The user manual (https://github.com/awslabs/aws-saas-boost/blob/main/docs/user-guide.md) would be more complete if it described options or limitations relating to enterprise sign-on management.

A common on-prem scenario for enterprise software is that the "tenant" is an enterprise that has many users, where users log into their enterprise environment by logging into their Windows machine using credentials that are authenticated via Active Directory. The users then have access to their enterprise applications, which integrate with AD so that the apps can authenticate the user without requiring the user to explicitly log into each app again.

What becomes of this scenario if the app is migrated via SaaS Boost? The documentation says virtually nothing about how or whether single-tenant-multiple-users would work:

• is every tenant supposed to be an individual user? or can a tenant be an organization, under which there will be multiple users?
• in any case, if the on-prem app uses single-sign on to authenticate a user, what does that look like from the user experience when this app is migrated via SaaS Boost?

This is a 📕 documentation issue

Link to the page
Configure AWS SaaS Boost for the Sample Application

Description
A slight change to database instance type mentioned in the below sentence

"Select any of the available databases (MariaDB with a db.t2.micro instance class will provision the fastest)"

Whereas the smallest instance type part of the instance type dropdown is db.t3.micro so this needs to be updated in the getting started guide

Here is the screenshot of it

This is a 📕 documentation issue

The FSX nested stack for tenant onboarding fails with missing key for the FsxDnsNameFunction.

Reproduction Steps

1. Configure application for Windows with FSX
2. Update SaaS Boost using installer
3. A new lambda folder is created in the S3 artifact bucket
4. Onboard a new tenant
5. Tenant stack has "lambdas" as the Lambda Source Folder parameter value but that key no longer exists in the S3 bucket
6. FSX stack fails due to missing key for lambdas in
   S3Key: !Sub ${LambdaSourceFolder}/FsxDnsName-lambda.zip

What did you expect to happen?

Tenant stack should use the newly created lambda-2021-06-30 folder for the source and not lambdas.

Provision a tenant after update of SaaS Boost

What actually happened?

Stack failed to create with missing key

Environment

• AWS Region : eu-west-1
• AWS SaaS Boost Version :
• Workload OS (Linux or Windows) : Windows (and FSX)

Other

This is 🐛 Bug Report

Currently, users of SaaS Boost have only one authority.
I want the ability to give different users different authority.

Use Case

• For example, a system administrator can have full privileges, but a tenant management user can only start the tenant, and we don't want them to configure the application.

This is a 🚀 Feature Request

There seems to be a bug in the tenant-enable-disable lambda function. When I review the logs I get an exception (see below).

Reproduction Steps

From the admin page, select a tenant and disable them.

What did you expect to happen?

Status is set to active, but the ALB does not respond with the disabled page.

What actually happened?

The tenant's page continues to be served up by the LB. Is should be serving up a disabled page

Environment

• **AWS Region :**us-west-2
• **AWS SaaS Boost Version :**v0
• **Workload OS (Linux or Windows) :**Linux

Other

class java.lang.Boolean cannot be cast to class java.lang.String (java.lang.Boolean and java.lang.String are in module java.base of loader 'bootstrap'): java.lang.ClassCastException
java.lang.ClassCastException: class java.lang.Boolean cannot be cast to class java.lang.String (java.lang.Boolean and java.lang.String are in module java.base of loader 'bootstrap')
at com.amazon.aws.partners.saasfactory.saasboost.AlbSetListenerRule.handleRequest(AlbSetListenerRule.java:59)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)

This is 🐛 Bug Report

The yarn install process invoked by the installer script will fail with Node versions greater than 14.

We say use the long term support version of Node 14, but the installer doesn't check for the version just the existence of node.

Reproduction Steps

Install Node 16 and have it be the first node on your environment's PATH
Run install.sh

What did you expect to happen?

Either successfully complete the yarn install with Node > version 14
Or error out with an informative message saying the available version of Node is incompatible

What actually happened?

Build will fail on node-sass

Environment

• AWS Region :
• AWS SaaS Boost Version :
• Workload OS (Linux or Windows) :

Other

This is 🐛 Bug Report

Set the Minimum Instance Count to a value greater than 1 in the Application configuration (defaults) or for a specific tenant when onboarding or editing and that number is not set as the minimum task count on the ECS Service auto scaling group. Note that the Service's desired task count is updated properly.

When start task is called, the Service's desired count will be honored. This happens when you first onboard a tenant and the initial deployment happens. This also happens if you push a new version of your image to ECR because SaaS Boost will deploy that new version to your tenants for you automatically.

The desired count is not necessarily honored if the count increases but the minimum task count on the auto scaling group remains lower than the desired count. If the desired count is lowered and the auto scaling policies are not triggered, then the running task count in ECS will be lowered to match.

Reproduction Steps

Onboard a tenant with a minimum task count of 1. Note that ECS will launch 1 task.
Update that tenant to have a minimum task count greater than 1. Note that the ECS Service's desired count will be updated to reflect the larger number, but the Auto Scaling minimum task count will remain 1 and ECS will not launch a new task to match the desired count.

What did you expect to happen?

Right now SaaS Boost does not differentiate between the desired running task count for a service versus the lower bound of the auto scaling group tied to that service. ECS is designed with those two attributes independent of each other. Unless we add desired count to SaaS Boost as something different than min task count, we should make them equal in ECS.

What actually happened?

ECS did not update the running task count to equal the minimum instance count set by SaaS Boost.

Environment

• AWS Region :
• AWS SaaS Boost Version :
• Workload OS (Linux or Windows) :

Other

This is 🐛 Bug Report

If you are using Cloud9 IDE, for this to work with the 'sh install.sh' step:

1. The default 10G disk will fill up quick with logs, I switched to a 50G
2. I kept getting error about being low on virtual memory … changed instance type from t2.micro to t2.xlarge (1->4 vCPUs, 1G-16G RAM)

Hope that helps everyone else in their SaaS journey :D

Certain common POJOs and interfaces are copied between different SaaS Boost services, e.g. ComputeSize in both onboarding and settings service.

All APIs between services (and common libraries) should be extracted to this layer for use at build time and runtime.

Use Case

This simplifies both code management and interface/implementation separation.

Proposed Solution

Other

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

I'm trying to integrate Amazon Elasticsearch with SaaS boost, I have created a yaml file similar to the rds and efs extensions, i have also modified tenant-onboarding to fit the new extension modification.

Reproduction Steps

Project: https://github.com/AffiTheCreator/aws-saas-boost/tree/elasticsearch

1. Download the tenant-onboarding.yaml and tenant-onboarding-es.yaml
2. Upload the files to the S3 bucket of saas boost
3. Provision a Tenant

What did you expect to happen?

A tenant to be provision with an Elasticsearch node

What actually happened?

The stack failed to create with status reason:

User: arn:aws:sts::AAAAAAAAAAA:assumed-role/sb-dev-onboarding-svc-role-eu-west-1/sb-dev-onboarding-provision is not authorized to perform: es:DescribeElasticsearchDomain on resource: arn:aws:es:eu-west-1:AAAAAAAAAAA:domain/tenant-4d1e2ae8-es-cluster (Service: AWSElasticsearch; Status Code: 403; Error Code: AccessDeniedException; Request ID: 5733a27c-dbec-4325-ba7a-7526fc374dfe; Proxy: null)

2. The following resource(s) failed to create: [ElasticsearchDomain].

Environment

• **AWS Region : eu-west-1
• **AWS SaaS Boost Version : v0
• **Workload OS (Linux or Windows) : Linux

Other

This is 🐛 Bug Report

When using an IAM Role with temporary credentials (as with an SSO User) the Java install does not work. It returns the following error:

