Serverless deployment errorL Environment variable iamRoleStatements must contain string - node.js

I am trying to locally run serverless deploy but getting this error:
Serverless Error ---------------------------------------
Environment variable iamRoleStatements must contain string
Below is the relevant part from my serverless.yml
provider:
name: aws
runtime: nodejs10.x
stage: prod
region: us-east-1
environment:
tableName: profiles
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:DescribeTable
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
Resource: 'arn:aws:dynamodb:us-east-1:*:*'
Below is my environment information:
Your Environment Information ---------------------------
Operating System: darwin
Node Version: 12.16.1
Framework Version: 1.64.0
Plugin Version: 3.4.0
SDK Version: 2.3.0
Components Core Version: 1.1.2
Components CLI Version: 1.4.0
Any idea where I might be wrong?

Your iam roles seem to be configured correctly.
Double check your indentation on the roles are correct, at first I would say it's probably missing one space at least comparing the environment definitions
environment:
tableName: profiles
iamRoleStatements:
- Effect: Allow

Related

Serverless: Layers No file matches include / exclude patterns

My serverless.yml file works fine as soon as I add layers I starting getting this error
Serverless Error ----------------------------------------
No file matches include / exclude patterns
service: foundation
useDotenv: true
custom:
name: foundation
provider:
name: aws
stackName: ${self:service}-${self:provider.stage}
region: us-east-1
stage: ${opt:stage, 'dev'}
environment:
REGION: ${self:provider.region}
STAGE: ${self:provider.stage}
layers:
certificates:
path: certificate
plugins:
- serverless-deployment-bucket
- serverless-pseudo-parameters
- serverless-plugin-typescript
functions:
- ${file(./src/handler/function.yml)}
resources:
- ${file(./resources/outputs.yml)}
runtime: Node.js
Note: using layers to add certificates to lambda
Serverless version: 2.31.0
You may be getting this error if you execlude the directory where the layer is running through the plugins you use or in another part of the yml file. Maybe editing it this way will solve the problem
this link has an explanation about it
layers:
certificates:
package:
include:
- ./your/layer/path/**

Accessing environment configs defined in serverless.yaml in standalone nodejs script

I have recently started working on a project in which we are using serverless framework. We are using docker to make dev environment easier to setup.
As part of this docker setup we have created a script that creates S3 buckets & tables among other things. We were earlier defining environment variables in the docker-compose file and were accessing them in our nodejs app. For purposes of deployment to other environments our devops team defined a few environment variables in the serverless.yaml file resulting in environment configs being present at two places. We are now planning to move all the environment configs defined in our docker-compose file to serverless.yaml. This works well for our lambdas functions as they are able to read these configs, but it doesn't work for the standalone setup script that we have written.
I tried using this plugin(serverless-scriptable-plugin) in an attempt to be able to read these env variables but still unable to do so.
Here is my serverless.yaml file
service:
name: my-service
frameworkVersion: '2'
configValidationMode: error
provider:
name: aws
runtime: nodejs14.x
region: 'us-east-1'
profile: ${env:PROFILE, 'dev'}
stackName: stack-${self:provider.profile}
apiName: ${self:custom.environment_prefix}-${self:service.name}-my-api
environment: ${self:custom.environment_variables.${self:provider.profile}}
plugins:
- serverless-webpack
- serverless-scriptable-plugin
- serverless-offline-sqs
- serverless-offline
functions:
myMethod:
handler: handler.myHandler
name: ${self:custom.environment_prefix}-${self:service.name}-myHandler
events:
- sqs:
arn:
Fn::GetAtt:
- MyQueue
- Arn
resources:
Resources:
MyQueue:
Type: AWS::SQS::Queue
Properties:
QueueName: ${self:custom.queuename}
Tags:
- Key: product
Value: common
- Key: service
Value: common
- Key: function
Value: ${self:service.name}
- Key: region
Value: ${env:REGION}
package:
individually: true
custom:
webpack:
webpackConfig: ./webpack.config.js
includeModules: true
serverless-offline:
host: 0.0.0.0
port: 3000
serverless-offline-sqs:
apiVersion: '2012-11-05'
endpoint: http://sqs:9324
region: ${self:provider.region}
accessKeyId: root
secretAccessKey: root
skipCacheInvalidation: false
localstack:
stages:
- local
lambda:
mountCode: true
debug: true
environment_prefixes:
staging: staging
production: production
dev: dev
environment_prefix: ${self:custom.environment_prefixes.${self:provider.profile}}
queuename: 'myQueue'
environment_variables:
dev:
AWS_ACCESS_KEY_ID: test
AWS_SECRET_ACCESS_KEY: test
BUCKET_NAME: my-bucket
S3_URL: http://localstack:4566
SLS_DEBUG: '*'
scriptable:
commands:
setup: node /app/dockerEntrypoint.js
In my DockerFile I try executing script using sls setup CMD. I initially thought using sls command might expose these environment variables defined in serverless.yaml file but it doesn't seem to happen.
Is there any other way this can be achieved? I am trying to access these variables using process.env which works for lambdas but not for my standalone script. Thanks!
There's not a good way to get access to these environment variables if you're running the lambda code as a script.
The Serverless Framework injects these variables into the Lambda function runtime configuration via CloudFormation.
It does not insert/update the raw serverless.yml file, nor does it somehow intercept calls to process.env via the node process.
You'll could use the scriptable plugin to run after package, and then export each variable into your local docker environment. But that seems pretty heavy for the variables in your env.
Instead, you might consider something like dotenv, which will load variables from a .env file into your environment.
There is a serverless-dotenv plugin you could use, and then your script could also call dotenv before running.

