Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CDK Deploy Error #2

Closed
dmac-cloud opened this issue Apr 18, 2024 · 6 comments
Closed

CDK Deploy Error #2

dmac-cloud opened this issue Apr 18, 2024 · 6 comments

Comments

@dmac-cloud
Copy link

Hi
I got through all the steps as I am deploying on Cloud9 but when I try run CDK deploy I get this error, everything was fine until this part. Keen to hear how I can resolve it. Thanks in advance

[Warning at /ComfyUIStack/ASG] desiredCapacity has been configured. Be aware this will reset the size of your AutoScalingGroup on every deployment. See aws/aws-cdk#5215 [ack: @aws-cdk/aws-autoscaling:desiredCapacitySet]
[Error at /ComfyUIStack/TaskDef/Resource] AwsSolutions-ECS2: The ECS Task Definition includes a container definition that directly specifies environment variables.
[Warning at /ComfyUIStack/ComfyUIuserPool/Resource] AwsSolutions-COG2: The Cognito user pool does not require MFA.
Found errors

@devesch
Copy link

devesch commented Apr 19, 2024

Had the same error!

@kulomady
Copy link

kulomady commented May 3, 2024

I have similar issue also, any update with this

@bcartledge-bloom
Copy link

@xiwan any advice on this?

@PlatypussDivva
Copy link

Same error here any guidance would be appreciated.

@PlatypussDivva
Copy link

PlatypussDivva commented May 16, 2024

Update: you can suppress the error leveraging CDK-NAGs suppress functions

I got past it using:

Suppress AwsSolutions-ECS2 for TaskDef

    NagSuppressions.add_resource_suppressions(
        task_definition,
        suppressions=[
            {"id": "AwsSolutions-ECS2", "reason": "Environment variables are set directly in the task definition for simplicity and compatibility."}
        ]
    )

in: comfyui_aws_stack/comfyui_aws_stack.py
I placed it at the end of the file with the other suppression definitions.

@HouseoLogy
Copy link
Contributor

@AwesomeCloudDude and folks missed to answer your question. Yes, the AwsSolutions-ECS2 states following:

AwsSolutions-ECS2 The ECS Task Definition includes a container definition that directly specifies environment variables. Use secrets to inject environment variables during container startup from AWS Systems Manager Parameter Store or Secrets Manager instead of directly specifying plaintext environment variables. Updates to direct environment variables require operators to change task definitions and perform new deployments.

Because it's an Error, CDK-NAG will not allow the deployment (which is actually nice and its purpose). Nevertheless, for the sake of a demo / sample setup you could suppress it like @PlatypussDivva mentioned.

        NagSuppressions.add_resource_suppressions(
            [streamlit_container, streamlit_task_definition],
            suppressions=[
                {"id": "AwsSolutions-ECS2",
                 "reason": "demo only."
                }
            ],
            apply_to_children=True
        )

If you don't want to suppress it and want to have it solved with Secrets Manager. You can use Secrets Manager and hand it over as a secret directly to the task definition.

        your_secret = secretsmanager.Secret(
            self,
            "MySuperSecret",
            secret_name="MySuperSecret",
            description="Your secret description",
            secret_object_value={
                "Secret_KEY": SecretValue.unsafe_plain_text("Secret_VALUE"),
                "Secret_KEY_1": SecretValue.unsafe_plain_text("Secret_VALUE_1")
            },
        )

Reference it in the task defintion:

        streamlit_container = streamlit_task_definition.add_container(
            "StreamlitContainer",
            image=ecs.ContainerImage.from_ecr_repository(ecr_repository_avatar, "latest"),
            logging=ecs.LogDriver.aws_logs(stream_prefix="streamlit", log_group=log_group),
            health_check=ecs.HealthCheck(
                command=["CMD-SHELL", "curl -f http://localhost:8501/healthz || exit 1"],
                interval=Duration.seconds(15),
                timeout=Duration.seconds(10),
                retries=8,
                start_period=Duration.seconds(30)
            ),
            secrets={
                "Secret_KEY": ecs.Secret.from_secrets_manager(your_secret, "Secret_VALUE"),
                "Secret_KEY_1": ecs.Secret.from_secrets_manager(your_secret, "Secret_VALUE_1"),
            }
        )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants