skip to Main Content

I am trying to deploy cloudformation stack into a cross-account account. However, when i am deploying the cloudfromation.yml file i am getting the following below error. I have even tried using cloudformation.yaml but same error.

However, when i try to create S3 bucket, the bucket is created without any problem. the issue only arises when doing lambda deployment

Waiting for changeset to be created..

Failed to create the changeset: Waiter ChangeSetCreateComplete failed: Waiter encountered a terminal failure state: 
For expression "Status" we matched expected path: "FAILED" Status: FAILED. Reason: Transform AWS::Serverless-2016-10-31 failed with: Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [helloworldpython3] is invalid. 'CodeUri' is not a valid S3 Uri of the form 's3://bucket/key' with optional versionId query parameter.

Here is my cloudformation.yml file that i have got, which is deploying a simple lambda function. I have even tried using cloudformation.yaml but i get the same error

AWSTemplateFormatVersion: "2010-09-09"
Transform: "AWS::Serverless-2016-10-31"
Description: A starter AWS Lambda function.

Resources:
  helloworldpython3:
    Type: "AWS::Serverless::Function"
    Properties:
      Handler: lambda_function.lambda_handler
      Runtime: python3.6
      CodeUri: ./lambda
      Description: 'Lambda function for CD Demo'
      MemorySize: 128
      Timeout: 30

Here is my buildspec.yml file that i have got setup

version: 0.2

phases:
  install:
    commands:
      - echo $CROSS_ACCOUNT_ROLE
      - echo $TARGET_ACCOUNT_ID
      - cd $CODEBUILD_SRC_DIR
      - chmod +x cross-account-setup.sh
  build:
    commands:
      - echo "Start Deploy"
      - cd $CODEBUILD_SRC_DIR
      - . ./cross-account-setup.sh
      - >
        aws cloudformation deploy --stack-name amr-manual-deployment-cicd --template-file cloudformation-stack.yml --no-fail-on-empty-changeset 
      - echo "End Deploy"

What changes do i need to make in the .yml file in oder to deploy the cloud-formation stack successfully.

Thank you

2

Answers


  1. Then you use transform you can say that you let CF "build" your lambda function and upload your artifact to a s3 bucket. Transform will rework your CF to point to these artifacts now stored in s3. And doing this in a cross-account solution can provide issues with read access for the CF to the artifacts.

    Login or Signup to reply.
  2. AWS::Serverless::Function syntax expects a s3 Uri. So CodeUri should be something like 's3://testBucket/mySourceCode.zip'.
    In your codebuild, you have to add a step to zip and upload the source code to s3 bucket before running the cloudformation deploy command. Refer this for steps for packaging python applications.
    If you want to avoid this overhead you can convert your application into a SAM and add SAM CLI in your codebuild environment to do the deployment.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search