Fix build, invalid arn, and terraform deprecations (#204)

Author: joe4dev

ecs-ecr-container-app/Makefile

@@ -19,13 +19,14 @@ run:      ## Build and deploy the app locally
 		docker push "$$repoUri"; \
 		docker rmi "$$repoUri"; \
 		echo "Creating ECS infrastructure locally"; \
-		awslocal cloudformation create-stack --stack-name infra --template-body file://templates/ecs.infra.yml; \
+		awslocal cloudformation create-stack --stack-name infra --template-body file://templates/ecs.infra.yml && \
+		awslocal cloudformation wait stack-create-complete --stack-name infra && \
 		echo "Deploying ECS app to local environment"; \
-		sleep 3 && awslocal cloudformation create-stack --stack-name sample \
+		awslocal cloudformation create-stack --stack-name sample \
 			--template-body file://templates/ecs.sample.yml \
 			--parameters ParameterKey=ImageUrl,ParameterValue=$$repoUri && \
-		echo "ECS app successfully deployed. Sleeping a bit, then trying to access the app endpoint." && \
-		sleep 5 && \
+		awslocal cloudformation wait stack-create-complete --stack-name sample && \
+		echo "ECS app successfully deployed. Trying to access app endpoint." && \
 		cluster_arn=$$(awslocal ecs list-clusters | jq -r '.clusterArns[0]') && \
 		for i in {1..5}; do task_arn=$$(awslocal ecs list-tasks --cluster $$cluster_arn | jq -r '.taskArns[0]'); if [ "$$task_arn" != "null" ]; then break; fi; sleep 2; done && \
 		for i in {1..5}; do app_port=$$(awslocal ecs describe-tasks --cluster $$cluster_arn --tasks $$task_arn | jq -r '.tasks[0].containers[0].networkBindings[0].hostPort'); if [ "$$app_port" != "null" ]; then break; fi; sleep 2; done && \

ecs-ecr-container-app/templates/ecs.infra.yml

@@ -287,16 +287,12 @@ Outputs:
       Name: !Join [ ':', [ !Ref 'AWS::StackName', 'VPCId' ] ]
   PublicSubnetOne:
     Description: Public subnet one
-    # TODO
-    # Value: !Ref 'PublicSubnetOne'
-    Value: sub-123
+    Value: !Ref 'PublicSubnetOne'
     Export:
       Name: !Join [ ':', [ !Ref 'AWS::StackName', 'PublicSubnetOne' ] ]
   PublicSubnetTwo:
     Description: Public subnet two
-    # TODO
-    # Value: !Ref 'PublicSubnetTwo'
-    Value: sub-234
+    Value: !Ref 'PublicSubnetTwo'
     Export:
       Name: !Join [ ':', [ !Ref 'AWS::StackName', 'PublicSubnetTwo' ] ]
   FargateContainerSecurityGroup:

lambda-container-image/Makefile

@@ -17,10 +17,12 @@ run:         ## Build, deploy, and invoke the Lambda container image locally
 	docker rmi "$$repoUri"; \
 	echo "Deploying Lambda function from container image locally"; \
 	awslocal lambda create-function --function-name ls-lambda-image --package-type Image \
-		--code ImageUri=$$repoUri --role arn:aws:iam::000000000:role/lambda-r1 \
+		--code ImageUri=$$repoUri --role arn:aws:iam::000000000000:role/lambda-r1 \
 		--handler handler.handler; \
+	echo "Waiting until Lambda function becomes active"; \
+	awslocal lambda wait function-active-v2 --function-name ls-lambda-image; \
 	echo "Invoking Lambda function from container image"; \
-	awslocal lambda invoke --function-name ls-lambda-image --payload '{"test":"test"}' /tmp/lambda.out; \
+	awslocal lambda invoke --function-name ls-lambda-image --payload '{"test":"test"}' /tmp/lambda.out && \
 	echo "Done - test successfully finished."
 