Please see detailed log file saas-boost-install.log
software.amazon.awssdk.services.iam.model.IamException: Must specify userName when calling with non-User credentials (Service: Iam, Status Code: 400, Request ID: a8ca9713-a17e-4a03-bc16-ebc07d6133fc, Extended Request ID: null)
        at software.amazon.awssdk.core.internal.http.CombinedResponseHandler.handleErrorResponse(CombinedResponseHandler.java:123)
        at software.amazon.awssdk.core.internal.http.CombinedResponseHandler.handleResponse(CombinedResponseHandler.java:79)
        at software.amazon.awssdk.core.internal.http.CombinedResponseHandler.handle(CombinedResponseHandler.java:59)
        at software.amazon.awssdk.core.internal.http.CombinedResponseHandler.handle(CombinedResponseHandler.java:40)
        at software.amazon.awssdk.core.internal.http.pipeline.stages.HandleResponseStage.execute(HandleResponseStage.java:40)
        at software.amazon.awssdk.core.internal.http.pipeline.stages.HandleResponseStage.execute(HandleResponseStage.java:30)
        at software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206)
        at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallAttemptTimeoutTrackingStage.execute(ApiCallAttemptTimeoutTrackingStage.java:73)
        at software.amazon.awssdk.core.internal.http.pipeline.stages.TimeoutExceptionHandlingStage.execute(TimeoutExceptionHandlingStage.java:77)
        at software.amazon.awssdk.core.internal.http.pipeline.stages.TimeoutExceptionHandlingStage.execute(TimeoutExceptionHandlingStage.java:39)
        at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallAttemptMetricCollectionStage.execute(ApiCallAttemptMetricCollectionStage.java:50)
        at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallAttemptMetricCollectionStage.execute(ApiCallAttemptMetricCollectionStage.java:36)
        at software.amazon.awssdk.core.internal.http.pipeline.stages.RetryableStage.execute(RetryableStage.java:64)
        at software.amazon.awssdk.core.internal.http.pipeline.stages.RetryableStage.execute(RetryableStage.java:34)
        at software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206)
        at software.amazon.awssdk.core.internal.http.StreamManagingStage.execute(StreamManagingStage.java:56)
        at software.amazon.awssdk.core.internal.http.StreamManagingStage.execute(StreamManagingStage.java:36)
        at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallTimeoutTrackingStage.executeWithTimer(ApiCallTimeoutTrackingStage.java:80)
        at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallTimeoutTrackingStage.execute(ApiCallTimeoutTrackingStage.java:60)
        at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallTimeoutTrackingStage.execute(ApiCallTimeoutTrackingStage.java:42)
        at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallMetricCollectionStage.execute(ApiCallMetricCollectionStage.java:48)
        at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallMetricCollectionStage.execute(ApiCallMetricCollectionStage.java:31)
        at software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206)
        at software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206)
        at software.amazon.awssdk.core.internal.http.pipeline.stages.ExecutionFailureExceptionReportingStage.execute(ExecutionFailureExceptionReportingStage.java:37)
        at software.amazon.awssdk.core.internal.http.pipeline.stages.ExecutionFailureExceptionReportingStage.execute(ExecutionFailureExceptionReportingStage.java:26)
        at software.amazon.awssdk.core.internal.http.AmazonSyncHttpClient$RequestExecutionBuilderImpl.execute(AmazonSyncHttpClient.java:193)
        at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.invoke(BaseSyncClientHandler.java:128)
        at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.doExecute(BaseSyncClientHandler.java:154)
        at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:107)
        at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:162)
        at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:91)
        at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45)
        at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:55)
        at software.amazon.awssdk.services.iam.DefaultIamClient.getUser(DefaultIamClient.java:5748)
        at software.amazon.awssdk.services.iam.IamClient.getUser(IamClient.java:8426)
        at com.amazon.aws.partners.saasfactory.saasboost.SaaSBoostInstall.start(SaaSBoostInstall.java:904)
        at com.amazon.aws.partners.saasfactory.saasboost.SaaSBoostInstall.main(SaaSBoostInstall.java:198)

Stop the SaaS boost services when not in use

Use Case

From a Dev project standpoint, we use the environment during working hours. we would like to see the feature in stopping the service in nonworking works.
For now, in fargate we are changing the autoscaling group to min 0 desired 0 and max as 0

Proposed Solution

In the SaaS boast web console, under each tenant have the option to change the fargate ASG and also have the option to launch in the public subnet to avoid TSG cost

Other

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

Changing billing plans creates a new customer object and subscription in Stripe.

Reproduction Steps

Select tenant > click edit > change billing plan

What did you expect to happen?

Existing Stripe subscription is updated to reflect new plan and prorated billing shows up in a new invoice for the next month.

What actually happened?

A new Customer is created with a new subscription. Tenant is charged multiple times.

Environment

• AWS Region : us-west-2
• AWS SaaS Boost Version : v0
• Workload OS (Linux or Windows) : Linux

Other

This is 🐛 Bug Report

aws-saas-boos\samples\java\build.ps1 uses $AWS_ACCOUNT_ID variable which is not defined in powershell script. Instead $AWS_ACCOUNT variable is defined which is required to be modified while preparing Docker Repository URL.

$DOCKER_REPO="$AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPO"

should be changed to

$DOCKER_REPO="$AWS_ACCOUNT.dkr.ecr.$AWS_REGION.amazonaws.com/$ECR_REPO"

or $AWS_ACCOUNT variable needs to be changed to $AWS_ACCOUNT_ID

What actually happened?

Repo and Tag values printed without account id

Error while uploading the image to ECR due to missing account id

Environment

• AWS Region : us-east-1
• AWS SaaS Boost Version : 4th June 2021
• Workload OS (Linux or Windows) : Windows

Other

This is 🐛 Bug Report

AWS recommends using capacity providers for ECS to scale EC2 instances used to run ECS tasks. Currently, AWS SaaS Boost uses EC2 instances for Windows workloads and creates an Auotscaling group but it does not setup capacity provider for the ECS cluster.

Use Case

Autoscaling EC2 instances for Windows workloads using capacity providers will reduce operational overhead for managing EC2 scaling.

Proposed Solution

Enhancement request is to setup a capacity provider that associates the Autoscaling group with the ECS cluster. Having option to setup additional capacity providers that use spot instances would be make it even more flexible.

Other

• [x ] 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

CF RDSInstance substack failed during tenant onboarding with the following error:
DB Engine sqlserver-ex does not support encryption at rest (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 39dfa31e-c3c0-4028-899e-19d704362907; Proxy: null)

Error occurs during EncryptionKeyAlias CF logical ID.

Reproduction Steps

Provision a tenant that requires SQL Server Express. RDSInstance substack will fail due to incompatible features.

What did you expect to happen?

RDS for SQL Server Express would provision (original app uses Express) based on the menu options in Database configuration for the application.

What actually happened?

Creation of the RDS instance failed during the CF deployment at the EncryptionKeyAlias logical ID, with the following error:

DB Engine sqlserver-ex does not support encryption at rest (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 39dfa31e-c3c0-4028-899e-19d704362907; Proxy: null)

Environment

• AWS Region : us-west-2
• AWS SaaS Boost Version : v0 - dev
• Workload OS (Linux or Windows) : Windows ASP.NET Framework 4.7.2

Other

This is 🐛 Bug Report

When selecting a new application config, the application config screen will accept completely bogus parameters and start attempting to provision with those parameters. For example:

1. a completely wrong ARN for the SSL cert
2. a different domain name that hasn't been configured
3. an invalid database name

Use Case

SaaS Boost is about accelerating SaaS migrations onto AWS, and so SaaS Boost should fail as fast as possible to allow users to quickly iterate on their SaaS solution.

Proposed Solution

Either the UI should have an idea of what is/isn't allowed given a particular selection or (more likely) the settings microservice does validation logic before certifying a new application configuration.

Other

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

All new PRs should automatically trigger a workflow to verify the code compiles. GitHub Actions is the currently recommended way to implement this functionality.

Use Case

As the community around SaaS Boost grows, the number of incoming PRs will likely also increase. To help the maintainers of the repository keep up and build an environment of self service in the community, all PRs should automatically be analyzed for code style, build, and test so that reviewers can instead focus on the important things: architecture, design, and code.

Proposed Solution

I have a working prototype in my fork. The PR opened against this issue will have that PR workflow run against it, so we can see what a normal PR would go through.

Other

This PR is created as part of the PR Validation and CI Automation milestone. Subsequent issues and PRs are incoming to introduce automatic testing, new unit tests, automatic style checking and bug finding, and more.

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

The user manual (https://github.com/awslabs/aws-saas-boost/blob/main/docs/user-guide.md) would be more complete if it described options or limitations relating to data security.

In particular, one of the most common problems that on-prem software addresses is to eliminate any need for the software provider to ever have access to the customer's data.

