXF1ZXN0UmV2aWV3MjQ0NjM1NDc2/pull_request_reviews/more_threads

Trying to update the s3 bucket policy by following the instructions in section B.
Replaced the string "REPLACE_ME_BUCKET_NAME" with the name of the bucket i have created in the following command.
aws s3api put-bucket-policy --bucket REPLACE_ME_BUCKET_NAME --policy file://~/environment/aws-modern-application-workshop/module-1/aws-cli/website-bucket-policy.json
And this is the error I get : An error occurred (MalformedPolicy) when calling the PutBucketPolicy operation: Invalid principal in policy

This is the JSON file

{ "Version": "2008-10-17", "Id": "PolicyForCloudFrontPrivateContent", "Statement": [ { "Sid": "1", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity REPLACE_ME_CLOUDFRONT_ORIGIN_ACCESS_IDENTITY_ID" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::mythicalbucket1" } ] }

I tried reading the documentation for "Principle" and gave the "*" value since we are trying to grant public access but that gives error too.

This is the first time I'm working with AWS so would appreciate if anyone can help me with this.

I have successfully built the docker image and obtained the tag. However, I am unable to preview the application in the Cloud9 IDE browser. I have tried multiple requests and get different responses:

1. docker run -p 8080:8080 MY_ID.dkr.ecr.us-west-2.amazonaws.com/mythicalmysfits/service:latest returns "Cannot GET..." response. MY_ID is my account id from cloud formation output.
2. docker run -p 8080:8080 MY_ID.dkr.ecr.us-west-2.amazonaws.com/mysfits returns "Cannot GET..." response.
3. https://MY_ID.dkr.ecr.us-west-2.amazonaws.com/mysfits returns a request to re-enter user credentials. However, the correct user credentials are not accepted.

Hello Authors,

I am an absolute beginner in the AWS world and I am followed many tutorials with this among others. Last December 14th I made part two, followed the steps and called it a day. Today, more that a week later I realized that I was getting charged for many of the components created there.

Amazon Elastic Compute Cloud NatGateway Amazon EC2 Container Service USE2-Fargate-GB-Hours Amazon EC2 Container Service USE2-Fargate-vCPU-Hours:perCPU

I wished that you put a disclaimer in the lessons and readme saying that the resources are to be shut down after completing the tutorial, because for beginners this is not so evident.

Regards
Daniel

I followed your steps exactly for module 2 three separate times but upon visiting the nlb, I always reach a blank page even with /mysfits. If I upload to s3 and view the website, the mysfits don't populate and I can see the load balancer returning 404 not found.

Everything is healthy when I visit the amazon console.

The instruction link below mentioned "Find the app/monolith-service/service/mythicalMysfitsService.py source file, and uncomment the following section"

https://github.com/aws-samples/aws-modern-application-workshop/tree/fargate/workshop-1#instructions-2

Feedback: Need to remind user to remove extra whitespace when removing "#" to avoid indentation error.

Hi I've completed this demo - https://github.com/aws-samples/aws-modern-application-workshop/tree/java/module-4 and when I tried to register a new user, it keeps prompting me Network Error! I've changed the Cognito password policy to the most simplest requirement still not managed to register any user. Is anyone facing the same problem?

There folder does not contain the bucket-policy file required for publishing the website content

It would be helpful if we added a section that will tell users how to view a created resource, update if they entered the wrong info the format time and to delete it so they can create again if it's not working.

I ended up deleting everything from the console and starting over because I didnt "create" a resource properly the first time and couldn't figure out how to override the values once the resource had been created.

Issue location: Module 2 - Test the Fargate service

Issue: Once I open the URL of my NLB, a new tasks starts in my MythicalMysfits-Cluster. After several minutes I get ERR_CONNECTION_TIMED_OUT. Checking the AWS ECS console, I can see that there are several stopped tasks. Navigating down to the Containers section in any of the stopped tasks I can see the same error.

Error: CannotPullContainerError: API error (500): Get https://111222333444.dkr.ecr.eu-west-1.amazonaws.com/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

I found AWS docs describing a similar issue. It seems that my task cannot pull the proper image. They recommend to enable Auto-assign public IP if the task is in a public subnet (which it is, according to my limited understanding). Unfortunately I reached a point where I don't understand what exactly happened and can't fix it, even though I spent one whole day trying to figure out. My closest guess is, according to the docs, that I need to change "assignPublicIp": "DISABLED" to "assignPublicIp": "ENABLED" in the service-definition.json file. But I don't think this is correct, since I would change the projects default settings and I'm not even sure if this is the setting described in the docs.

I would appreciate some help and further explanation why I face this issue. Thanks a lot! :)

Do we need to replace this phrase when creating a cloud formation stack?

I'm suffering with a common issue, I cant delete the NLB and I'm getting charged. I've followed the recommendations and deleted the ECS cluster, cloudwatch logs, and tried to disassociate the NLB from the endpoint service but no luck. I've had no luck removing the NLB from the endpoint service. I also tried the cloudformation stack and no luck either.

VPC >> vpc-0ef3a3953e60205e2

EndpointServices >> com.amazonaws.vpce.us-east-1.vpce-svc-0b127c49ecfc55422

NLB >> arn:aws:elasticloadbalancing:us-east-1:281174624655:loadbalancer/net/mysfits-nlb/eb9c86e32cfc83b6

Please see log below.

