4

I have been trying to add a private key into the eb environment variable configuration and have tried removing the newline, changing the ("") to ('') but neither of which would be accepted by eb and causes the environment health to be degraded.

I have referenced other questions asked on the platform but most of them uses the export function or are able to get the key saved as an environment variable but unable to retrieve it in the code (How to set multiline RSA private key environment variable for AWS Elastic Beans)

I have added the last 100 lines of logs from eb below as a reference

-------------------------------------
/var/log/nodejs/nodejs.log
-------------------------------------
> webrtc-chatter@0.0.1 start /var/app/current
> node index.js




-------------------------------------
/var/log/nodejs/npm-debug.log
-------------------------------------
UTC 2018/12/28 09:55:31 cannot find application npm debug log at /tmp/deployment/application/npm-debug.log 
UTC 2018/12/28 13:22:14 cannot find application npm debug log at /tmp/deployment/application/npm-debug.log 
UTC 2018/12/31 10:03:31 cannot find application npm debug log at /tmp/deployment/application/npm-debug.log 
UTC 2018/12/31 13:10:09 cannot find application npm debug log at /tmp/deployment/application/npm-debug.log 
UTC 2018/12/31 13:19:10 cannot find application npm debug log at /tmp/deployment/application/npm-debug.log 
UTC 2018/12/31 13:21:04 cannot find application npm debug log at /tmp/deployment/application/npm-debug.log 
UTC 2018/12/31 13:34:08 cannot find application npm debug log at /tmp/deployment/application/npm-debug.log 
UTC 2018/12/31 13:41:11 cannot find application npm debug log at /tmp/deployment/application/npm-debug.log 
UTC 2018/12/31 14:02:34 cannot find application npm debug log at /tmp/deployment/application/npm-debug.log 
UTC 2018/12/31 19:09:33 cannot find application npm debug log at /tmp/deployment/application/npm-debug.log 



-------------------------------------
/var/log/eb-activity.log
-------------------------------------
  node-pre-gyp ERR! node-pre-gyp -v v0.12.0
  node-pre-gyp ERR! not ok 
  Failed to execute '/opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/bin/node /opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js configure --fallback-to-build --library=static_library --module=/tmp/deployment/application/node_modules/grpc/src/node/extension_binary/node-v64-linux-x64-glibc/grpc_node.node --module_name=grpc_node --module_path=/tmp/deployment/application/node_modules/grpc/src/node/extension_binary/node-v64-linux-x64-glibc --napi_version=3 --node_abi_napi=napi --napi_build_version=0 --node_napi_label=node-v64' (1)
  npm ERR! code ELIFECYCLE
  npm ERR! errno 1
  npm ERR! grpc@1.16.1 install: `node-pre-gyp install --fallback-to-build --library=static_library`
  npm ERR! Exit status 1
  npm ERR! 
  npm ERR! Failed at the grpc@1.16.1 install script.
  npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

  npm ERR! A complete log of this run can be found in:
  npm ERR!     /tmp/.npm/_logs/2018-12-31T19_09_33_684Z-debug.log
  Not using a reverse proxy
  Running npm install:  /opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/bin/npm
  Setting npm config jobs to 1
  npm config jobs set to 1
  Running npm with --production flag
  Failed to run npm install. Snapshot logs for more details.
  UTC 2018/12/31 19:09:33 cannot find application npm debug log at /tmp/deployment/application/npm-debug.log 

  Traceback (most recent call last):
    File "/opt/elasticbeanstalk/containerfiles/ebnode.py", line 695, in <module>
      main()
    File "/opt/elasticbeanstalk/containerfiles/ebnode.py", line 677, in main
      node_version_manager.run_npm_install(options.app_path)
    File "/opt/elasticbeanstalk/containerfiles/ebnode.py", line 136, in run_npm_install
      self.npm_install(bin_path, self.config_manager.get_container_config('app_staging_dir'))
    File "/opt/elasticbeanstalk/containerfiles/ebnode.py", line 180, in npm_install
      raise e
  subprocess.CalledProcessError: Command '['/opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/bin/npm', '--production', 'install']' returned non-zero exit status 1 (ElasticBeanstalk::ExternalInvocationError)
caused by: + /opt/elasticbeanstalk/containerfiles/ebnode.py --action npm-install