Is this problem solved by AWS SaaS Boost? Does this provide a way to separate the container's software from the customer's data (for example, by mimicking a file system whereby the vendor provides the image that runs on Windows in %PROGRAMFILES%, and configures it to use a separate, customer-owned drive (mounted, for example, on %APPDATA%), which only the customer, and not the vendor, has access to?

Regardless of whether this capability exists or does not exist, data security is such a common barrier to enterprise-to-saas migration that it should be addressed in the documentation

This is a 📕 documentation issue

Currently when tenant onboarding fails, no information is provided in the SaaS Boost UI or via the SaaS Boost APIs as to why: a user needs to go to CloudFormation in their AWS account to do the investigation themselves. To make SaaS Boost easier to use (and more "boosted") SaaS Boost should be able to return the stack failure reason provided by CloudFormation and ideally provide some suggestions for fixing the issue.

Use Case

Any tenant onboarding failure would be easier to debug with this feature.

Proposed Solution

Boost already tracks the created stack ARN for each tenant. Using the describeStacks API, Boost can track down to the nested stack failure reason by calling the stackStatusReason() function as part of the Stack class.

Other

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

With the recent code changes seems like a lot of test cases are failing in different modules which eventually causes the install to fail. The installer does a mvn install which is inclusive of tests so if the testcases fail the installation also will fail

Reproduction Steps

Just run sh install.sh

What did you expect to happen?

Build and installation should successfully complete

What actually happened?

Got the following errors in different modules:

Error 1

2021-05-28 22:59:04 SaaSBoostInstall.printResults [INFO]  
2021-05-28 22:59:04 SaaSBoostInstall.printResults [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ SystemRestApiClient --- 
2021-05-28 22:59:04 SaaSBoostInstall.printResults [INFO] Using 'UTF-8' encoding to copy filtered resources. 
2021-05-28 22:59:04 SaaSBoostInstall.printResults [INFO] skip non existing resourceDirectory /Users/harrajag/CodeBase/saas-boost/functions/system-rest-api-client/src/test/resources 
2021-05-28 22:59:04 SaaSBoostInstall.printResults [INFO]  
2021-05-28 22:59:04 SaaSBoostInstall.printResults [INFO] --- maven-compiler-plugin:3.6.0:testCompile (default-testCompile) @ SystemRestApiClient --- 
2021-05-28 22:59:04 SaaSBoostInstall.printResults [INFO] Changes detected - recompiling the module! 
2021-05-28 22:59:04 SaaSBoostInstall.printResults [INFO] Compiling 1 source file to /Users/harrajag/CodeBase/saas-boost/functions/system-rest-api-client/target/test-classes 
2021-05-28 22:59:04 SaaSBoostInstall.printResults [INFO] ------------------------------------------------------------- 
2021-05-28 22:59:04 SaaSBoostInstall.printResults [ERROR] COMPILATION ERROR :  
2021-05-28 22:59:04 SaaSBoostInstall.printResults [INFO] ------------------------------------------------------------- 
2021-05-28 22:59:04 SaaSBoostInstall.printResults [ERROR] /Users/harrajag/CodeBase/saas-boost/functions/system-rest-api-client/src/test/java/com/amazon/aws/partners/saasfactory/saasboost/SystemRestApiClientTest.java:[71,48] error: unreported exception IOException; must be caught or declared to be thrown 

Error 2

[ERROR] testEventBridgeJson(com.amazon.aws.partners.saasfactory.saasboost.SystemRestApiClientTest)  Time elapsed: 0.111 s  <<< ERROR!
java.util.ServiceConfigurationError: com.fasterxml.jackson.databind.Module: com.fasterxml.jackson.datatype.jsr310.JavaTimeModule Unable to get public no-arg constructor

Error 3

at com.amazon.aws.partners.saasfactory.saasboost.SystemRestApiClientTest.testEventBridgeJson(SystemRestApiClientTest.java:71)
Caused by: java.lang.NoClassDefFoundError: com/fasterxml/jackson/databind/ser/std/ToStringSerializerBase	

Environment

• AWS Region : us-east-1
• AWS SaaS Boost Version : Master branch
• Workload OS (Linux or Windows) : Mac and Windows

This is 🐛 Bug Report

ECS Exec has been a heavily requested feature in the ECS community. For dev purposes, when testing a container deployment within SaaS boost, having the option to add ECS Exec would facilitate the debugging process making the deployment process faster

Use Case

When building a container for production, having access to the container to check what is happening is a must. The logs provided sometimes are not enough. ECS Exec allows me to launch an interactive shell and run a few tests from there.
My current method to launch and test my containers is running a local docker installation and replicate the fargate constraints and then open an interactive shell to see what is going on.

Proposed Solution

Similar to the File System, Database and billing, have another section called advanced, this section is reserved for dev purpose only.
If the ECS Exec is checked then during the tenant onboarding process fargate cluster will be configured to accept ECS Exec commands.

Other

ECSTaskDefinition:
   Type: AWS::ECS::TaskDefinition
   Properties:
     Family:
       Fn::Join: ['', ['tenant-', !Select [0, !Split ['-', !Ref TenantId]]]]
     ExecutionRoleArn: !GetAtt ECSTaskExecutionRole.Arn
     TaskRoleArn: !GetAtt ECSTaskRole.Arn
     RequiresCompatibilities:
       Fn::If:
         - WindowsOS
         - - EC2
         - - FARGATE
     Memory: !If [WindowsOS, !Ref 'AWS::NoValue', !Ref TaskMemory]
     Cpu: !If [WindowsOS, !Ref 'AWS::NoValue', !Ref TaskCPU]
     NetworkMode: !If [WindowsOS, !Ref 'AWS::NoValue', awsvpc]
     Tags:
       - Key: Tenant
         Value: !Ref TenantId
     ContainerDefinitions:
       - Name:
           Fn::Join: ['', ['tenant-', !Select [0, !Split ['-', !Ref TenantId]]]]
         Image: !Sub ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${ContainerRepository}:latest
         Cpu: !If [WindowsOS, !Ref TaskCPU, !Ref 'AWS::NoValue']
         Memory: !If [WindowsOS, !Ref TaskMemory, !Ref 'AWS::NoValue']
         # Author: AffiTheCreator
         # 
         # Adds ECS Exec 
         # See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html # Optional task definition changes
         #
         # WIP 
         # TODO
         # 1. Add checkbox in Administration application to add such choice to tenant.
         # 2. Make vatiable into !Ref similar to EFS, DATABASE , PORT , etc 
         LinuxParameters: 
           - InitProcessEnabled: true
         PortMappings:
           - ContainerPort: !Ref ContainerPort
         LogConfiguration:
           LogDriver: awslogs
           Options:
             awslogs-group: !Ref ECSLogGroup
             awslogs-region: !Ref AWS::Region
             awslogs-stream-prefix: ecs

From what I could understand from the ECS Exec documentation by adding LinuxParameters: entry the feature is enabled

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

Application upgrade might be also DB object changes (new table or new column to my existing table or new store procedure to my RDS instance or a filesystem change in the application setup. These changes cannot be made using container-based deployment without disturbing the existing data or filesystem in my application. To propagate such upgrades to all the tenants, utilities(services) needed to run DB scripts into tenant's RDS and OS Scripts in tenant's filesystem as a part of SaaS Boost application upgrade utilities.

Use Case

1. Application upgrade requires DB object changes - eg: new table or new column to an existing table, change in stored procedure or addition of new procedure inside my application RDS instance (inside all tenants)
2. A change in the tenants file system - eg: create a new folder, change permission to an existing folder, replace an existing file

Proposed Solution

Utilities(services) needed to run DB scripts into tenant's RDS and OS Scripts in tenant's filesystem as a part of SaaS Boost application upgrade utilities

Other

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

If a Route53 hosted zone already exists for a given domain name, we do not reuse it we create a new hosted zone every time.

Reproduction Steps

Create a hosted zone in Route53 for a domain name
Tell SaaS Boost to use that domain name for your application

What did you expect to happen?

Reuse the existing hosted zone for the domain name so that the DNS servers don't have to change and to reduce confusion when seeing multiple hosted zones all named the same.

What actually happened?

A 2nd hosted zone for the same domain is created

This is 🐛 Bug Report

The onboarding listing page currently displays all the onboarding records and when the list gets long it is difficult to locate the record of interest.

