Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(batch): Batch Compute on Fargate with CfnComputeEnvironment requires instance_role and instance_types #12028

Closed
nagmesh opened this issue Dec 11, 2020 · 7 comments · Fixed by #12204
Closed

(batch): Batch Compute on Fargate with CfnComputeEnvironment requires instance_role and instance_types #12028

nagmesh opened this issue Dec 11, 2020 · 7 comments · Fixed by #12204
Assignees
@iliapolo
Labels
@aws-cdk/aws-batch Related to AWS Batch bug This issue is a bug. effort/small Small work item – less than a day of effort p1

Comments

@nagmesh
Copy link

nagmesh commented Dec 11, 2020
edited by SomayaB
Loading

AWS Batch on Fargate does not allow instanceRole and instanceType in the API. However, CDK requires this parameter to be present.

Reproduction Steps

from aws_cdk import aws_iam as iam
from aws_cdk import aws_ecs as ecs
from aws_cdk import aws_batch as batch

class FaultBatchStack(core.Stack):

    def __init__(
        self,
        scope: core.Construct,
        construct_id: str,
        **kwargs
    ) -> None:
        super().__init__(scope, construct_id, **kwargs)
        batch_service_role = iam.Role(
            self,
            "BatchServiceRole",
            assumed_by=iam.ServicePrincipal('batch.amazonaws.com'),
        )
        batch_service_role.add_managed_policy(iam.ManagedPolicy.from_aws_managed_policy_name("service-role/AWSBatchServiceRole"))

        batch_ecs_role = iam.Role(
            self,
            "BatchFargateRole",
            assumed_by=iam.ServicePrincipal('ecs.amazonaws.com'),
        )

        batch_cfn_compute = batch.CfnComputeEnvironment(
            self,
            "RdsBatchCompute",
            type='MANAGED',
            service_role = batch_service_role.role_arn,
            compute_resources= batch.CfnComputeEnvironment.ComputeResourcesProperty(
                type = 'FARGATE',
                maxv_cpus=50,
                minv_cpus=0,
                # instance_role = batch_ecs_role.role_arn,
                # instance_types = ['m5.large'],
                subnets = [vpc.private_subnets[0].subnet_id, vpc.private_subnets[1].subnet_id, vpc.private_subnets[2].subnet_id],
            security_group_ids=[rds_sec_group_id]) 
            
        )

The above will fail on synth/diff
However, if you uncomment instance_Type and instance_role it will deploy but fail at CFN level.

What did you expect to happen?

Allow Fargate task to get created without need for instance_type or instance_role

What actually happened?

CDK stack deployed but failed in CloudFormation console with
An error occurred (ClientException) when calling the CreateComputeEnvironment operation: Error executing request, Exception : instanceRole is not applicable for Fargate.,

Environment

  • CDK CLI Version : 1.77.0 (build a941c53)
  • Framework Version:
  • Node.js Version: 14.9.0
  • OS : mac 10.15.7
  • Language (Version): Python 3.8.6

Other

This is 🐛 Bug Report
@nagmesh nagmesh added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Dec 11, 2020
@dsudduth
Copy link

Confirming this bug. Fields that are not required when selecting Fargate are failing the deployment. To mitigate the issue, we had to fallback to using CfnResource as a "Escape Hatch".

See https://docs.aws.amazon.com/cdk/latest/guide/cfn_layer.html

        compute_resources = core.CfnResource(
            self,
            'RdsBatchCompute',
            type='AWS::Batch::ComputeEnvironment',
            properties={
                'Type': 'Managed',
                'ServiceRole': batch_service_role.role_name,
                'ComputeResources': {
                    'Type': 'FARGATE',
                    'MaxvCpus': 50,
                    'SecurityGroupIds': ['sg-0b80c5a2090102d9f'],
                    'Subnets': [
                        vpc.private_subnets[0].subnet_id
                    ]
                }
            }
        )

@SomayaB SomayaB changed the title Batch Compute on Fargate with CfnComputeEnvironment requires instance_role and instance_types (batch): Batch Compute on Fargate with CfnComputeEnvironment requires instance_role and instance_types Dec 14, 2020
@github-actions github-actions bot added the @aws-cdk/aws-batch Related to AWS Batch label Dec 14, 2020
@SomayaB SomayaB added the @aws-cdk/aws-ecs Related to Amazon Elastic Container label Dec 14, 2020
@iliapolo
Copy link
Contributor

@nagmesh Thanks for reporting this.

