docs
Misc.
Errors

List of Errors

This section covers how to handle errors encountered during bootstrapping and deployment.

1. SSOTokenProviderFailure

Error: SSOTokenProviderFailure: SSO Token refresh failed. Please log in using "aws sso login"

Solution: This error occurs when your SSO token has expired. You can re-authenticate for another session (valid for 1 hour) by running:

aws sso login --profile [profile name]

2. This CDK CLI is not compatible

Error: This CDK CLI is not compatible with the CDK library used by your application. Please upgrade the CLI to the latest version.

Solution: This error occurs when there are problems with the symlink and mismatch with globally installed aws-cdk. Refer to this (opens in a new tab).

3. CDK deployment requires bootstrap stack version '6'

Error: This CDK deployment requires bootstrap stack version '6', but during the confirmation via SSM parameter.

Solution: The cdk synth step creates a number of resources for your app. One of those resources is a check that the deploying tool has the correct version. This is an error that would happen, if you ran cdk deploy with an out-of-date bootstrap (opens in a new tab).

  1. Delete cdk.out folder

Create Permission Set

  1. Go to S3 in the AWS Management Console, select the bucket, and Empty it first. Once the bucket is emptied, you can then Delete it.

Create Permission Set

  1. Go to CloudFormation in the AWS Management Console, select the CDKToolkit, and click on Delete.

Create Permission Set

If delete fails, try to delete again and select force delete.

Create Permission Set

  1. Run bootstrap and deploy command again.
cdk bootstrap --qualifier [qualifier name] --profile [profile name]
cdk deploy --qualifier [qualifier name] --require-approval never --profile [profile name]

4. P1000: Authentication failed

Error: P1000: Authentication failed against database server at localhost, the provided database credentials for *** are not valid.

Solution: This error can occur under two circumstances.

  1. GitHub CI/CD is handling the "Apply all pending migrations to the database" section. Ensure that the single quote is not omitted.
DATABASE_URL='postgresql://${{ secrets.STAGING_DB_USERNAME }}:${{ secrets.STAGING_DB_PWD }}@localhost:${{ secrets.DB_PORT }}/${{ secrets.STAGING_DB_NAME }}?schema=public' npx prisma migrate deploy
  1. You are running docker-compose.yml. Two Postgresql instances are running at the same time. For example locally installed postgresql and in the docker instance.
  • Can be fixed by removing Postgres locally from your Mac/Windows machine.

5. Role arn:aws:iam:.... is invalid or cannot be assumed

Error: Role arn:aws:iam::account-id:role/cdk-launchgoat-cfn-exec-role-account-id-us-east-1 is invalid or cannot be assumed

Solution: This error occurs when you tried to run cdk destroy. It can happen when you deleted above role (cdk-launchgoat-cfn-exec-role-account-id-us-east-1) from IAM or you manually deleted S3 asset from bootstrapping. You need to create that role again. Refer to this (opens in a new tab).

5. This site can’t be reached (NOTE: this is the solution for initial deployment)

Error: This site can’t be reached ecsalb-[id].us-east-1.elb.amazonaws.com took too long to respond.

Solution: This error occurs when your Node.js application has an error or the DNS did not get resolved.

  1. Check the Logs in your ECS Service. Go to ECS in the AWS Management Console, select the cluster.

  2. Select the service.

Create Permission Set

  1. Select the Logs tab and check if there is any error.

Create Permission Set

  1. If there is an error, fix your error based on the error message and destroy all resources then redeploy.

  2. If you can't find any errors, it might be because you are on HTTPS. Switch to HTTP and try again.

6. Could not assume role with OIDC

Error: Could not assume role with OIDC: Not authorized to perform sts:AssumeRoleWithWebIdentity

Solution: This error occurs during the Configure AWS credentials process in the CI/CD deployment.

Create Permission Set

This is probably because you have set the wrong GitHub repository. Go to IAM > Roles > githubOIDCDeployRole. Try updating the repository values by clicking on Edit trust policy.

Create Permission Set

If it still doesn't work, run cdk destroy to remove all resources, check your cdk/.env file for the correct GitHub values, and then redeploy. i.e. For production

GITHUB_ORG=
GITHUB_REPO=AWSLaunchGOAT-backend
GITHUB_BRANCH=main

7. Specify an environment name like 'aws://123456789012/us-east-1'

Error: Specify an environment name like 'aws://123456789012/us-east-1', or run in a directory with 'cdk.json'.

Solution: This error occurs when you are not in the cdk folder and run cdk commands. Make sure you are in the cdk folder, i.e., cd cdk.

8. Cannot connect to the Docker daemon at ...

Error: ERROR: Cannot connect to the Docker daemon at unix:///Users/.../.docker/run/docker.sock. Is the docker daemon running?

Solution: This error occurs when you run cdk commands without starting the Docker Desktop app. Make sure to run it first.

9. [Error at /CdkStack/ACM] Found zones:

Error: [Error at /CdkStack/ACM] Found zones: [] for dns:....com, privateZone:undefined, vpcId:undefined, but wanted exactly 1 zone

Solution: This error occurs when you do not specify DNS settings through AWS Route 53. Make sure you have a hosted zone set up in your AWS account, and try again.

10. Error: P1001: Can't reach database server at localhost:***

Error: Error: P1001: Can't reach database server at localhost:*** Please make sure your database server is running at localhost:***.

Solution: The error occurs when the correct values for DATABASE_URL are not specified. Ensure that you copy the database values from AWS Secrets Manager and paste them into GitHub Secrets. Also make sure you get EC2_INSTANCE_ID in GitHub Secrets from EC2. You can refer to this.

11. CdkStack: destroy failed Error: Could not assume role...

Error: CdkStack: destroy failed Error: Could not assume role in target account using current credentials (which are for account ...)

Solution: The error occurs when you ran cdk commands such as cdk destroy --profile .... Go to your cdk/.env and uncomment the profile you want to use (either staging or production) and comment out the other one.

12. CdkStack: UPDATE_IN_PROGRESS state and can not be updated

Solution: The error occurs when you run cdk commands, such as cdk destroy --profile ..., but CloudFormation is still in progress and cannot be deleted. There can be various reasons for this, and the solution depends on which stack is causing the issue. If you just want to delete the entire stack, go to CloudFormation and select the stack with UPDATE_IN_PROGRESS then select Cancel update state.

Create Permission Set

Once the state becomes UPDATE_ROLLBACK_COMPLETE, you can rerun the cdk command.

Create Permission Set