FUNCTION_ERROR_INIT_FAILURE AWS lambda

I recently added the cool lambda feature - provisioned concurrency.
After a few successful deployments, I now face this issue
Serverless Error ---------------------------------------
ServerlessError: An error occurred:
GraphqlPrivateProvConcLambdaAlias - Provisioned Concurrency
configuration failed to be applied. Reason:
FUNCTION_ERROR_INIT_FAILURE.
at C:\Users\theod\AppData\Roaming\npm\node_modules\serverless\lib\plugins\aws\lib\monitorStack.js:125:33
From previous event:
at AwsDeploy.monitorStack (C:\Users\theod\AppData\Roaming\npm\node_modules\serverless\lib\plugins\aws\lib\monitorStack.js:28:12)
at C:\Users\theod\AppData\Roaming\npm\node_modules\serverless\lib\plugins\aws\lib\updateStack.js:107:28
From previous event:
at AwsDeploy.update
here's my sample serverless.yml file
service: backend-api
parameters:
region: ap-southeast-2
path: &path /
provider:
name: aws
runtime: nodejs12.x
stage: ${env:STAGE, 'staging'}
region: ap-southeast-2
versionFunctions: true
plugins:
- serverless-webpack
- serverless-pseudo-parameters
- serverless-prune-plugin
# - serverless-offline-scheduler
- serverless-offline
functions:
# GRAPHQL APIs
graphqlPrivate:
handler: src/graphql/private/index.handler
memorySize: 256
timeout: 30
name: ${self:service}-gqlPrivate-${self:provider.stage}
vpc: ${file(./serverless/vpc.yml)}
events:
- http:
path: /graphql/private
method: ANY
cors: true
authorizer:
arn: arn:aws:cognito-idp:#{AWS::Region}:#{AWS::AccountId}:userpool/${self:custom.cognitoArns.private.${self:provider.stage}}
provisionedConcurrency: 10
package:
individually: true
custom:
webpack:
keepOutputDirectory: true
serializedCompile: true
webpackConfig: 'webpack.config.js'
packager: 'npm'
stage: ${opt:stage, self:provider.stage}
prune:
automatic: true
number: 1
anybody able to resolve this issue?
Your Environment Information ---------------------------
Operating System: win32
Node Version: 12.11.0
Framework Version: 1.61.3
Plugin Version: 3.2.7
SDK Version: 2.3.0
Components Core Version: 1.1.2
Components CLI Version: 1.4.0
FUNCTION_ERROR_INIT_FAILURE plainly means there's something wrong with the function's handler/code that i'm trying to deploy, w/c is why provisioned lambdas can't start up/initialize.
The way to resolve this, is to test w/o provisioned concurrency option first.
Once you are able to push your lambda, error(s) will surely flow into your CW logs.
The best way though, is to test your lambda locally(using serverless-offline plugin or serverless invoke), if it works properly.
You can also package your app, and invoke it with serverless cli to detect issues on packaging.
In my case, there is a runtime error where my code bundle is looking for a require that is not part of bundle.
This is undocumented on AWS lambda as of now(Jan 29, 2020)

serverless-domain-manager cannot be found by serverless deployment

I was getting the below error while deploying the lambda on AWS using bitbucket pipeline
Error: Could not set up basepath mapping. Try running sls create_domain first.
Error: 'staging-api.simple.touchsuite.com' could not be found in API Gateway.
ConfigError: Missing region in config
at getDomain.then.then.catch (/opt/atlassian/pipelines/agent/build/node_modules/serverless-domain-manager/index.js:181:15)
at
at runMicrotasksCallback (internal/process/next_tick.js:121:5)
at _combinedTickCallback (internal/process/next_tick.js:131:7)
at process._tickDomainCallback (internal/process/next_tick.js:218:9)
For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.
Get Support
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Issues: forum.serverless.com
Your Environment Information
Operating System: linux
Node Version: 8.10.0
Framework Version: 1.61.3
Plugin Version: 3.2.7
SDK Version: 2.3.0
Components Core Version: 1.1.2
Components CLI Version: 1.4.0
So, I updated the serverless-domain-manager to the newest version 3.3.1
I tried to deploy the lambda after updating the serverless-domain-manager and now I am getting the below error.
Serverless Error
Serverless plugin "serverless-domain-manager" not found. Make sure it's installed and listed in the "plugins" section of your serverless config file.
serverless.yml snippet
plugins:
- serverless-plugin-warmup
- serverless-offline
- serverless-log-forwarding
- serverless-domain-manager
custom:
warmup:
schedule: 'cron(0/10 12-23 ? * MON-FRI *)'
prewarm: true
headers:
- Content-Type
- X-Amz-Date
- Authorization
- X-Api-Key
- X-Amz-Security-Token
- TS-Staging
- x-tss-correlation-id
- x-tss-application-id
stage: ${opt:stage, self:provider.stage}
domains:
prod: api.simple.touchsuite.com
staging: staging-api.simple.touchsuite.com
dev: dev-api.simple.touchsuite.com
customDomain:
basePath: 'svc'
domainName: ${self:custom.domains.${self:custom.stage}}
stage: ${self:custom.stage}
bitbucket-pipeline.yml snippet
image: node:8.10.0
pipelines:
branches:
master:
- step:
caches:
- node
name: Run tests
script:
- npm install --global copy
- npm install
- NODE_ENV=test npm test
- step:
caches:
- node
name: Deploy to Staging
deployment: staging # set to test, staging or production
script:
- npm install --global copy
- npm run deploy:staging
- npm run deploy:integrations:staging
- node -e 'require("./scripts/bitbucket.js").triggerPipeline()'
Need some insight, what am I missing that creating the error
I have found with Bitbucket I needed to add an npm install command to make sure that my modules and the plugins were all installed before trying to run them. This may be what is missing in your case. You can also turn caching on for the resulting node_modules folder so that it doesn't have to download all modules every time you deploy.

Warned - no cfnRole set and unnecessary files was created after deploy

No cfnRole warned and unnecessary files was created after deploy
Serverless: Safeguards Processing...
Serverless: Safeguards Results:
Summary --------------------------------------------------
passed - no-unsafe-wildcard-iam-permissions
passed - framework-version
warned - require-cfn-role
passed - allowed-runtimes
passed - no-secret-env-vars
passed - allowed-regions
passed - allowed-stages
Details --------------------------------------------------
1) Warned - no cfnRole set
details: http://slss.io/sg-require-cfn-role
Require the cfnRole option, which specifies a particular role for CloudFormation to assume while deploying.
I had been go to the site that write in details.
details: http://slss.io/sg-require-cfn-role
Anyway, I don't know how to fix it.
s_hello.py & s_hello2.py always generated after deploy.
This is my serverless.yaml file
service: myapp
app: sample-app
org: xxx
provider:
name: aws
runtime: python3.7
stage: dev
region: us-east-1
package:
individually: true
functions:
hello:
handler: src/handler/handler.hello
hello2:
handler: src/handler2/handler2.hello2
It's always happen although follow this site .
My Lambda-function will create "s_xxx.py (Where xxx is handler.py file.
I solved this issue creating a cfn-role in AWS IAM following these steps:
Roles -> Create Role -> AWS Service -> Select Cloud Formation from the list
Next: Permisions
You need to choose all the policies you need to deploy your lambda function (S3FullAccess, SQSFullAccess, LambdaFullAccess...)
There's one that it's mandatory AWSConfigRole who allows to serverless framework to get this role.
After setting the role, you need to copy its arn and create behind provider level cfnRole like this:
provider:
name: aws
runtime: python3.7
stage: ${opt:stage, 'dev'}
profile: ${self:custom.deploy-profile.${opt:stage, 'dev'}}
region: us-west-2
environment:
TEMP: "/tmp"
cfnRole: arn:aws:iam::xxxxxxxxxx:role/cfn-Role
That's work for me, I hope to help!

Resources