Use Case

Improvement to the UI to manage larger number of tenants.

Proposed Solution

Add a drop-down to filter on status

Other

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

While trying to delete a tenant I got a DELETE_FAILED state.
CloudFormation log The vpc 'vpc-AAAAA9744f11d180' has dependencies and cannot be deleted. (Service: AmazonEC2; Status Code: 400; Error Code: DependencyViolation; Request ID: AAAAAAA-547f-46b7-8e4b-937834713510; Proxy: null)

Reproduction Steps

I updated the container image prior to deleting the tenant - just a note
I'm trying to connect an Amazon Elasticsearch to a tenant running on fargate.

Step 1

1. Create Amazon Elasticsearch Domain - For this I created a domain inside the tenant VPC
2. Delete the Amazon Elasticsearch Domain

Step 2

1. Delete tenant in administration web app

What did you expect to happen?

Tenant being deleted, with no status error. Since the Elasticsearch domain has deleted first and being that the only dependency I can think of because. The delete button has work for me before, I have done a few tenants deletes with no error.

What actually happened?

The tenant got deleted, but the VPC is still active, and I have a failed state even though the tenant got deleted.

Environment

• **AWS Region :eu-west-1
• **AWS SaaS Boost Version : v0
• **Workload OS (Linux or Windows) : Linux

This is 🐛 Bug Report

I configured an application for Windows and when I try to configure the File system the settings are not being saved.

Reproduction Steps

1. Setup a Windows host in the Application page.
2. Deployed a tenant
3. Deleted a tenant
4. Tried to setup File system in the application page
5. Settings do not save

What did you expect to happen?

What actually happened?

Environment

• AWS Region : us-east-1
• AWS SaaS Boost Version :
• Workload OS (Linux or Windows) :. Windows

Other

This is 🐛 Bug Report

Use Case

Boost currently limits the number of tenants to 255 due to IP blocks availability. Each VPC is create with a 10.X.X.X/16 cidr block hence only allowing 255 VPCs and therefore tenants to be created.

Proposed Solution

Change VPC cidr block to /20 to support 4080 tenants and 4096 IPs per VPC

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

I followed the setup instructions with one exception -- my machine already had node v14.16.1 on it, so I did not install node v14.15.

.\install.ps1
AWS Region = us-east-2
Building Java Installer with maven
Java Installer build completed
Downloading dependencies for React Web App, please be patient
Download dependencies completed for React Web App
Launch Java Installer for SaaS Boost
Error: Could not find or load main class .util.logging.config.file=logging.properties
Caused by: java.lang.ClassNotFoundException: /util/logging/config/file=logging/properties

Environment

• AWS Region : us-east-2
• AWS SaaS Boost Version : commit 74e9047 (HEAD -> main, origin/main, origin/HEAD)
• Workload OS (Linux or Windows) : Windows

Other

This is 🐛 Bug Report

When running the installer, Cognito sends an email to the configured administrator email with a temporary password for use to login to the React app. In some cases (at least once for me) the email was sent long before the React app was finished provisioning, leading to a bad customer experience.

Reproduction Steps

Run the installer. Watch your email closely, and immediately click the link once the email comes through. In some

What did you expect to happen?

I expected that the email would only show up in my inbox after the UI was ready for me to click the link.

What actually happened?

The provided link sent me to a dead page. After ~2-3 minutes of refreshing, the UI finished provisioning and was reachable.

Environment

• AWS Region : us-west-2
• AWS SaaS Boost Version : main, HEAD 8bb3f79
• Workload OS (Linux or Windows) : MacOS (Linux)

Other

This may not be as easy to solve as it seems. We need Cognito to configure the user pool for access to the React app, and there is currently no hook to tell once the provisioning is done. We may need to add a new workflow to the CloudFormation template explicitly sending that email.

If after investigation this is found to be impossible, please close as won't fix.

This is 🐛 Bug Report

Reproduction Steps

Run sh install.sh and type y to the question Would you like to setup Amazon Quicksight for Metrics and Analytics?.

What actually happened?

Failed to create cloudformation stack named sb-***-metrics.