  > grpc@1.16.1 install /tmp/deployment/application/node_modules/grpc
  > node-pre-gyp install --fallback-to-build --library=static_library

  node-pre-gyp WARN Using request for node-pre-gyp https download 
  node-pre-gyp WARN Pre-built binaries not installable for grpc@1.16.1 and node@10.13.0 (node-v64 ABI, glibc) (falling back to source compile with node-gyp) 
  node-pre-gyp WARN Hit error EACCES: permission denied, mkdir '/tmp/deployment/application/node_modules/grpc/src/node' 
  gyp ERR! configure error 
  gyp ERR! stack Error: EACCES: permission denied, mkdir '/tmp/deployment/application/node_modules/grpc/build'
  gyp ERR! System Linux 4.14.77-69.57.amzn1.x86_64
  gyp ERR! command "/opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/bin/node" "/opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "configure" "--fallback-to-build" "--library=static_library" "--module=/tmp/deployment/application/node_modules/grpc/src/node/extension_binary/node-v64-linux-x64-glibc/grpc_node.node" "--module_name=grpc_node" "--module_path=/tmp/deployment/application/node_modules/grpc/src/node/extension_binary/node-v64-linux-x64-glibc" "--napi_version=3" "--node_abi_napi=napi" "--napi_build_version=0" "--node_napi_label=node-v64"
  gyp ERR! cwd /tmp/deployment/application/node_modules/grpc
  gyp ERR! node -v v10.13.0
  gyp ERR! node-gyp -v v3.8.0
  gyp ERR! not ok 
  node-pre-gyp ERR! build error 
  node-pre-gyp ERR! stack Error: Failed to execute '/opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/bin/node /opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js configure --fallback-to-build --library=static_library --module=/tmp/deployment/application/node_modules/grpc/src/node/extension_binary/node-v64-linux-x64-glibc/grpc_node.node --module_name=grpc_node --module_path=/tmp/deployment/application/node_modules/grpc/src/node/extension_binary/node-v64-linux-x64-glibc --napi_version=3 --node_abi_napi=napi --napi_build_version=0 --node_napi_label=node-v64' (1)
  node-pre-gyp ERR! stack     at ChildProcess.<anonymous> (/tmp/deployment/application/node_modules/grpc/node_modules/node-pre-gyp/lib/util/compile.js:83:29)
  node-pre-gyp ERR! stack     at ChildProcess.emit (events.js:182:13)
  node-pre-gyp ERR! stack     at maybeClose (internal/child_process.js:962:16)
  node-pre-gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:251:5)
  node-pre-gyp ERR! System Linux 4.14.77-69.57.amzn1.x86_64
  node-pre-gyp ERR! command "/opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/bin/node" "/tmp/deployment/application/node_modules/grpc/node_modules/.bin/node-pre-gyp" "install" "--fallback-to-build" "--library=static_library"
  node-pre-gyp ERR! cwd /tmp/deployment/application/node_modules/grpc
  node-pre-gyp ERR! node -v v10.13.0
  node-pre-gyp ERR! node-pre-gyp -v v0.12.0
  node-pre-gyp ERR! not ok 
  Failed to execute '/opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/bin/node /opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js configure --fallback-to-build --library=static_library --module=/tmp/deployment/application/node_modules/grpc/src/node/extension_binary/node-v64-linux-x64-glibc/grpc_node.node --module_name=grpc_node --module_path=/tmp/deployment/application/node_modules/grpc/src/node/extension_binary/node-v64-linux-x64-glibc --napi_version=3 --node_abi_napi=napi --napi_build_version=0 --node_napi_label=node-v64' (1)
  npm ERR! code ELIFECYCLE
  npm ERR! errno 1
  npm ERR! grpc@1.16.1 install: `node-pre-gyp install --fallback-to-build --library=static_library`
  npm ERR! Exit status 1
  npm ERR! 
  npm ERR! Failed at the grpc@1.16.1 install script.
  npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

