Deploy the APIs

The AWS credentials you are using doesn’t seem to have access to create an S3 bucket? Can you double check this?

Hi team, I’m getting this error:

Serverless Error ---------------------------------------

  The serverless deployment bucket "notes-app-api-prod-serverlessdeploymentbucket-9nob5dxvq5hb" does not exist. Create it manually if you want to reuse the CloudFormation stack "notes-app-api-prod", or delete the stack if it is no longer required.

Now, I have no idea where can I configure my S3 bucket…

Hmm it depends when you got this error. This doc on the issue might be helpful:

Hi there,

After deploying I have 2 cloudwatch alarms that wont go away for days:
ConsumedWriteCapacityUnits < 150 for 15 datapoints within 15 minutes.
ConsumedReadCapacityUnits < 150 for 15 datapoints within 15 minutes.
Kinda worried about this? Any fix?

Hmm I don’t think it should be an issue but is this CloudWatch alert related DynamoDB? Can you post a screenshot?

If anyone faces this issue:

I did serverless deploy --verbose and kept getting the following error:

Serverless: 
WARNING: Entry for resources@undefined could not be retrieved.
Please check your service config if you want to use lib.entries.
Serverless: Removing /Users/prashanth/Development/Apps/scratch-that/scratch-that-api/.webpack
Serverless: Using multi-compile (individual packaging)
Unhandled rejection TypeError [ERR_INVALID_ARG_TYPE]: The "path" argument must be of type string. Received type undefined
    at assertPath (path.js:39:11)
    at Object.relative (path.js:1171:5) 

In the previous chapter, we added CORS to API gateway and referenced that file in serverless.yml.

I accidentally indented resources by one space. I un-indented it and bam it deployed :slight_smile:

1 Like

Hi there,

I keep getting error when deploying:

An error occurred: IamRoleLambdaExecution - Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: fcd21be0-cd70-11e9-988d-6b4c95a1bbfe).

CloudFormation - CREATE_FAILED - AWS::IAM::Role - IamRoleLambdaExecution

Hmm this could be related to your serverless.yml. Can you compare yours to the one in the repo https://github.com/AnomalyInnovations/serverless-stack-demo-api/blob/handle-api-gateway-cors-errors/serverless.yml#L19?

Thanks jayair. Thought I had it there. Slight type in the dynamodb actions. That was the only difference.
Fixed that but still got error:

CloudFormation - CREATE_IN_PROGRESS - AWS::ApiGateway::RestApi - ApiGatewayRestApi
CloudFormation - CREATE_IN_PROGRESS - AWS::Logs::LogGroup - DeleteLogGroup
CloudFormation - CREATE_COMPLETE - AWS::Logs::LogGroup - UpdateLogGroup
CloudFormation - CREATE_COMPLETE - AWS::Logs::LogGroup - GetLogGroup
CloudFormation - CREATE_COMPLETE - AWS::ApiGateway::RestApi - ApiGatewayRestApi
CloudFormation - CREATE_IN_PROGRESS - AWS::IAM::Role - IamRoleLambdaExecution
CloudFormation - CREATE_IN_PROGRESS - AWS::Logs::LogGroup - DeleteLogGroup
CloudFormation - CREATE_COMPLETE - AWS::Logs::LogGroup - DeleteLogGroup
CloudFormation - CREATE_FAILED - AWS::IAM::Role - IamRoleLambdaExecution

Further to that error, I get this when verbose on:

An error occurred: IamRoleLambdaExecution - Syntax errors in policy. (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 3206e87c-ced5-11e9-ae4f-bb716bff761d).

Wow.

I went from this (note the space after the colon):

        - dynamodb: DescribeTable
        - dynamodb: Query
        - dynamodb: Scan
        - dynamodb: GetItem
        - dynamodb: PutItem
        - dynamodb: UpdateItem
        - dynamodb: DeleteItem

to this:

          - dynamodb:DescribeTable
          - dynamodb:Query
          - dynamodb:Scan
          - dynamodb:GetItem
          - dynamodb:PutItem
          - dynamodb:UpdateItem
          - dynamodb:DeleteItem

and the problem went away.

Ugh yeah these configs are awfully unforgiving. It’s really annoying.

I keep getting a weird “Inaccessible host” error that changes sometimes and other times just goes through

things like

Recoverable error occurred (Inaccessible host: logs.us-east-1.amazonaws.com'. This service may not be available in theus-east-1’ region.), sleeping for 5 seconds. Try 1 of 4

or

Recoverable error occurred (Inaccessible host: sts.amazonaws.com'. This service may not be available in theus-east-1’ region.), sleeping for 5 seconds. Try 1 of 4

or

Recoverable error occurred (Inaccessible host: voice-api-dev-serverlessdeploymentbucket-ncah2ykw2xth.s3.amazonaws.com'. This service may not be available in theus-east-1’ region.), sleeping for 5 seconds. Try 1 of 4

Your Environment Information ---------------------------
Operating System: darwin
Node Version: 12.7.0
Framework Version: 1.52.0
Plugin Version: 2.0.0
SDK Version: 2.1.1

Found out the issue!

My response object for some reason needed this extra key ''isBase64Encoded" with a boolean value. I found out here: https://aws.amazon.com/premiumsupport/knowledge-center/malformed-502-api-gateway/

happy hacking!

Whoa that’s really weird. I don’t think I’ve run into that before.

I keep receiving:

Serverless: Recoverable error occurred (getaddrinfo EAI_AGAIN notes-app-api-prod-serverlessdeploymentbucket-6k76qzm4d5hq.s3.amazonaws.com notes-app-api-prod-serverlessdeploymentbucket-6k76qzm4d5hq.s3.amazonaws.com:443), sleeping for 5 seconds. Try 4 of 4

I’ve done nothing but copy/paste from the tutorial to make sure error wasn’t something I was typing. I haven’t been able to find solution by googling or changing things myself. Any suggestions?

Hmm this seems like a weird issue with your local machine? If you can’t figure it out, trying posting over on the Serverless Framework issues page?

I am unable to deploy my APIs and get this message. How can I fix this?

Serverless: DOTENV: Loading environment variables from .env:
Serverless:      - STRIPE_SECRET_KEY
Serverless:
WARNING: Entry for resources@undefined could not be retrieved.
Please check your service config if you want to use lib.entries.

  Type Error ---------------------------------------------

  TypeError [ERR_INVALID_ARG_TYPE]: The "to" argument must be of type string. Received undefined

     For debugging logs, run again after setting the "SLS_DEBUG=*" environment variable.

  
  Your Environment Information ---------------------------
     Operating System:          win32
     Node Version:              12.16.1
     Framework Version:         1.66.0
     Plugin Version:            3.5.0
     SDK Version:               2.3.0
     Components Version:        2.22.3

Hmm I’m not sure what’s going on here. Can you run the deploy command with the SLS_DEBUG=* option?

Hi,
great tutorial! I was able to follow along. However, I was not able to address this strange bug.

So I was able to do the following tests:
npx aws-api-gateway-cli-test --username='admin@example.com' --password='somepassword' --user-pool-id='ap-southeast-2_UpX4SwuB8' --app-client-id='7beq6tqca83eskcqtkn5hn11er' --cognito-region='ap-southeast-2' --identity-pool-id='ap-southeast-2:3a5f53d6-6431-4be1-9c70-eb2fb85ae06d' --invoke-url='https://gellhz56i3.execute-api.ap-southeast-2.amazonaws.com/prod' --api-gateway-region='ap-southeast-2' --path-template='/notes' --method='POST' --body='{"content":"Testing API","attachment":"hello.jpg"}'

Got:

npx: installed 105 in 20.838s
Authenticating with User Pool
Getting temporary credentials
Making API request
{
status: 200,
statusText: ‘OK’,
data: {
userId: ‘ap-southeast-2:7ec7e0d7-1381-474d-aff1-5c2af5d878bb’,
noteId: ‘6b094ee0-72e9-11ea-aa85-19ce893fe028’,
content: ‘Testing API’,
attachment: ‘hello.jpg’,
createdAt: 1585615743694
}
}