Lambda log

2021-06-17 14:43:13.058  INFO  RedshiftTable - Version Info: 0580f47, Commit time: 2021-06-15T22:41:16+0000
--
START RequestId: 364ee6bf-9958-47d8-ac7d-afb79b0b3e0d Version: $LATEST
2021-06-17 14:43:14.151 364ee6bf-9958-47d8-ac7d-afb79b0b3e0d INFO  Utils - {     "RequestType": "Create",     "ServiceToken": "arn:aws:lambda:us-west-2:680232321764:function:sb-prod-redshift-table-create",     "ResponseURL": "https://cloudformation-custom-resource-response-uswest2.s3-us-west-2.amazonaws.com/arn%3Aaws%3Acloudformation%3Aus-west-2%3A680232321764%3Astack/sb-prod-metrics/ccdf49b0-cf79-11eb-b22f-065c587fbcb5%7CInvokeRedshiftTable%7Cc0bb7f6c-7129-4b0e-a3b4-50e2f3c7c033?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20210617T144310Z&X-Amz-SignedHeaders=host&X-Amz-Expires=7200&X-Amz-Credential=AKIA54RCMT6SODZYQISN%2F20210617%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=b7ae1f0d337a9e4cdcc73fb26e75324ed032d35027eb78db543fc7452d4f720d",     "StackId": "arn:aws:cloudformation:us-west-2:680232321764:stack/sb-prod-metrics/ccdf49b0-cf79-11eb-b22f-065c587fbcb5",     "RequestId": "c0bb7f6c-7129-4b0e-a3b4-50e2f3c7c033",     "LogicalResourceId": "InvokeRedshiftTable",     "ResourceType": "Custom::CustomResource",     "ResourceProperties": {         "ServiceToken": "arn:aws:lambda:us-west-2:680232321764:function:sb-prod-redshift-table-create",         "DatabaseUrl": "jdbc:redshift://redshiftcluster-zlzrno28vsdt.c9xjxa8hn7a9.us-west-2.redshift.amazonaws.com:8200/sbmetricsprod",         "TableName": "sb_metrics",         "Username": "metricsadmin",         "Password": "/saas-boost/prod/REDSHIFT_MASTER_PASSWORD"     } }
2021-06-17 14:43:14.170  INFO  RedshiftTable - CREATE
2021-06-17 14:43:14.171  INFO  RedshiftTable - Getting database password secret from Parameter Store
2021-06-17 14:43:16.187  INFO  RedshiftTable - Using JDBC Url: jdbc:redshift://redshiftcluster-zlzrno28vsdt.c9xjxa8hn7a9.us-west-2.redshift.amazonaws.com:8200/sbmetricsprod
2021-06-17 14:43:17.771  ERROR RedshiftTable - Error connecting [Amazon](500310) Invalid operation: password authentication failed for user "metricsadmin";
2021-06-17 14:43:17.773  ERROR RedshiftTable - java.sql.SQLException: [Amazon](500310) Invalid operation: password authentication failed for user "metricsadmin";	at com.amazon.redshift.client.messages.inbound.ErrorResponse.toErrorException(ErrorResponse.java:1830)	at com.amazon.redshift.client.InboundDataHandler.read(InboundDataHandler.java:454)	at com.amazon.support.channels.AbstractSocketChannel.readCallback(Unknown Source)	at com.amazon.support.channels.PlainSocketChannel.read(Unknown Source)Caused by: com.amazon.support.exceptions.ErrorException: [Amazon](500310) Invalid operation: password authentication failed for user "metricsadmin";	... 4 more
2021-06-17 14:43:17.787  INFO  RedshiftTable - Sleep one minute for dns to resolve
2021-06-17 14:44:17.884  ERROR RedshiftTable - Error connecting [Amazon](500310) Invalid operation: password authentication failed for user "metricsadmin";
2021-06-17 14:44:17.885  ERROR RedshiftTable - java.sql.SQLException: [Amazon](500310) Invalid operation: password authentication failed for user "metricsadmin";	at com.amazon.redshift.client.messages.inbound.ErrorResponse.toErrorException(ErrorResponse.java:1830)	at com.amazon.redshift.client.InboundDataHandler.read(InboundDataHandler.java:454)	at com.amazon.support.channels.AbstractSocketChannel.readCallback(Unknown Source)	at com.amazon.support.channels.PlainSocketChannel.read(Unknown Source)Caused by: com.amazon.support.exceptions.ErrorException: [Amazon](500310) Invalid operation: password authentication failed for user "metricsadmin";	... 4 more
2021-06-17 14:44:17.885  INFO  RedshiftTable - Sleep one minute for dns to resolve
2021-06-17 14:45:17.933  ERROR RedshiftTable - Error connecting [Amazon](500310) Invalid operation: password authentication failed for user "metricsadmin";
2021-06-17 14:45:17.933  ERROR RedshiftTable - java.sql.SQLException: [Amazon](500310) Invalid operation: password authentication failed for user "metricsadmin";	at com.amazon.redshift.client.messages.inbound.ErrorResponse.toErrorException(ErrorResponse.java:1830)	at com.amazon.redshift.client.InboundDataHandler.read(InboundDataHandler.java:454)	at com.amazon.support.channels.AbstractSocketChannel.readCallback(Unknown Source)	at com.amazon.support.channels.PlainSocketChannel.read(Unknown Source)Caused by: com.amazon.support.exceptions.ErrorException: [Amazon](500310) Invalid operation: password authentication failed for user "metricsadmin";	... 4 more
2021-06-17 14:45:17.934  INFO  RedshiftTable - Sleep one minute for dns to resolve
2021-06-17 14:46:17.968  ERROR RedshiftTable - Error connecting [Amazon](500310) Invalid operation: password authentication failed for user "metricsadmin";
2021-06-17 14:46:17.968  ERROR RedshiftTable - java.sql.SQLException: [Amazon](500310) Invalid operation: password authentication failed for user "metricsadmin";	at com.amazon.redshift.client.messages.inbound.ErrorResponse.toErrorException(ErrorResponse.java:1830)	at com.amazon.redshift.client.InboundDataHandler.read(InboundDataHandler.java:454)	at com.amazon.support.channels.AbstractSocketChannel.readCallback(Unknown Source)	at com.amazon.support.channels.PlainSocketChannel.read(Unknown Source)Caused by: com.amazon.support.exceptions.ErrorException: [Amazon](500310) Invalid operation: password authentication failed for user "metricsadmin";	... 4 more
2021-06-17 14:46:17.969  INFO  RedshiftTable - Sleep one minute for dns to resolve
2021-06-17 14:47:17.971 364ee6bf-9958-47d8-ac7d-afb79b0b3e0d ERROR RedshiftTable - FAILED unexpected error or request timed out java.lang.RuntimeException: Unable to connect to Redshift database after 5 attempts.
2021-06-17 14:47:17.971 364ee6bf-9958-47d8-ac7d-afb79b0b3e0d ERROR RedshiftTable - java.util.concurrent.ExecutionException: java.lang.RuntimeException: Unable to connect to Redshift database after 5 attempts.	at java.base/java.util.concurrent.FutureTask.report(Unknown Source)	at java.base/java.util.concurrent.FutureTask.get(Unknown Source)	at com.amazon.aws.partners.saasfactory.saasboost.RedshiftTable.handleRequest(RedshiftTable.java:173)	at com.amazon.aws.partners.saasfactory.saasboost.RedshiftTable.handleRequest(RedshiftTable.java:38)	at lambdainternal.EventHandlerLoader$PojoHandlerAsStreamHandler.handleRequest(EventHandlerLoader.java:199)	at lambdainternal.EventHandlerLoader$2.call(EventHandlerLoader.java:899)	at lambdainternal.AWSLambda.startRuntime(AWSLambda.java:257)	at lambdainternal.AWSLambda.startRuntime(AWSLambda.java:192)	at lambdainternal.AWSLambda.main(AWSLambda.java:187)Caused by: java.lang.RuntimeException: Unable to connect to Redshift database after 5 attempts.	at com.amazon.aws.partners.saasfactory.saasboost.RedshiftTable.lambda$handleRequest$1(RedshiftTable.java:106)	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)	at java.base/java.lang.Thread.run(Unknown Source)
2021-06-17 14:47:17.973 364ee6bf-9958-47d8-ac7d-afb79b0b3e0d INFO  RedshiftTable - ResponseURL: https://cloudformation-custom-resource-response-uswest2.s3-us-west-2.amazonaws.com/arn%3Aaws%3Acloudformation%3Aus-west-2%3A680232321764%3Astack/sb-prod-metrics/ccdf49b0-cf79-11eb-b22f-065c587fbcb5%7CInvokeRedshiftTable%7Cc0bb7f6c-7129-4b0e-a3b4-50e2f3c7c033?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20210617T144310Z&X-Amz-SignedHeaders=host&X-Amz-Expires=7200&X-Amz-Credential=AKIA54RCMT6SODZYQISN%2F20210617%2Fus-west-2%2Fs3%2Faws4_request&X-Amz-Signature=b7ae1f0d337a9e4cdcc73fb26e75324ed032d35027eb78db543fc7452d4f720d
2021-06-17 14:47:17.993 364ee6bf-9958-47d8-ac7d-afb79b0b3e0d INFO  RedshiftTable - Response Body: {     "Status": "FAILED",     "RequestId": "c0bb7f6c-7129-4b0e-a3b4-50e2f3c7c033",     "LogicalResourceId": "InvokeRedshiftTable",     "StackId": "arn:aws:cloudformation:us-west-2:680232321764:stack/sb-prod-metrics/ccdf49b0-cf79-11eb-b22f-065c587fbcb5",     "PhysicalResourceId": "InvokeRedshiftTable",     "Reason": "java.util.concurrent.ExecutionException: java.lang.RuntimeException: Unable to connect to Redshift database after 5 attempts.\n\tat java.base/java.util.concurrent.FutureTask.report(Unknown Source)\n\tat java.base/java.util.concurrent.FutureTask.get(Unknown Source)\n\tat com.amazon.aws.partners.saasfactory.saasboost.RedshiftTable.handleRequest(RedshiftTable.java:173)\n\tat com.amazon.aws.partners.saasfactory.saasboost.RedshiftTable.handleRequest(RedshiftTable.java:38)\n\tat lambdainternal.EventHandlerLoader$PojoHandlerAsStreamHandler.handleRequest(EventHandlerLoader.java:199)\n\tat lambdainternal.EventHandlerLoader$2.call(EventHandlerLoader.java:899)\n\tat lambdainternal.AWSLambda.startRuntime(AWSLambda.java:257)\n\tat lambdainternal.AWSLambda.startRuntime(AWSLambda.java:192)\n\tat lambdainternal.AWSLambda.main(AWSLambda.java:187)\nCaused by: java.lang.RuntimeException: Unable to connect to Redshift database after 5 attempts.\n\tat com.amazon.aws.partners.saasfactory.saasboost.RedshiftTable.lambda$handleRequest$1(RedshiftTable.java:106)\n\tat java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)\n\tat java.base/java.util.concurrent.FutureTask.run(Unknown Source)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)\n\tat java.base/java.lang.Thread.run(Unknown Source)\n" }
2021-06-17 14:47:18.522 364ee6bf-9958-47d8-ac7d-afb79b0b3e0d INFO  RedshiftTable - Response Code: 200
END RequestId: 364ee6bf-9958-47d8-ac7d-afb79b0b3e0d
REPORT RequestId: 364ee6bf-9958-47d8-ac7d-afb79b0b3e0d	Duration: 244399.72 ms	Billed Duration: 244400 ms	Memory Size: 1024 MB	Max Memory Used: 201 MB	Init Duration: 3074.97 ms

version

Git hash: 0580f47

Currently the installer log4j configuration doesn't include the log level, which makes the installer log harder to parse at eye level. Ideally the log4j2 configuration in the installer would match the configuration for the other parts of SaaS Boost.

Use Case

The installer is the first component a new user of SaaS Boost will interact with, so it should reflect the standards used in the rest of the SaaS Boost project.

Proposed Solution

Change the installer log4j2 config in installer/src/main/resources/log4j2.xml

Other

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

❓ General Issue

The Question

Are there initial configuration steps required to enable a successful build of the Saas Boost React Web Application?

After running sh install.sh the install process beings and runs seemingly successfully until it reaches the "Start build of AWS Saas Boost React web application with yarn...". Immediately an installation error is thrown.

I have verified that the prerequisites are installed and configured.
Here is the input provided when initiating sh install.sh

Launch Java Installer for SaaS Boost
WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance.
Setting version to v0 as it is missing from the git properties file.

Welcome to the AWS SaaS Boost Installer
Setting version to v0 as it is missing from the git properties file.
Installer Version: 85459a1-dirty, Commit time: 2021-05-13T20:03:38-0400
Checking maven, yarn and AWS CLI...
Environment Checks for maven, yarn, and AWS CLI PASSED.

After the initial error, I ran the install script and chose the delete option to remove the installation. I then verified via the AWS CloudFormation console that all components had been removed. Just to be sure I was using the latest files, I deleted the Saas Boost folder and re-cloned the repo, and attempted to install again.

The stack trace (below) seems to be pointing to a null value for the React App environment variables. Should I use the output from CloudFormation (Cognito & API Gateway) in the client/web env file and re-run install using the update option?

Environment

• AWS SaaS Boost Version:
  1.89.0 (build df7253c)

Other information

Here is the input provided when initiating sh install.sh

Launch Java Installer for SaaS Boost
WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance.
Setting version to v0 as it is missing from the git properties file.

Welcome to the AWS SaaS Boost Installer
Setting version to v0 as it is missing from the git properties file.
Installer Version: 85459a1-dirty, Commit time: 2021-05-13T20:03:38-0400
Checking maven, yarn and AWS CLI...
Environment Checks for maven, yarn, and AWS CLI PASSED.

Would you like to continue the installation with the following options?
AWS SaaS Boost Environment Name: dev
Admin Email Address: <private_email>.io
Route 53 Domain for AWS SaaS Boost environment: portal..io
Install Metrics and Analytics: y
Amazon Quicksight user for setup of Metrics and Analytics: n/a
Setup Active Directory for FSX for Windows: n
Enter y to continue or n to cancel: y
Continuing installation of AWS SaaS Boost

Stack Trace:

Awaiting CloudFormation Stack sb-dev to complete. Sleep 5 minute(s)...
Awaiting CloudFormation Stack sb-dev to complete. Sleep 1 minute(s)...
Awaiting CloudFormation Stack sb-dev to complete. Sleep 1 minute(s)...
Awaiting CloudFormation Stack sb-dev to complete. Sleep 1 minute(s)...
Awaiting CloudFormation Stack sb-dev to complete. Sleep 1 minute(s)...
Awaiting CloudFormation Stack sb-dev to complete. Sleep 1 minute(s)...
Awaiting CloudFormation Stack sb-dev to complete. Sleep 1 minute(s)...
Awaiting CloudFormation Stack sb-dev to complete. Sleep 1 minute(s)...
Awaiting CloudFormation Stack sb-dev to complete. Sleep 1 minute(s)...
Awaiting CloudFormation Stack sb-dev to complete. Sleep 1 minute(s)...
CloudFormation Stack: sb-dev completed successfully.
Copy files to S3 web site bucket
Start build of AWS SaaS Boost React web application with yarn ...

Installation Error: null
Please see detailed log file saas-boost-install.log
java.lang.NullPointerException
at java.base/java.lang.ProcessEnvironment.validateValue(ProcessEnvironment.java:120)
at java.base/java.lang.ProcessEnvironment$Value.valueOf(ProcessEnvironment.java:203)
at java.base/java.lang.ProcessEnvironment$StringEnvironment.put(ProcessEnvironment.java:243)
at java.base/java.lang.ProcessEnvironment$StringEnvironment.put(ProcessEnvironment.java:221)
at com.amazon.aws.partners.saasfactory.saasboost.SaaSBoostInstall.buildAndCopyWebApp(SaaSBoostInstall.java:2257)
at com.amazon.aws.partners.saasfactory.saasboost.SaaSBoostInstall.installSaaSBoost(SaaSBoostInstall.java:1459)
at com.amazon.aws.partners.saasfactory.saasboost.SaaSBoostInstall.start(SaaSBoostInstall.java:977)
at com.amazon.aws.partners.saasfactory.saasboost.SaaSBoostInstall.main(SaaSBoostInstall.java:198)

When I open up the saas-boost-install.log, here are the details showing the error.

2021-05-14 16:19:23 SaaSBoostInstall.createSaaSBoostStack createSaaSBoostStack::stack id arn:aws:cloudformation:us-east-1:045258344123:stack/sb-dev/abca1e00-b4f1-11eb-83c6-0a8858a4ea55
2021-05-14 16:19:23 SaaSBoostInstall.outputMessage Awaiting CloudFormation Stack sb-dev to complete. Sleep 5 minute(s)...
2021-05-14 16:24:24 SaaSBoostInstall.outputMessage Awaiting CloudFormation Stack sb-dev to complete. Sleep 1 minute(s)...
2021-05-14 16:25:24 SaaSBoostInstall.outputMessage Awaiting CloudFormation Stack sb-dev to complete. Sleep 1 minute(s)...
2021-05-14 16:26:25 SaaSBoostInstall.outputMessage Awaiting CloudFormation Stack sb-dev to complete. Sleep 1 minute(s)...
2021-05-14 16:27:26 SaaSBoostInstall.outputMessage Awaiting CloudFormation Stack sb-dev to complete. Sleep 1 minute(s)...
2021-05-14 16:28:27 SaaSBoostInstall.outputMessage Awaiting CloudFormation Stack sb-dev to complete. Sleep 1 minute(s)...
2021-05-14 16:29:27 SaaSBoostInstall.outputMessage Awaiting CloudFormation Stack sb-dev to complete. Sleep 1 minute(s)...
2021-05-14 16:30:28 SaaSBoostInstall.outputMessage Awaiting CloudFormation Stack sb-dev to complete. Sleep 1 minute(s)...
2021-05-14 16:31:29 SaaSBoostInstall.outputMessage Awaiting CloudFormation Stack sb-dev to complete. Sleep 1 minute(s)...
2021-05-14 16:32:31 SaaSBoostInstall.outputMessage Awaiting CloudFormation Stack sb-dev to complete. Sleep 1 minute(s)...
2021-05-14 16:33:31 SaaSBoostInstall.outputMessage CloudFormation Stack: sb-dev completed successfully.
2021-05-14 16:33:31 SaaSBoostInstall.outputMessage Copy files to S3 web site bucket
2021-05-14 16:33:32 SaaSBoostInstall.outputMessage Start build of AWS SaaS Boost React web application with yarn ...
2021-05-14 16:33:32 SaaSBoostInstall.outputMessage ===========================================================
2021-05-14 16:33:32 SaaSBoostInstall.outputMessage Installation Error: null
2021-05-14 16:33:32 SaaSBoostInstall.outputMessage Please see detailed log file saas-boost-install.log
2021-05-14 16:33:32 SaaSBoostInstall.main java.lang.NullPointerException
at java.base/java.lang.ProcessEnvironment.validateValue(ProcessEnvironment.java:120)
at java.base/java.lang.ProcessEnvironment$Value.valueOf(ProcessEnvironment.java:203)
at java.base/java.lang.ProcessEnvironment$StringEnvironment.put(ProcessEnvironment.java:243)
at java.base/java.lang.ProcessEnvironment$StringEnvironment.put(ProcessEnvironment.java:221)
at com.amazon.aws.partners.saasfactory.saasboost.SaaSBoostInstall.buildAndCopyWebApp(SaaSBoostInstall.java:2257)
at com.amazon.aws.partners.saasfactory.saasboost.SaaSBoostInstall.installSaaSBoost(SaaSBoostInstall.java:1459)
at com.amazon.aws.partners.saasfactory.saasboost.SaaSBoostInstall.start(SaaSBoostInstall.java:977)
at com.amazon.aws.partners.saasfactory.saasboost.SaaSBoostInstall.main(SaaSBoostInstall.java:198)

2021-05-14 16:33:32 SaaSBoostInstall.outputMessage java.lang.NullPointerException
at java.base/java.lang.ProcessEnvironment.validateValue(ProcessEnvironment.java:120)
at java.base/java.lang.ProcessEnvironment$Value.valueOf(ProcessEnvironment.java:203)
at java.base/java.lang.ProcessEnvironment$StringEnvironment.put(ProcessEnvironment.java:243)
at java.base/java.lang.ProcessEnvironment$StringEnvironment.put(ProcessEnvironment.java:221)
at com.amazon.aws.partners.saasfactory.saasboost.SaaSBoostInstall.buildAndCopyWebApp(SaaSBoostInstall.java:2257)
at com.amazon.aws.partners.saasfactory.saasboost.SaaSBoostInstall.installSaaSBoost(SaaSBoostInstall.java:1459)
at com.amazon.aws.partners.saasfactory.saasboost.SaaSBoostInstall.start(SaaSBoostInstall.java:977)
at com.amazon.aws.partners.saasfactory.saasboost.SaaSBoostInstall.main(SaaSBoostInstall.java:198)

Reproduction Steps

During the application setup, under File System, when selecting the folder name to mount inside of the container if the name of the folder contains a "." saas boost won't let you apply the settings and will throw an error. (e.g /random.folder/ )

Step-by-step:

1. Configure your application
2. Tick Provision a File system for the application
3. Under "Mount point" try adding /random.folder
4. Press the Submit button

What did you expect to happen?

