-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature] provide consistent results for aws ec2 import-image
and provide separate errors to allow triage
#808
Comments
Thanks for reaching out. The issue you described is with the EC2 ImportImage API / EC2 error codes rather than with the AWS CLI directly. We can reach out to the EC2 team with the request to improve the error messages here. (ref: P149339833). I'll transfer this to our cross-SDK respository for tracking since the issue involves a service API which is used across AWS SDKs in addition to the CLI. Also there is a related troubleshooting guide: https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-troubleshooting.html#import-image-errors So there are several possible causes of that error, and the error message could potentially make that clearer. |
Thanks @tim-finnigan. I already went through that troubleshooting guide in detail before I posted here. Something else going on. One big clue is that the |
Status Update
This knowledge regarding "iam:passRole" does not appear to be available in any online triage protocol for "import-image" that I have found, and was discovered by making the Import USER very promiscuous in granting "iam:*" as allowed actions, which made things work, then paring that grant down to the essence of WHICH IAM action caused things to work. ===> better telemetry from server-side failures is still needed. |
to the extent that better telemetry would introduce a breaking change if the HTTP response body is altered, the new payload info could be returned via a new response header field. |
aws ec2 import-image
and provide separate errors to allow triage
still more useless and ambiguous telemetry. A message which essentially says "upload deleted, invalid image due to missing filesystem components" -- needs to say what it was expecting, and what actually happened, like "/etc/fstab" is missing. or "root volume is missing", or "no partition contains the root volume", or "unable to install grub updates" would be much more informative. https://docs.aws.amazon.com/vm-import/latest/userguide/what-is-vmimport.html |
this one |
here's another useless message: ok, sure ... but which files are missing? Please. |
here's another useless messages clientform but which files are missing in it. |
aws ec2 import-image --region us-east-1 --role-name VMImportRole002 --disk-containers file://.disks.json --dry-run An error occurred (InvalidParameter) when calling the ImportImage operation: The service role VMImportRole002 provided does not exist or does not have sufficient permissions The context of the file is still in the middle of the conceptual behaviour and more often the file in it.code of conduct.contact the file remember the dialogue in the file concept of it. Also its been in the contributions. aws ec2 import-image --region us-east-1 --role-name VMImportRole002 --disk-containers file://.disks.json --dry-run An error occurred (InvalidParameter) when calling the ImportImage operation: The service role VMImportRole002 provided does not exist or does not have sufficient permissions.paste drop |
Add a comment in the main box d=systems of the following file in the circuit.paste drop or click to add files is also code of conduct in it for the given time time period and issues in it were also docs and contact management cookies section circuits were prompted for the main portals.contributing guidelines security policy and code of conduct.manage cookies in the file for interuptions. |
@amberkushwaha I do not understand your word-salad -- other than cut/paste from some of the comments above, why mention a "code of conduct" or "circuits" or "main portals" ? |
Checking in — are there any updates on your end? I've reported amberkushwaha for spam, you can ignore their comments. |
@tim-finnigan nothing much new -- noting that GCP has their import functionality as open-source, so much easier to triage. |
Thanks @PaulCharlton for following up. I'm trying to summarize the status of this for the EC2 team, as the issue is with their ImportImage API: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportImage.html Is the request to improve a specific error message here? Can we narrow this down to a reproducible set of steps for improving the documentation or error message? |
@tim-finnigan I can not provide sample code for improvements because there is no current visibility into the implementation of the API -- what is abundantly clear is that perhaps dozens of errors on the server side are conflated into one error code on the client side, leaving the client wondering what do to to fix anything. |
Describe the bug
this works:
and then, this fails:
Failure after dry run success is inconsistent with existing documentation.
context:
Expected Behavior
--dry-run
should fail if subsequent call without--dry-run
is going to failToo much ambiguity in error response
An error occurred (InvalidParameter) when calling the ImportImage operation: The service role VMImportRole002 provided does not exist or does not have sufficient permissions
error response should indicate precise nature of error, such as:
GetObject
for S3 bucket accesssufficient permission
is an inadequate response. What would be suitable ispermission s3:getObject
is required.In reviewing errors of
aws ec2 image-import
reporting on various Internet forums, there are literally a dozen root causes which can cause the single error above.Current Behavior
aws ec2 image-import
should work if--dry-run
is working [this is what the documentation states]aws ec2 image-import help
showsReproduction Steps
Possible Solution
What would be suitable is
permission s3:getObject is required.
error response should indicate precise nature of error, such as:
GetObject
for S3 bucket accesssufficient permission
is an inadequate response. What would be suitable ispermission s3:getObject
is required.In reviewing errors of
aws ec2 image-import
reporting on various Internet forums, there are literally a dozen root causes which can cause the single error above.ps: Cloud Trace logs are also not showing the specific failed operation.
Additional Information/Context
CLI version used
aws-cli/2.17.25 Python/3.11.9 Darwin/23.6.0 source/arm64
Environment details (OS name and version, etc.)
Darwin 14.5
The text was updated successfully, but these errors were encountered: