I have a nodejs app in git on Azure DevOps. I am deploying to AWS elastic beanstalk using AWS toolkit for Azure DevOps and I am using 2 tasks from there, first to create a new application version using task BeanstalkCreateApplicationVersion and then deploying that version using task BeanstalkDeployApplication. Below is the config that I am using to first upload the file to s3, creating a version and then deploying it:
- task: BeanstalkCreateApplicationVersion@1
inputs:
awsCredentials: 'AWS'
regionName: 'eu-west-2'
applicationName: 'test'
applicationType: 's3'
deploymentBundleBucket: 'azure-devops-s3'
deploymentBundleKey: 'app/$(Build.BuildId).zip'
versionLabel: '$(Build.BuildId)'
outputVariable: '$(VersionLabelOutput)'
- task: BeanstalkDeployApplication@1
inputs:
awsCredentials: 'AWS'
regionName: 'eu-west-2'
applicationName: 'test'
environmentName: 'test-env'
applicationType: 'version'
versionLabel: '$(Build.BuildId)'
outputVariable: '$(VersionLabelOutput)'
When this runs, the zip file to s3 uploads fine, a new version is created in the application version page and I can see it in AWS EB application. However when the deploy task runs, I get the error:
##[error]Error: Environment test-env does not exist for the application test
Full error log:
2024-05-27T21:48:58.1337210Z ==============================================================================
2024-05-27T21:48:58.6835860Z Deployment type set to version
2024-05-27T21:48:58.6845889Z Configuring credentials for task
2024-05-27T21:48:58.6857862Z ...configuring AWS credentials from service endpoint 'fdcf7bc7-ef55-447f-b7ca-405078d3c310'
2024-05-27T21:48:58.6873904Z ...configuring AWS credentials from service endpoint 'fdcf7bc7-ef55-447f-b7ca-405078d3c310'
2024-05-27T21:48:58.6874246Z ...endpoint defines standard access/secret key credentials
2024-05-27T21:48:58.6880524Z Configuring region for task
2024-05-27T21:48:58.6881133Z ...configured to use region eu-west-2, defined in task.
2024-05-27T21:48:58.6958867Z Configuring credentials for task
2024-05-27T21:48:58.6959889Z ...configuring AWS credentials from service endpoint 'fdcf7bc7-ef55-447f-b7ca-405078d3c310'
2024-05-27T21:48:58.6963463Z ...configuring AWS credentials from service endpoint 'fdcf7bc7-ef55-447f-b7ca-405078d3c310'
2024-05-27T21:48:58.6963902Z ...endpoint defines standard access/secret key credentials
2024-05-27T21:48:58.6964573Z Configuring region for task
2024-05-27T21:48:58.6967920Z ...configured to use region eu-west-2, defined in task.
2024-05-27T21:48:59.0247976Z ##[error]Error: Environment test-env does not exist for the application test
2024-05-27T21:48:59.0284495Z ##[section]Finishing: BeanstalkDeployApplication
These are the permissions that I use in the IAM user for Azure DevOps pipeline:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"autoscaling:ResumeProcesses",
"s3:*",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStackResource",
"autoscaling:SuspendProcesses",
"elasticbeanstalk:CreateApplicationVersion",
"elasticbeanstalk:CreateStorageLocation",
"elasticbeanstalk:DescribeEvents",
"autoscaling:DescribeScalingActivities",
"autoscaling:DescribeAutoScalingGroups",
"elasticbeanstalk:UpdateEnvironment",
"elasticbeanstalk:DescribeApplications",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer"
],
"Resource": "*"
}
]
}
The issue was IAM user was missing a permission for elasticbeanstalk:DescribeEnvironments.
Once this was added, the deployments started to work again and issue was resolved.