CloudFormation template step not creating change set

dgard1981 · 1 September 2021 13:30

Good afternoon,

Today we have noticed that when deploying a CloudFormation stack using the “Deploy an AWS CloudFormation template” step, the stack is not properly created and is stuck in REVIEW_IN_PREGRESS. Looking at the Octopus logs, we see this -

No changes need to be performed.

We have also tried to create the stack outside of Octopus (which is successful) and then update it using Octopus, but the update also says that there are no changes. This is despite deliberately changing a parameter value so that there is a change. On this occasion the CloudFormation stack is in the correct state CREATE_COMPLETE.

Below is how the step is configured, pulled from Octopus using the API. Note that we have also tried deferring execution of the change set so that I could inspect it, but no change set is created (again, a parameter value was deliberately changed) - also note that the above message is absent from the logs when execution is deferred.

Please let us know what can be done to resolve this issue.

{
    "Id": "0838805e-2f0f-4b34-918a-09cffbdcf2b3",
    "Name": "Create Lambda Function",
    "PackageRequirement": "LetOctopusDecide",
    "Properties": {},
    "Condition": "Success",
    "StartTrigger": "StartAfterPrevious",
    "Actions": [
        {
            "Id": "6eed7a93-5480-4ceb-8981-84b2acdc8a4a",
            "Name": "Create Lambda Function",
            "ActionType": "Octopus.AwsRunCloudFormation",
            "Notes": "Creates a Lambda function that will stream CloudWatch log to New Relic..",
            "IsDisabled": false,
            "CanBeUsedForProjectVersioning": true,
            "IsRequired": false,
            "WorkerPoolId": "WorkerPools-501",
            "Container": {
                "Image": null,
                "FeedId": null
            },
            "WorkerPoolVariable": null,
            "Environments": [],
            "ExcludedEnvironments": [],
            "Channels": [],
            "TenantTags": [],
            "Packages": [
                {
                    "Id": "40a2838c-6c24-45b4-bf54-230fe1a90352",
                    "Name": "",
                    "PackageId": "my.package.name",
                    "FeedId": "Feeds-1463",
                    "AcquisitionLocation": "Server",
                    "Properties": {
                        "SelectionMode": "immediate"
                    }
                }
            ],
            "Condition": "Success",
            "Properties": {
                "Octopus.Action.EnabledFeatures": "Octopus.Features.CloudFormation.ChangeSet.Feature",
                "Octopus.Action.Aws.WaitForCompletion": "True",
                "Octopus.Action.Aws.AssumeRole": "False",
                "Octopus.Action.AwsAccount.UseInstanceRole": "False",
                "Octopus.Action.Aws.TemplateSource": "Package",
                "Octopus.Action.AwsAccount.Variable": "Lambda.AwsAccount",
                "Octopus.Action.Aws.Region": "#{Lambda.AwsRegion}",
                "Octopus.Action.Aws.IamCapabilities": "[\"CAPABILITY_AUTO_EXPAND\",\"CAPABILITY_IAM\"]",
                "Octopus.Action.Aws.CloudFormationStackName": "#{Lambda.StackName}",
                "Octopus.Action.Aws.CloudFormationTemplate": "./cloudformation/nr-log-lambda.cfn.yaml",
                "Octopus.Action.Aws.CloudFormation.ChangeSet.GenerateName": "True",
                "Octopus.Action.Aws.CloudFormation.ChangeSet.Defer": "False",
                "Octopus.Action.Package.PackageId": "ldx.analytics.infrastructure",
                "Octopus.Action.Package.FeedId": "Feeds-1463",
                "Octopus.Action.Package.DownloadOnTentacle": "False",
                "Octopus.Action.Aws.CloudFormationTemplateParametersRaw": "./cloudformation/nr-log-lambda.params.json",
                "Octopus.Action.Package.JsonConfigurationVariablesTargets": "./cloudformation/nr-log-lambda.cfn.yaml, ./cloudformation/nr-log-lambda.params.json",
                "Octopus.Action.RunOnServer": "true"
            },
            "Links": {}
        }
    ]
}

Thanks,
David

dgard1981 · 1 September 2021 13:54

Please disregard this issue, we have found the problem.

When using the same user locally as Octopus uses, an error is displayed advising that the user does not have a required permission (serverlessrepo:CreateCloudFormationTemplate). This permission is required so that a serverless application can create a nested stack.

So while we’ve been able to diagnose/fix this issue, it would be good if Octopus reported the error rather than simply saying there were no changes. Any future improvements appreciated.

Thanks,
David

jeremy.miller · 1 September 2021 15:05

Hey David,

Thanks for reaching out and for all of the information, as well as the solution!

I’m going to pass along the feedback on the error not being helpful to the appropriate team.

Please let me know if you have any other questions or concerns.

Best,
Jeremy

jeremy.miller · 4 September 2021 15:53

Hey David,

I’ve created an issue for you to track here: https://github.com/OctopusDeploy/Issues/issues/7010

Please let me know if you have any other questions or concerns.

Best,
Jeremy

dgard1981 · 6 September 2021 08:26

Thanks Jeremy, I’ve subscribed to that issue to keep up to date with it.

Thanks,
David

system · 7 October 2021 15:32

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.