fix(destroy functionality): Fix the issue where destroys fail due to ENIs and SG stuff #48
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
benjaminpaige
approved these changes
Jun 29, 2023
mdial89f
added a commit
that referenced
this pull request
Jul 5, 2023
…able (#50) * add cognito * rm * correct some stuff * broken * updates * tee up amplify and configure it * tweak the ui start thing * yuttttttt * Functional login and out * 'fix' the data loader.... might want pk/sk instead * lets put some data in the base * enable iam for endpoints * CRUD CRUD CRUD * real crud, real real * cleanup * linting * cleanup * last one * last last one * accomodate cfn-nag * Until we have actual reference data, shutting this off. The structure of data we're posting breaks the api * cfn-nag fixes * checking in from today * trim horizon * batch size to the max, 10k * ok back to 1 * go back to latest * update role handling * trim horizon and batch * latest, 1 * update seatool-sink funciton * get user attributes * Fix to override the redirect login/out urls to localhost, when starting react locally * Fix dep vulnerabilities * Ignore low findings in dep review * Move playwright intsallation to the run command.. not sure if we want this * add tombstone deletes * on demand billing for our seatool table * batch of 1000, timeout of a min * hack * put back * TRIM HORIZON * move to a batch of 100, 2048 memory, and remove the await at the loop level * asdf * 10s timeout 1024 memory * view the data * Seatool indexes and api authorization pattern (#46) * update dynamo gsis and add lambda authenticator - wip * add api auth - wip * update types * remove authorizer * refactor * refactor more * refactor more more * update types * core * fix(disable user sign up): remove cognito sign up option - the test users remain (#47) * disable sign up * remove default from src * fix * fix(destroy functionality): Fix the issue where destroys fail due to ENIs and SG stuff (#48) * Retain the seatool lambda sg * workflow to cleanup * Asdf * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * test * fix triggers * feat(dns and certs): Add/fix capability to conditionally load a domain and associated cert (#49) * Clean up cert support * Fixes * getting consumer group ids * toggle complete * wait for groups to be inactive * works but super slow * bleh * functional * correct * asdf * asdf * cleanup --------- Co-authored-by: Benjamin Paige <[email protected]> Co-authored-by: 13bfrancis <[email protected]>
|
🎉 This PR is included in version 1.4.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Purpose
This changeset fixes the issue with our stage destroy workflow, where 'seatool' would fail to destroy.
Linked Issues to Close
Closes https://qmacbis.atlassian.net/browse/OY2-24530
Approach
This problem is kind of out of our control. Amazon creates ENIs for our VPC based lambdas, and it attaches the security group we specify to it.
These ENIs live beyond the life of the lambda function, for an indeterminate time.... minutes, hours, days.
The issue is that CF tries to delete the security group without waiting for the ENI to be 'available', causing a failure. And even if we tried to wait for it to be available, it may be unacceptable long (hours, days).
All to say, this is a problem, and well documented in online forums.
Here's how this takes it on:
Assorted Notes/Considerations/Learning
None