 start:

lambda-container-image/README.md

@@ -62,6 +62,20 @@ Starting DNS server loop on UDP port 53
 Hello from LocalStack Lambda container image!
 ```
 
+## Troubleshooting
+
+### UnsupportedMediaTypeException
+
+```plain
+An error occurred (UnsupportedMediaTypeException) when calling the Invoke operation (reached max retries: 0): The payload is not JSON: b'\xb5\xeb-\xb5\xeb-'
+```
+
+**Solution**: Downgrade your awslocal CLI to version 1 because invoking lambda functions differs in version 2 (see [major changes in aws cli](https://docs.aws.amazon.com/cli/latest/userguide/cliv2-migration-changes.html) and limitations of [awscli-local](https://github.com/localstack/awscli-local)) or update the lambda invocation:
+
+```bash
+awslocal lambda invoke --cli-binary-format raw-in-base64-out --function-name ls-lambda-image --payload '{"test": "test"}' /tmp/lambda.out --log-type Tail --query 'LogResult' --output text |  base64 -d
+```
+
 ## License
 
 This code is available under the Apache 2.0 license.

terraform-resources/README.md

@@ -39,24 +39,32 @@ You may need to confirm the creation by entering "yes". You should then see log
 
   Enter a value: yes
 
+Plan: 10 to add, 0 to change, 0 to destroy.
+aws_iam_role.invocation_role: Creating...
 aws_api_gateway_rest_api.demo: Creating...
 aws_iam_role.lambda: Creating...
-aws_iam_role.invocation_role: Creating...
+aws_db_parameter_group.default: Creating...
 aws_elasticache_cluster.my-redis: Creating...
-aws_s3_bucket.testBucket: Creating...
-aws_elasticsearch_domain.example: Creating...
-aws_iam_role.lambda: Creation complete after 0s [id=demo-lambda]
-aws_iam_role.invocation_role: Creation complete after 0s [id=api_gateway_auth_invocation]
-aws_lambda_function.authorizer: Creating...
-aws_api_gateway_rest_api.demo: Creation complete after 0s [id=fboao5ctp1]
+aws_s3_bucket.test-bucket: Creating...
+aws_api_gateway_rest_api.demo: Creation complete after 1s [id=iq0njx2s0a]
+aws_iam_role.invocation_role: Creation complete after 1s [id=api_gateway_auth_invocation]
+aws_iam_role.lambda: Creation complete after 1s [id=demo-lambda]
 aws_iam_role_policy.invocation_policy: Creating...
-aws_iam_role_policy.invocation_policy: Creation complete after 1s [id=api_gateway_auth_invocation:default]
-aws_s3_bucket.testBucket: Creation complete after 1s [id=myBucket]
-aws_lambda_function.authorizer: Creation complete after 6s [id=api_gateway_authorizer]
+aws_lambda_function.authorizer: Creating...
+aws_iam_role_policy.invocation_policy: Creation complete after 0s [id=api_gateway_auth_invocation:default]
+aws_s3_bucket.test-bucket: Creation complete after 2s [id=my-bucket]
+aws_s3_bucket_acl.test-bucket-acl: Creating...
+aws_s3_bucket_acl.test-bucket-acl: Creation complete after 0s [id=my-bucket,private]
+aws_db_parameter_group.default: Creation complete after 2s [id=rds-pg]
+aws_lambda_function.authorizer: Creation complete after 7s [id=api_gateway_authorizer]
 aws_api_gateway_authorizer.demo: Creating...
-aws_api_gateway_authorizer.demo: Creation complete after 0s [id=4dcdc808]
-...
-Apply complete! Resources: 9 added, 0 changed, 0 destroyed.
+aws_api_gateway_authorizer.demo: Creation complete after 0s [id=9a2570]
+aws_elasticache_cluster.my-redis: Still creating... [10s elapsed]
+aws_elasticache_cluster.my-redis: Still creating... [20s elapsed]
+aws_elasticache_cluster.my-redis: Still creating... [30s elapsed]
+aws_elasticache_cluster.my-redis: Creation complete after 32s [id=my-redis-cluster]
+
+Apply complete! Resources: 10 added, 0 changed, 0 destroyed.
 ```
 
 ## License

terraform-resources/test.tf

@@ -2,7 +2,7 @@ provider "aws" {
   access_key                  = "mock_access_key"
   secret_key                  = "mock_secret_key"
   region                      = "us-east-1"
-  s3_force_path_style         = true
+  s3_use_path_style           = true
   skip_credentials_validation = true
   skip_metadata_api_check     = true
   skip_requesting_account_id  = true
@@ -35,7 +35,11 @@ provider "aws" {
 
 resource "aws_s3_bucket" "test-bucket" {
   bucket = "my-bucket"
-  acl = "private"
+}
+
+resource "aws_s3_bucket_acl" "test-bucket-acl" {
+  bucket = aws_s3_bucket.test-bucket.id
+  acl    = "private"
 }
 
 resource "aws_api_gateway_authorizer" "demo" {