And I can query this newly created note:
npx aws-api-gateway-cli-test --username='wyatsky@gmail.com' --password='Passw0rd!' --user-pool-id='ap-southeast-2_UpX4SwuB8' --app-client-id='7beq6tqca83eskcqtkn5hn11er' --cognito-region='ap-southeast-2' --identity-pool-id='ap-southeast-2:3a5f53d6-6431-4be1-9c70-eb2fb85ae06d' --invoke-url='https://gellhz56i3.execute-api.ap-southeast-2.amazonaws.com/prod' --api-gateway-region='ap-southeast-2' --path-template='/notes/6b094ee0-72e9-11ea-aa85-19ce893fe028' --method='GET'

Gave me:

npx: installed 105 in 22.827s
Authenticating with User Pool
Getting temporary credentials
Making API request
{
status: 200,
statusText: ‘OK’,
data: {
attachment: ‘hello.jpg’,
content: ‘Testing API’,
createdAt: 1585615743694,
noteId: ‘6b094ee0-72e9-11ea-aa85-19ce893fe028’,
userId: ‘ap-southeast-2:7ec7e0d7-1381-474d-aff1-5c2af5d878bb’
}
}

But when running this:
npx aws-api-gateway-cli-test --username='admin@example.com' --password='somepassword' --user-pool-id='ap-southeast-2_UpX4SwuB8' --app-client-id='7beq6tqca83eskcqtkn5hn11er' --cognito-region='ap-southeast-2' --identity-pool-id='ap-southeast-2:3a5f53d6-6431-4be1-9c70-eb2fb85ae06d' --invoke-url='https://gellhz56i3.execute-api.ap-southeast-2.amazonaws.com/prod' --api-gateway-region='ap-southeast-2' --path-template='/notes' --method='GET'

I get:

npx: installed 105 in 23.9s
Authenticating with User Pool
Getting temporary credentials
Making API request
{
status: 500,
statusText: ‘Internal Server Error’,
data: { status: false }
}

The Log tells me it’s AccessDeniedException.

AccessDeniedException: User: arn:aws:sts::025102549644:assumed-role/notes-app-2-api-prod-ap-southeast-2-lambdaRole/notes-app-2-api-prod-list is not authorized to perform: dynamodb:Query on resource: arn:aws:dynamodb:ap-southeast-2:025102549644:table/notes
at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:51:27)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)
at Request. (/var/runtime/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:116:18) {
message: ‘User: arn:aws:sts::025102549644:assumed-role/notes-app-2-api-prod-ap-southeast-2-lambdaRole/notes-app-2-api-prod-list is not authorized to perform: dynamodb:Query on resource: arn:aws:dynamodb:ap-southeast-2:025102549644:table/notes’,
code: ‘AccessDeniedException’,
time: 2020-03-31T01:03:43.721Z,
requestId: ‘AUU1DRJSSE0Q26ABK5GPP117BRVV4KQNSO5AEMVJF66Q9ASUAAJG’,
statusCode: 400,
retryable: false,
retryDelay: 42.10750117508311
}

My serverless.yml is properly set as I had to copy one from the tutorial GitHub repo. Here’s the iamRoleStatements part.

    provider:
      name: aws
      runtime: nodejs12.x
      stage: dev
      region: ap-southeast-2

      # These environment variables are made available to our functions
      # under process.env.
      environment:
        tableName: ${self:custom.tableName}
        stripeSecretKey: ${env:STRIPE_SECRET_KEY}

      iamRoleStatements:
        - Effect: Allow
          Action:
            - dynamodb:DescribeTable
            - dynamodb:Query
            - dynamodb:Scan
            - dynamodb:GetItem
            - dynamodb:PutItem
            - dynamodb:UpdateItem
            - dynamodb:DeleteItem
          # Restrict our IAM role permissions to
          # the specific table for the stage
          Resource:
            - "Fn::GetAtt": [ NotesTable, Arn ]

Any suggestions highly appreciated!
Thanks.