Adding permissions "ecr:UploadLayerPart" and "ecr:CompleteLayerUpload" to MythicalMysfitsService-CodeBuildServicePolicy helps.

denied: User: arn:aws:sts:::assumed-role/MythicalMysfitsServiceCodeBuildServiceRole/AWSCodeBuild-4c4a1c09-bbca-4853-9d15-e18fe7c6f667 is not authorized to perform: ecr:CompleteLayerUpload on resource: arn:aws:ecr:eu-west-1:026927173535:repository/mythicalmysfits/service
[Container] 2019/04/03 07:22:13 Command did not exit successfully docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/mythicalmysfits/service:latest exit status 1
[Container] 2019/04/03 07:22:13 Phase complete: POST_BUILD State: FAILED

When I went to the DNSName from my LoadBalancer after creating my cluster the web page would not load.

I looked into the ECS console to troubleshoot.

Under clusters I have: Active service count 1 Fargate, 0 EC2

I have one Service: MythicalMysfits-Service which lists:
Desired count 1
Status ACTIVE
Pending count 0
Task definition mythicalmysfitsservice:1
Running count 0

However, when I look at Events I see many failed attempts and finally this message:

service MythicalMysfits-Service is unable to consistently start tasks successfully. For more information, see the Troubleshooting section.

When I click on one of the failed ones I can see the following error:

Status reason | CannotPullECRContainerError: InvalidParameterException: Invalid parameter at 'registryIds' failed to satisfy constraint: 'Member must satisfy constraint: [Member must satisfy regular expression pattern: [0-9]{12}]' status code: 400, request id: 1b7cd3ab-

I looked I the troubleshooting guide and it indicates for Cannot Pull Container Image
that tasks in public subnets, specify ENABLED for Auto-assign public IP when launching the task.

In service-definiation.json it has the value "assignPublicIp" set to "DISABLED".

I used public subnet IDs, was I supposed to use private? Should this value be "ENABLED"?

I"m not sure what went wrong.

I'm not sure if there was an error on my part, but when I got to this section: https://github.com/aws-samples/aws-modern-application-workshop/tree/go/module-2#create-the-service and tried to run the command there (aws ecs create-service --cli-input-json file://~/environment/aws-modern-application-workshop/module-2/aws-cli/service-definition.json), I was getting the following error message: An error occurred (InvalidParameterException) when calling the CreateService operation: Unable to assume the service linked role. Please verify that the ECS service linked role exists.. I was able to get past this issue after reading through https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html and running aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com in the console to create the missing role.

The linked docs state, "Under most circumstances, you don't need to manually create a service-linked role." So I'm imagining there is some issues with my permissions or something. But the error message didn't say anything about that?

Module 3 has a separate client folder with the Go client code for accessing Dynamo DB. The instructions only contain directions to copy services folder:

cp ~/environment/aws-modern-application-workshop/module-3/app/service/* ~/environment/MythicalMysfitsService-Repository/service/

This results in a non-working solution. The Docker build will fail.

In Module 4, the folder structure of Go code is different. "mysfitsTableClient.go" file is now in the service folder. The code pipeline seems to build fine, but the API doesn't seem to work.

I am having trouble in Module 2a Step 1, deploying the Templates.

Following this command:
aws cloudformation create-stack --stack-name MythicalMysfitsCoreStack --capabilities CAPABILITY_NAMED_IAM --template-body file://~/environment/aws-modern-application-workshop/module-2/cfn/core.yml

My stack fails to create. Looking into the details on my Cloud Formation Console, the first error is as follows:

MythicalMysfitsServiceCodeBuildServiceRole already exists

Then it triggers a rollback of the entire stack. I've tried deleting the stack and attempting to create it again, always with the same issue. I suspect I am not fully deleting it from the cloud. However, this does not explain the initial failure.

Not only do you need to run git secrets --install but you also need to run git secrets --register-aws

Hi,

nice workshop.

I have a question though, how would I go about getting the claims from the cognito user pools authorizer in this application? say I want to do some claims-based authorization, would I need to decode the JWT auth token in the webapi or is there a way to access the authorizer output?

In Module 2B, Step 1 Section C, I am instructed to enter the command:

docker push 111111111111.dkr.ecr.us-east-1.amazonaws.com/mythicalmysfits/service:latest

However, I get the error message: no basic auth credentials.

Also at the beginning of this module I am instructed to enter my account id, but there are no instructions for how to retrieve it. WIll users new to AWS know how to find this information?

docker build . -t {aws_account_id}.dkr.ecr.{us-east-1}.amazonaws.com/mythicalmysfits/service:latest

In order to run npm run build -- --prod the file
\module-1\frontend\src\environments\environment.prod.ts is needed. This file will only be added in module-2.
So as a nodejs newby it took me while to figure it out.

I am running the dotnet tutorial on windows 10.

I have been getting this error when creating the policy for the S3.
I have tried many things like changing the ID name in different ways and changing the bucket name.

error occurred (MalformedPolicy) when calling the PutBucketPolicy operation: Invalid principal in policy

I'm getting the following error message in ECR console, I removed the

service MythicalMysfits-Service failed to launch a task with (error ECS was unable to assume the role 'arn:aws:iam::281174624655:role/MythicalMysfitsCoreStack-ECSTaskRole-FXO3A6J08BN' that was provided for this task. Please verify that the role being passed has the proper trust relationship and permissions and that your IAM user has permissions to pass this role.).

I've quadruple checked the task-definitions json file and IAM. The look correct.

Issue location: Creating a Service with Fargate

Issue: When running aws ecs create-service --cli-input-json file://~/environment/aws-modern-application-workshop/module-2/aws-cli/service-definition.json I get the following error: "An error occurred (InvalidParameterException) when calling the CreateService operation: Unable to assume the service linked role. Please verify that the ECS service linked role exists."

I followed Amazon ECS Service Scheduler IAM Role however, it did not resolve the issue.

What may be the issue and how I can resolve it?

Thanks!