The underlying problem is that the CloudFormation schema says its required at the same time it says it shouldn't be supplied when using fargate.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-batch-computeenvironment-computeresources.html#cfn-batch-computeenvironment-computeresources-instancerole

We will address it.

In the meantime, you can remove those two properties:

batch_cfn_compute.add_property_deletion_override('ComputeResources.InstanceRole')
batch_cfn_compute.add_property_deletion_override('ComputeResources.InstanceTypes')

cc @dsudduth

@iliapolo iliapolo added effort/small Small work item – less than a day of effort p1 and removed @aws-cdk/aws-ecs Related to Amazon Elastic Container needs-triage This issue or PR still needs to be triaged. labels Dec 15, 2020
@dsudduth
Copy link

@nagmesh Thanks for reporting this.

The underlying problem is that the CloudFormation schema says its required at the same time it says it shouldn't be supplied when using fargate.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-batch-computeenvironment-computeresources.html#cfn-batch-computeenvironment-computeresources-instancerole

We will address it.

In the meantime, you can remove those two properties:

batch_cfn_compute.add_property_deletion_override('ComputeResources.InstanceRole')
batch_cfn_compute.add_property_deletion_override('ComputeResources.InstanceTypes')

cc @dsudduth

Really appreciate the help. Thanks for the workaround!

@abdullahodibat
Copy link

abdullahodibat commented Dec 16, 2020
edited
Loading

Hello,
i am having the same issue. and the addPropertyDeletionOverride is not working also.

  val computeEnvironment = CfnComputeEnvironment.Builder.create(this, "ComputeEnvironment")
    .computeEnvironmentName(s"${context.settings.environment.value}-batch-v2")
    .`type`("MANAGED")
    .serviceRole(serviceRole.getRoleName)
    .computeResources(
      ComputeResourcesProperty.builder()
        .maxvCpus(256)
        .`type`("FARGATE_SPOT")
        .securityGroupIds(cfl(securityGroup.getSecurityGroupId))
        .subnets(cfl(Deployment.VPC.Subnets.Private(context.environment): _*))
        .tags(cfm("Name" -> s"${context.settings.environment.value}-batch"))
        .build()
    )
    .state("ENABLED")
    .build()

  computeEnvironment.addPropertyDeletionOverride("ComputeResources.InstanceRole")
  computeEnvironment.addPropertyDeletionOverride("ComputeResources.InstanceTypes")

and still i get:

[error] (run-main-0) java.lang.NullPointerException: instanceRole is required
[error] java.lang.NullPointerException: instanceRole is required

@iliapolo
Copy link
Contributor

@abdullahodibat You still need to use .instanceRole and .instanceTypes at construction, just use dummy values and remove them afterwards with addPropertyDeletionOverride

@iliapolo iliapolo mentioned this issue Jan 4, 2021
Closed
@iliapolo
Copy link
Contributor

iliapolo commented Jan 4, 2021

Should be resolved once we merge #12204.

@iliapolo iliapolo mentioned this issue Jan 4, 2021
Merged
@mergify mergify bot closed this as completed in #12204 Jan 5, 2021
mergify bot pushed a commit that referenced this issue Jan 5, 2021
@aws-cdk-automation
feat(cfnspec): cloudformation spec v22.0.0 (#12204)
a5be2e9 
Fixes #12170
Fixes #11974
Fixes #12114
Fixes #12028
@github-actions
Copy link

github-actions bot commented Jan 5, 2021

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

flochaz pushed a commit to flochaz/aws-cdk that referenced this issue Jan 5, 2021
@aws-cdk-automation @flochaz
feat(cfnspec): cloudformation spec v22.0.0 (aws#12204)
593421e 
Fixes aws#12170
Fixes aws#11974
Fixes aws#12114
Fixes aws#12028
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iliapolo iliapolo

Labels
@aws-cdk/aws-batch Related to AWS Batch bug This issue is a bug. effort/small Small work item – less than a day of effort p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(cfnspec): cloudformation spec v22.0.0 aws/aws-cdk
5 participants
@dsudduth @iliapolo @abdullahodibat @SomayaB @nagmesh