RunImageFunction ERROR [FGCP/7.0/DualAZ]

Question

RunImageFunction ERROR [FGCP/7.0/DualAZ]

laptom opened this issue 3 years ago · 5 comments

Getting such error when running CF, 7.0:

RunImageFunction ERROR

{
"Status": "FAILED",
"Reason": "See the details in CloudWatch Log Stream: 2022/03/16/[$LATEST]786ee947e4d84923935a99224406f956",
"PhysicalResourceId": "2022/03/16/[$LATEST]786ee947e4d84923935a99224406f956",
"StackId": "arn:aws:cloudformation:eu-central-1:729267244622:stack/FGStack/73419f90-a550-11ec-87d7-0275f7a88d18",
"RequestId": "d002c7c1-86f5-41c3-91e9-67d47c15f483",
"LogicalResourceId": "RunImageFunction",
"NoEcho": false,
"Data": {
"msg": "error"
}
}

PLEASE CHECK QUICKLy, THX

Answer 1 · 2022-03-16T23:50:11.000Z

appears to be related to the S3 bucket that is created

Answer 2 · 2022-03-17T06:27:24.000Z

Nope. I manually created S3 bucket & seems CF has access to create txt files.
Also in the bucket I noticed two files created fgt1.txt and fgt2.txt with below content.

Need to check S3 bucket policies. It might be due to some missing rights.

AccessDenied Access Denied 0VBWGW849PAKT187 V045eaeo0ywjPiQkhdYDhJIei2mOdeHsevq7CghnYtSjQevQs6TGvNFi82uKbePolS0BuQof/i0=

Answer 3 · 2022-03-17T14:15:57.000Z

Ok, be sure to check the permissions on the bucket and see that is not blocking public access.

…

On Wed, Mar 16, 2022 at 11:27 PM laptom ***@***.***> wrote: Nope. I manually created S3 bucket. Also in the bucket I noticed two files created fgt1.txt and fgt2.txt with below content. AccessDenied Access Denied 0VBWGW849PAKT187 V045eaeo0ywjPiQkhdYDhJIei2mOdeHsevq7CghnYtSjQevQs6TGvNFi82uKbePolS0BuQof/i0= — Reply to this email directly, view it on GitHub <#16 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AJBWUFT26Z56PCGZV2KOGR3VALGFPANCNFSM5Q4XRAAA> . You are receiving this because you commented.Message ID: ***@***.***>

Answer 4 · 2022-03-18T18:41:42.000Z

Acutally I tried those combinations and only one works fine, there is no issue with S3 policy bucket:

FGCP/7.0/DualAZ) - PAYG - fails on RunImageFunction, configs (fgt1.txt and fgt2.txt) uploaded to S3
FGCP/7.0/DualAZ) - BYOL - fails on RunImageFunction, configs (fgt1.txt and fgt2.txt) uploaded to S3
FGCP7.0/SingleAZ) - PAYG - fails
FGCP7.0/SingleAZ) -BYOL - works OK.

###############
Seems that there is an issue with accessing proper AMI, weird thing is that same code works for SignleAZ -BYOL.

[ERROR] 2022-03-19T09:12:24.291Z f3179b1c-d7a4-4506-bb0e-0de8ab5439aa !!--> Unable to find AMI in response! {'Images': [], 'ResponseMetadata': {'RequestId': '604c55e0-ae76-403a-97ec-ca0d7607b6bf', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': '604c55e0-ae76-403a-97ec-ca0d7607b6bf', 'cache-control': 'no-cache, no-store', 'strict-transport-security': 'max-age=31536000; includeSubDomains', 'content-type': 'text/xml;charset=UTF-8', 'content-length': '219', 'date': 'Sat, 19 Mar 2022 09:12:23 GMT', 'server': 'AmazonEC2'}, 'RetryAttempts': 0}}

Answer 5 · 2022-10-11T09:03:39.000Z

Each file (fgt1.txt and fgt2.txt) should have a base configuration for the corresponding firewall. are you using the exact name of the S3 bucket during the deployment set up or the ARN of the bucket?

…

On Fri, Mar 18, 2022 at 11:41 AM laptom ***@***.***> wrote: My S3 policy allows access and also I see those two emtpy files in my S3 bucket: Any idea what might br wrong? fgt1.txt fgt2.tx S3 policy: { "Id": "Policy1647621792464", "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1647621791412", "Action": [ "s3:PutObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::tls3/ *", "Principal": "*" } ] } — Reply to this email directly, view it on GitHub <#16 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AJBWUFWJVRVYK74KK7TPAIDVATE7BANCNFSM5Q4XRAAA> . You are receiving this because you commented.Message ID: ***@***.***>