Category Archives: CLI

CREATE_IN_PROGRESS when creating a certificate with CloudFormation

Hi everyone,

I ran into a bit of an issue today while creating a certificate with CloudFormation. After kicking the stack off it ended up hanging on a step to create a domain verification entry in Route 53.

I had used this script multiple times for creating a certificate for a subdomain, but this time I included an apex domain as well. In order to narrow things down a little further I checked out the certificate via the console:

While the subdomain had passed the apex domain was still sitting in pending. Surprisingly, in Route53 the record DID exist. In order to get things moving again I manually deleted the record and then clicked “Create records in Route 53”.

This re-created the record I’d just deleted, and after a couple of minutes the domain validation passed and then the certificate was created:

This was a bit of a weird one that I have been unable to reproduce. I’m not certain why the DNS validation ended up hanging but retriggering the process seems to have resolved it.

Note that there are other legitimate reasons why your deployment might be hanging at this step:

When you use the AWS::CertificateManager::Certificate resource in a CloudFormation stack, domain validation is handled automatically if all three of the following are true: The certificate domain is hosted in Amazon Route 53, the domain resides in your AWS account, and you are using DNS validation.

However, if the certificate uses email validation, or if the domain is not hosted in Route 53, then the stack will remain in the CREATE_IN_PROGRESS state. Further stack operations are delayed until you validate the certificate request, either by acting upon the instructions in the validation email, or by adding a CNAME record to your DNS configuration. For more information, see Option 1: DNS Validation and Option 2: Email Validation.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-certificatemanager-certificate.html

AWS SAM Request Extremely Slow – Fix

Hi everyone,

I’m currently using AWS SAM CLI with NodeJS and was surprised to find that the requests were significantly slower when run locally. Luckily, I came across a post that suggested adding –skip-pull-image to your start-api command:

sam local start-api --skip-pull-image

This brought my requests down to under a second. Thanks to the following link for the info: https://github.com/awslabs/aws-sam-cli/issues/134#issuecomment-406786704

Error: Invalid value for “–parameter-overrides”: ParameterKey=TABLE_NAME,ParameterValue=CatBreeds is not in valid format. It must look something like ‘ParameterKey=KeyPairName,ParameterValue=MyKey ParameterKey=InstanceType,ParameterValue=t1.micro’ – AWS SAM CLI

Hi everyone,

I ran into the following error while using the AWS SAM Cli:

Error: Invalid value for "--parameter-overrides": ParameterKey=PURPLE_FROG,ParameterValue=CatBreeds is not in valid format. It must look something like 'ParameterKey=KeyPairName,ParameterValue=MyKey ParameterKey=InstanceType,ParameterValue=t1.micro'

This is the command I was running:

sam local start-api --parameter-overrides "ParameterKey=PURPLE_FROG,ParameterValue=CatBreeds"

The error message is unfortunately very misleading. After a fair bit of testing I found that the cause is actually the underscore in the parameter key and has nothing to do with the command format. Renaming all of the parameters to something like “PURPLEFROG” works.

Cheers,
Chris

An error occurred (UnrecognizedClientException) when calling the CreateFunction operation: The security token included in the request is invalid.

Hi everyone,

I ran into the following error today while attempting to create a Lambda function using the CLI:

An error occurred (UnrecognizedClientException) when calling the CreateFunction operation: The security token included in the request is invalid.

The first thing to check is that your aws config is setup correctly. For me this is under c:userschris-pc.aws.

If that looks fine, double check that the associated user has the correct rights by viewing the IAM page in the server console: https://console.aws.amazon.com/iam/home

Finally, ensure that the user has programmatic access and that the keys match those in your config.