It should have allowed me to create the folder.

What actually happened?

I got an error saying my folder name is invalid with no clue to what was happening.

Environment

• AWS Region : eu-west-1
• **AWS SaaS Boost Version : 1.0.0?? not sure what version is on now ( my bottom corner says "Version v0 - vi )
• **Workload OS (Linux or Windows) : Linux **

This is 🐛 Bug Report

In SaaS Boost environments where you've deleted an onboarded tenant and then subsequently upload a new version of the application workload to ECR, deployment of that new version does not happen.

Reproduction Steps

Install SaaS Boost
Upload an application image to ECR
Onboard 2 tenants
Delete 1 of the tenants
Update the application, rebuild the Docker image, and push to ECR

What did you expect to happen?

Updated application image should be deployed to the remaining non-deleted tenants

What actually happened?

The CodePipeline for the non-deleted tenants never gets triggered

Environment

• AWS Region :
• AWS SaaS Boost Version :
• Workload OS (Linux or Windows) :

Other

The getProvisionedTenants call in the Tenant Service does not exclude deleted tenants. When we delete tenants, we remove all of their infrastructure (including the CodePipline), but we retain a record in the tenant database with onboarding status == deleted.

This is 🐛 Bug Report

Add option to Application settings to allow and disallow ECS exec from Saas Boost web app.

Use Case

For developing purposes, ECS exec makes a lot of sense hence #35, as of now we need to modify the tenant-onboarding.yaml to allow/disallow such tool.

Proposed Solution

Solution 1

Similar to the database and filesystem have a third element for developer tools such as ECS exec.

Solution 2

Add a checkbox to container settings element

This is a 🚀 Feature Request

When you edit a provisioned tenant you can override the compute defaults to change the min and max task counts for the tenant's auto scaling group. The overrideDefaults boolean is persisted properly, but the min and max counts are not.

Reproduction Steps

1. Onboard a tenant with the default compute settings
2. Call the /tenants/{id} API or look at the DynamoDB item for that tenant and see min and max are not present (because it's using the defauls)
3. Edit the tenant in the UI and override the defaults to change the min and max
4. Call the /tenants/{id} API or look at the DynamoDB item for that tenant and see min and max are still not present...

What did you expect to happen?

A tenant with overrideDefaults set to true should also have minCount, maxCount, and computeSize attributes set to a non null value.

What actually happened?

overrideDefaults = true, but minCount, maxCount, and computeSize are all null (not present in the DynamoDB item attributes)

Other

It's a mismatch in the field names - at one point we had minTaskCount and maxTaskCount and it was changed to minCount and maxCount. The Tenant Service data access layer is inconsistent with its use of minCount vs minTaskCount.

This is 🐛 Bug Report

"Database Name" field in Application/Database/Database Initialization (Optional) seems to be actually required. You can submit the configuration form with empty name, but then DB initialization (MariaDB) fails in saasfactory/configuration/DataSourceConfig.java [ln 119] with SQL syntax error because DB_NAME is empty.

Environment

• AWS Region : eu-west-2
• AWS SaaS Boost Version : v0
• Workload OS (Linux or Windows) : Linux (bundled test app)

This is 🐛 Bug Report

Saas Boost already supports all major databases, but it's missing ElasticSearch.

Use Case

I have an application that needs ElasticSearch, currently, the only method to get my application running is installing ElasticSearch Inside of the container with the rest of my application. Not ideal for my use case.

Proposed Solution

Other

This is a 🚀 Feature Request

During application setup, choosing a compute size that will cause account limits for compute (i.e. number of CPUs) to be exceeded was not detected, causing a tenant provisioning failure.

Reproduction Steps

Choose x-large compute size and-or increase max instances.

What did you expect to happen?

Error or warning message would appear to prevent tenant provisioning until condition was satisfied.

Provision a tenant

What actually happened?

Expected a warning or error during application config - error not seen until CF stack failed during ECSAutoScaling substack execution.

Environment

• AWS Region : us-west-2
• **AWS SaaS Boost Version :v0 - dev
• **Workload OS (Linux or Windows) :Windows ASP.NET Framework 4.7.2

Other

This is 🐛 Bug Report

Deleting a tenant through the UI when the application has been configured to run an Aurora database fails because the IAM role of the delete functionality does not have permissions to create a snapshot prior to removing the database instance/cluster.

Reproduction Steps

1. Configure SaaS Boost to use an Aurora database of either type
2. Onboard a tenant
3. Delete the tenant from the tenant detail page

What did you expect to happen?

Tenant removed and onboarding CloudFormation stacks deleted without error.

What actually happened?

The tenant RDS nested CloudFormation stack fails to delete because the Onboarding Service IAM role does not have permission to execute rds:CreateDBClusterSnapshot

Environment

• AWS Region :
• AWS SaaS Boost Version :
• Workload OS (Linux or Windows) :

Other

This is 🐛 Bug Report

There is no documentation on how to use SaaS Boost API.

Use Case

1. Dev purposes
2. Software integration

Proposed Solution

• Document every API call
• Add examples to each API call
• Add examples of an API workflow (e.g: auth token)

Other

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

.\install.ps1 failed

This error occurred while I was following the AWS SaaS Boost Getting Started Guide
My IAM user has full admin permissions.

The Question

Installation Error: The security token included in the request is invalid. (Service: Iam, Status Code: 403, Request ID: a9b216f5-18d4-411a-82c8-6a6546bd7833, Extended Request ID: null)
Please see detailed log file saas-boost-install.log
software.amazon.awssdk.services.iam.model.IamException: The security token included in the request is invalid. (Service: Iam, Status Code: 403, Request ID: a9b216f5-18d4-411a-82c8-6a6546bd7833, Extended Request ID: null)
at software.amazon.awssdk.core.internal.http.CombinedResponseHandler.handleErrorResponse(CombinedResponseHandler.java:123)
at software.amazon.awssdk.core.internal.http.CombinedResponseHandler.handleResponse(CombinedResponseHandler.java:79)
at software.amazon.awssdk.core.internal.http.CombinedResponseHandler.handle(CombinedResponseHandler.java:59)
at software.amazon.awssdk.core.internal.http.CombinedResponseHandler.handle(CombinedResponseHandler.java:40)
at software.amazon.awssdk.core.internal.http.pipeline.stages.HandleResponseStage.execute(HandleResponseStage.java:40)
at software.amazon.awssdk.core.internal.http.pipeline.stages.HandleResponseStage.execute(HandleResponseStage.java:30)
at software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206)
at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallAttemptTimeoutTrackingStage.execute(ApiCallAttemptTimeoutTrackingStage.java:73)
at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallAttemptTimeoutTrackingStage.execute(ApiCallAttemptTimeoutTrackingStage.java:42)
at software.amazon.awssdk.core.internal.http.pipeline.stages.TimeoutExceptionHandlingStage.execute(TimeoutExceptionHandlingStage.java:77)
at software.amazon.awssdk.core.internal.http.pipeline.stages.TimeoutExceptionHandlingStage.execute(TimeoutExceptionHandlingStage.java:39)
at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallAttemptMetricCollectionStage.execute(ApiCallAttemptMetricCollectionStage.java:50)
at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallAttemptMetricCollectionStage.execute(ApiCallAttemptMetricCollectionStage.java:36)
at software.amazon.awssdk.core.internal.http.pipeline.stages.RetryableStage.execute(RetryableStage.java:64)
at software.amazon.awssdk.core.internal.http.pipeline.stages.RetryableStage.execute(RetryableStage.java:34)
at software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206)
at software.amazon.awssdk.core.internal.http.StreamManagingStage.execute(StreamManagingStage.java:56)
at software.amazon.awssdk.core.internal.http.StreamManagingStage.execute(StreamManagingStage.java:36)
at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallTimeoutTrackingStage.executeWithTimer(ApiCallTimeoutTrackingStage.java:80)
at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallTimeoutTrackingStage.execute(ApiCallTimeoutTrackingStage.java:60)
at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallTimeoutTrackingStage.execute(ApiCallTimeoutTrackingStage.java:42)
at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallMetricCollectionStage.execute(ApiCallMetricCollectionStage.java:48)
at software.amazon.awssdk.core.internal.http.pipeline.stages.ApiCallMetricCollectionStage.execute(ApiCallMetricCollectionStage.java:31)
at software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206)
at software.amazon.awssdk.core.internal.http.pipeline.RequestPipelineBuilder$ComposingRequestPipelineStage.execute(RequestPipelineBuilder.java:206)
at software.amazon.awssdk.core.internal.http.pipeline.stages.ExecutionFailureExceptionReportingStage.execute(ExecutionFailureExceptionReportingStage.java:37)
at software.amazon.awssdk.core.internal.http.pipeline.stages.ExecutionFailureExceptionReportingStage.execute(ExecutionFailureExceptionReportingStage.java:26)
at software.amazon.awssdk.core.internal.http.AmazonSyncHttpClient$RequestExecutionBuilderImpl.execute(AmazonSyncHttpClient.java:193)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.invoke(BaseSyncClientHandler.java:128)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.doExecute(BaseSyncClientHandler.java:154)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.lambda$execute$1(BaseSyncClientHandler.java:107)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.measureApiCallSuccess(BaseSyncClientHandler.java:162)
at software.amazon.awssdk.core.internal.handler.BaseSyncClientHandler.execute(BaseSyncClientHandler.java:91)
at software.amazon.awssdk.core.client.handler.SdkSyncClientHandler.execute(SdkSyncClientHandler.java:45)
at software.amazon.awssdk.awscore.client.handler.AwsSyncClientHandler.execute(AwsSyncClientHandler.java:55)
at software.amazon.awssdk.services.iam.DefaultIamClient.getUser(DefaultIamClient.java:5748)
at software.amazon.awssdk.services.iam.IamClient.getUser(IamClient.java:8426)
at com.amazon.aws.partners.saasfactory.saasboost.SaaSBoostInstall.start(SaaSBoostInstall.java:904)
at com.amazon.aws.partners.saasfactory.saasboost.SaaSBoostInstall.main(SaaSBoostInstall.java:198)

Environment

• JDK: openjdk 11.0.11 2021-04-20 LTS
• NodeJS: v14.15.1
• Workload OS (Linux or Windows) : Windows

I have an issue with mount point volumes and SaaS boost, it's more of a user problem rather than a code one. I was hoping someone could help me. I have read all the documentation about mounted volumes in docker and AWS. But still can't get it to work within AWS.

What I have!

1. I have an app that is divided into 2 parts, the main software and modules, they work as an add-on.
2. I'm trying to have the add-ons folder mounted in an EFS with the File System capability of SaaS boost
3. I have modified the main part of the software to accept the new directory.
4. I have generated Deb files to install both parts, the main part and each individual add-on, they are located inside /Modules
5. When building the container the dockerfile runs a script that installs all the deb files correctly.
6. If I use --mount flag like so docker run --name foo --publish 8000:80 --mount source=module_vol,target=/foo bar it works, but the volume is created inside the default folder and I cannot change that, I think, also this type of volumes are not compatible with fargate only EC2. I'm running fargate, so I can't use it to test for AWS.
7. if I use the -v f flag docker run --name SaasBoost --publish 8000:80 -v E:\dockerVolume\aws:/afonso bar it also works, with the small catch that, all the files that have been previously installed during the docker build process have disappeared. My software then creates the folder structure but it's empty.
8. Since Fargate only supports bind volumes I can only use -v flag
9. I have uploaded a container to AWS ECR Repo and I have tried launching it with the mounted volume and without. If I use internal storage, meaning no mount points my software works as intended but as soon as I introduced the mount points it starts complaining about missing directories, more specifically the mounted volumes.
10. start.sh launches a series of installations. I have tested the installation script in previous tenants and always worked.
    • One of the installation files creates the foo directory and gives it proper read-write access so the folder structure exists

Here is part of my dockerfile:

#Pull base image
FROM ubuntu:18.04

.
.
. Not important stuff
.
.
RUN start.sh
# At this point all the necessary files have been copied to the correct folders , the documentation states 
# any files inside the directory will be copied to the mounted volume. 
VOLUME ["/foo"]

# I try again installing the modules files to foo directory with no effect
WORKDIR /Modules
RUN apt-get install ./modules.*.deb

WORKDIR /
ENTRYPOINT service main_software start && tail -f /dev/null

The problem

I need /foo directory not to be empty when I use the -v flag , and the documentation states any file inside the container's folder will be copied to the bind mount volume. This is not happening.

Originally posted by @AffiTheCreator in #37

The SSM parameters created for the environment are not deleted when the environment is deleted using the installer or by deleting the CloudFormation stack.

Reproduction Steps

1. Use installer to create a SaaS Boost environment named dev.
2. Login into SaaS Boost admin ui and setup Application.
3. Go to AWS console and review the SSM parameters created for the environment with name. For example, /saas-boost/dev/DB_PORT
4. Use the installer to delete the SaaS Boost environment.

What did you expect to happen?

Expected the SSM parameters for the environment to be deleted.

What actually happened?

The SSM parameters such as /saas-boost/dev/DB_PORT are not deleted.

Environment

• AWS Region : us-east-1
• AWS SaaS Boost Version :
• Workload OS (Linux or Windows) : Linux

Other

This is 🐛 Bug Report

Change the colour scheme for the onboarding Status for each Tenant

Use Case

Improved visual feedback

Proposed Solution

Provisioning status should be another colour.

Other

Both delete and Provisioning have the same color:

This is a 🚀 Feature Request

Unable to build unless you use git, people downloading as zip and saving will fail to run maven.

Reproduction Steps

Save as zip from GitHub, then run install script.

What did you expect to happen?

To build the java installer.

What actually happened?

Failed due to depending on .git in the installer.

Environment

n/a

In the AWS SaaS Boost UI, the Onboarding Request page refreshes midstream to populate the Application defaults area. This leads to a poor user experience as data entered on the page is cleared out on the refresh.

Reproduction Steps

1. Navigate to Onboarding
2. Click on Provision Tenant
3. Start entering the tenant name
4. In the case the application defaults have not been loaded from navigation to other areas of the app, the page will refresh when the data is loaded.

What did you expect to happen?

I would expect the data to be loaded before rendering the page.

What actually happened?

Environment

• AWS Region :
• AWS SaaS Boost Version :
• Workload OS (Linux or Windows) :

Other

This is 🐛 Bug Report

Feature

Ability to add/onboard multiple applications part of tenant setup

Use Case

It’s quite common in an enterprise setup, the customer may have a variety of applications belonging to different tenant, that they would like to onboard and manage part of this setup. Currently saas factory supports only one application which can get expanded on to provide support for multiple applications/containers.

Proposed Solution

Just a suggestion from a user experience perspective:

Other

• 👋 I may be able to implement this feature request
• ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

Tried creating the RDS instance with the resource as 8vCPUs, 32GiB RAM as shown in screenshot

But the instance is getting different value, 4vCPU and 16GiB RAM.

Reproduction Steps

Create RDS details as db.m5.xlarge(8vCPUs, 32GiB RAM) in SaaS Boost, onboard a tenant

What did you expect to happen?

RDS instance for the tenant should have 8vCPUs, 32GiB RAM.

What actually happened?

RDS instance is getting value 4vCPUs and 16GiB RAM

Environment

• **AWS Region :Ireland
• AWS SaaS Boost Version :
• **Workload OS (Linux or Windows) : Windows

Other

This is 🐛 Bug Report