copilot-cli: Bug with SSM secrets?
No matter how hard I try, I can’t really get passed this error:
Invalid request provided: Create T
askDefinition: The Systems Manager parameter name specified for secret
JWT_KEY is invalid. The parameter name can be up to 2048 characters a
nd include the following letters and symbols: a-zA-Z0-9_.-
JWT_KEY
seems to be perfectly fine as a param name.
I’ve reviewed this page a dozen times and still can’t find what I am missing https://aws.github.io/copilot-cli/docs/commands/secret-init/
Any help is really appreciated
UPDATE: I’m running copilot v1.16.0 This is a Load Balanced Web Service
About this issue
- Original URL
- State: open
- Created 2 years ago
- Comments: 19 (9 by maintainers)
Commits related to this issue
- change secret printout to reduce issues copy/pasting invalid characters (#3446) — committed to dannyrandall/copilot-cli by dannyrandall 2 years ago
- chore: reduce chance of copying invalid character in secret to copilot manifest (#3716) New printout: ``` You can refer to these secrets from your manifest file by editing the `secrets` section. <th... — committed to aws/copilot-cli by dannyrandall 2 years ago
I ended up having this issue again, but determined it was a copy and paste error. When receiving the guidance from the CLI to update the manifest file with the secrets I was copying output like this:
and leaving the character ` in the manifest file… removing that fixed the issue 🤦
Hey all! I did some digging and was able to reproduce the issue (thanks @aflansburg!) and find something that I think makes this a hard bug to track down:
To reproduce:
TEST_SECRET_ONE
(i copy-pasted the same value in for each of my env’s)copilot svc deploy
- it works finecopilot svc deploy
, doesn’t work (relevant cfn incopilot svc package
:Error message:
copilot svc deploy
, still fails (relevant cfn fromcopilot svc package
:(so the CFN template generated by Copilot appears to be getting updated - the ` is gone)
Error message:
Based on this last error message, it appears that CloudFormation doesn’t generate a change set when
ValueFrom
changes in a Task Definition. If you make a different change in the manifest (like changecount
), CloudFormation will pick up the secret change as well and deploy a new Task Definition that works.Next steps:
ValueFrom
outside of Copilot and follow up with relevant the internal teams to make sure changes toValueFrom
get detected@dannyrandall Hi Danny, The old version I used: v1.8 Now, I updated it to v1.17
omg!
ok it sounds like if we print with code blocks
` character this bug scenario would go away.
```
instead of just theWe should replace https://github.com/aws/copilot-cli/blob/a28a4682b4bf53e616c7840077c30e6224170498/internal/pkg/cli/secret_init.go#L419 with
color.HighlightCodeBlock
👋 I’m also experiencing this issue when setting an IP address as a secret with
copilot secret init
. Important to note, that this was working previously, but I needed to add a domain and HTTPS endpoint for our app and so after destroying and recreating the app and attempting to deploy a service I receive:I have also tried deleting and manually recreating the secret in SSM parameter store, but no luck.
Sidenote: I just updated to 1.19 today from 1.18 and am running a “Load Balanced Web Service”
UPDATE: In a bizarre twist of events, I renamed my secrets, which all began with
MONGO_
(for MongoDB) to begin with justDB_
instead, “hand typed” the secrets instead of pasting them from a.env
in vsCode and it started working 🤔 Now, I’m wondering if something with copy/paste was inserting some incorrect characters into the cli command OR if renaming had any bearing.