  npm ERR! A complete log of this run can be found in:
  npm ERR!     /tmp/.npm/_logs/2018-12-31T19_09_33_684Z-debug.log
  Not using a reverse proxy
  Running npm install:  /opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/bin/npm
  Setting npm config jobs to 1
  npm config jobs set to 1
  Running npm with --production flag
  Failed to run npm install. Snapshot logs for more details.
  UTC 2018/12/31 19:09:33 cannot find application npm debug log at /tmp/deployment/application/npm-debug.log 

  Traceback (most recent call last):
    File "/opt/elasticbeanstalk/containerfiles/ebnode.py", line 695, in <module>
      main()
    File "/opt/elasticbeanstalk/containerfiles/ebnode.py", line 677, in main
      node_version_manager.run_npm_install(options.app_path)
    File "/opt/elasticbeanstalk/containerfiles/ebnode.py", line 136, in run_npm_install
      self.npm_install(bin_path, self.config_manager.get_container_config('app_staging_dir'))
    File "/opt/elasticbeanstalk/containerfiles/ebnode.py", line 180, in npm_install
      raise e
  subprocess.CalledProcessError: Command '['/opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/bin/npm', '--production', 'install']' returned non-zero exit status 1 (Executor::NonZeroExitStatus)


[2018-12-31T19:09:33.710Z] INFO  [18640] - [Configuration update travis-5b0a4d4df0abae1daa0ab1e5fa92b27a5e51021a-1544498766@21/ConfigDeployStage0/ConfigDeployPreHook/50npm.sh] : Activity failed.
[2018-12-31T19:09:33.710Z] INFO  [18640] - [Configuration update travis-5b0a4d4df0abae1daa0ab1e5fa92b27a5e51021a-1544498766@21/ConfigDeployStage0/ConfigDeployPreHook] : Activity failed.
[2018-12-31T19:09:33.710Z] INFO  [18640] - [Configuration update travis-5b0a4d4df0abae1daa0ab1e5fa92b27a5e51021a-1544498766@21/ConfigDeployStage0] : Activity failed.
[2018-12-31T19:09:33.710Z] INFO  [18640] - [Configuration update travis-5b0a4d4df0abae1daa0ab1e5fa92b27a5e51021a-1544498766@21] : Completed activity. Result:
  Configuration update - Command CMD-ConfigDeploy failed
[2018-12-31T19:19:07.258Z] INFO  [19138] - [CMD-TailLogs] : Starting activity...
[2018-12-31T19:19:07.259Z] INFO  [19138] - [CMD-TailLogs/AddonsBefore] : Starting activity...
[2018-12-31T19:19:07.259Z] INFO  [19138] - [CMD-TailLogs/AddonsBefore] : Completed activity.
[2018-12-31T19:19:07.259Z] INFO  [19138] - [CMD-TailLogs/TailLogs] : Starting activity...
[2018-12-31T19:19:07.259Z] INFO  [19138] - [CMD-TailLogs/TailLogs/TailLogs] : Starting activity...



-------------------------------------
/var/log/eb-commandprocessor.log
-------------------------------------
  UTC 2018/12/31 19:09:33 cannot find application npm debug log at /tmp/deployment/application/npm-debug.log 

  Traceback (most recent call last):
    File "/opt/elasticbeanstalk/containerfiles/ebnode.py", line 695, in <module>
      main()
    File "/opt/elasticbeanstalk/containerfiles/ebnode.py", line 677, in main
      node_version_manager.run_npm_install(options.app_path)
    File "/opt/elasticbeanstalk/containerfiles/ebnode.py", line 136, in run_npm_install
      self.npm_install(bin_path, self.config_manager.get_container_config('app_staging_dir'))
    File "/opt/elasticbeanstalk/containerfiles/ebnode.py", line 180, in npm_install
      raise e
  subprocess.CalledProcessError: Command '['/opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/bin/npm', '--production', 'install']' returned non-zero exit status 1 (ElasticBeanstalk::ExternalInvocationError)
caused by: + /opt/elasticbeanstalk/containerfiles/ebnode.py --action npm-install

  > grpc@1.16.1 install /tmp/deployment/application/node_modules/grpc
  > node-pre-gyp install --fallback-to-build --library=static_library

  node-pre-gyp WARN Using request for node-pre-gyp https download 
  node-pre-gyp WARN Pre-built binaries not installable for grpc@1.16.1 and node@10.13.0 (node-v64 ABI, glibc) (falling back to source compile with node-gyp) 
  node-pre-gyp WARN Hit error EACCES: permission denied, mkdir '/tmp/deployment/application/node_modules/grpc/src/node' 
  gyp ERR! configure error 
  gyp ERR! stack Error: EACCES: permission denied, mkdir '/tmp/deployment/application/node_modules/grpc/build'
  gyp ERR! System Linux 4.14.77-69.57.amzn1.x86_64
  gyp ERR! command "/opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/bin/node" "/opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "configure" "--fallback-to-build" "--library=static_library" "--module=/tmp/deployment/application/node_modules/grpc/src/node/extension_binary/node-v64-linux-x64-glibc/grpc_node.node" "--module_name=grpc_node" "--module_path=/tmp/deployment/application/node_modules/grpc/src/node/extension_binary/node-v64-linux-x64-glibc" "--napi_version=3" "--node_abi_napi=napi" "--napi_build_version=0" "--node_napi_label=node-v64"
  gyp ERR! cwd /tmp/deployment/application/node_modules/grpc
  gyp ERR! node -v v10.13.0
  gyp ERR! node-gyp -v v3.8.0
  gyp ERR! not ok 
  node-pre-gyp ERR! build error 
  node-pre-gyp ERR! stack Error: Failed to execute '/opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/bin/node /opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js configure --fallback-to-build --library=static_library --module=/tmp/deployment/application/node_modules/grpc/src/node/extension_binary/node-v64-linux-x64-glibc/grpc_node.node --module_name=grpc_node --module_path=/tmp/deployment/application/node_modules/grpc/src/node/extension_binary/node-v64-linux-x64-glibc --napi_version=3 --node_abi_napi=napi --napi_build_version=0 --node_napi_label=node-v64' (1)
  node-pre-gyp ERR! stack     at ChildProcess.<anonymous> (/tmp/deployment/application/node_modules/grpc/node_modules/node-pre-gyp/lib/util/compile.js:83:29)
  node-pre-gyp ERR! stack     at ChildProcess.emit (events.js:182:13)
  node-pre-gyp ERR! stack     at maybeClose (internal/child_process.js:962:16)
  node-pre-gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:251:5)
  node-pre-gyp ERR! System Linux 4.14.77-69.57.amzn1.x86_64
  node-pre-gyp ERR! command "/opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/bin/node" "/tmp/deployment/application/node_modules/grpc/node_modules/.bin/node-pre-gyp" "install" "--fallback-to-build" "--library=static_library"
  node-pre-gyp ERR! cwd /tmp/deployment/application/node_modules/grpc
  node-pre-gyp ERR! node -v v10.13.0
  node-pre-gyp ERR! node-pre-gyp -v v0.12.0
  node-pre-gyp ERR! not ok 
  Failed to execute '/opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/bin/node /opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js configure --fallback-to-build --library=static_library --module=/tmp/deployment/application/node_modules/grpc/src/node/extension_binary/node-v64-linux-x64-glibc/grpc_node.node --module_name=grpc_node --module_path=/tmp/deployment/application/node_modules/grpc/src/node/extension_binary/node-v64-linux-x64-glibc --napi_version=3 --node_abi_napi=napi --napi_build_version=0 --node_napi_label=node-v64' (1)
  npm ERR! code ELIFECYCLE
  npm ERR! errno 1
  npm ERR! grpc@1.16.1 install: `node-pre-gyp install --fallback-to-build --library=static_library`
  npm ERR! Exit status 1
  npm ERR! 
  npm ERR! Failed at the grpc@1.16.1 install script.
  npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

  npm ERR! A complete log of this run can be found in:
  npm ERR!     /tmp/.npm/_logs/2018-12-31T19_09_33_684Z-debug.log
  Not using a reverse proxy
  Running npm install:  /opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/bin/npm
  Setting npm config jobs to 1
  npm config jobs set to 1
  Running npm with --production flag
  Failed to run npm install. Snapshot logs for more details.
  UTC 2018/12/31 19:09:33 cannot find application npm debug log at /tmp/deployment/application/npm-debug.log 

  Traceback (most recent call last):
    File "/opt/elasticbeanstalk/containerfiles/ebnode.py", line 695, in <module>
      main()
    File "/opt/elasticbeanstalk/containerfiles/ebnode.py", line 677, in main
      node_version_manager.run_npm_install(options.app_path)
    File "/opt/elasticbeanstalk/containerfiles/ebnode.py", line 136, in run_npm_install
      self.npm_install(bin_path, self.config_manager.get_container_config('app_staging_dir'))
    File "/opt/elasticbeanstalk/containerfiles/ebnode.py", line 180, in npm_install
      raise e
  subprocess.CalledProcessError: Command '['/opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/bin/npm', '--production', 'install']' returned non-zero exit status 1 (Executor::NonZeroExitStatus)


[2018-12-31T19:09:33.710Z] ERROR [18640] : Command CMD-ConfigDeploy failed!
[2018-12-31T19:09:33.711Z] INFO  [18640] : Command processor returning results: 
{"status":"FAILURE","api_version":"1.0","results":[{"status":"FAILURE","msg":"(TRUNCATED)...opt/elasticbeanstalk/containerfiles/ebnode.py\", line 180, in npm_install\n    raise e\nsubprocess.CalledProcessError: Command '['/opt/elasticbeanstalk/node-install/node-v10.13.0-linux-x64/bin/npm', '--production', 'install']' returned non-zero exit status 1. \nHook /opt/elasticbeanstalk/hooks/configdeploy/pre/50npm.sh failed. For more detail, check /var/log/eb-activity.log using console or EB CLI","returncode":1,"events":[{"msg":"Failed to run npm install. Snapshot logs for more details.","severity":"ERROR","timestamp":1546283373711}]}],"truncated":"true"}
[2018-12-31T19:19:07.253Z] DEBUG [19138] : Reading config file: /etc/elasticbeanstalk/.aws-eb-stack.properties
[2018-12-31T19:19:07.253Z] DEBUG [19138] : Checking if the command processor should execute...
[2018-12-31T19:19:07.255Z] DEBUG [19138] : Checking whether the command is applicable to instance (i-088e05e1a293a85a2)..
[2018-12-31T19:19:07.255Z] INFO  [19138] : Command is applicable to this instance (i-088e05e1a293a85a2)..
[2018-12-31T19:19:07.255Z] DEBUG [19138] : Checking if the received command stage is valid..
[2018-12-31T19:19:07.255Z] INFO  [19138] : No stage_num in command. Valid stage..
[2018-12-31T19:19:07.255Z] INFO  [19138] : Received command CMD-TailLogs: {"execution_data"=>"*", "instance_ids"=>["i-088e05e1a293a85a2"], "data"=>"f08833bc-0d30-11e9-b16c-2bf0c81d1d06", "command_name"=>"CMD-TailLogs", "api_version"=>"1.0", "resource_name"=>"AWSEBAutoScalingGroup", "request_id"=>"f08833bc-0d30-11e9-b16c-2bf0c81d1d06"}
[2018-12-31T19:19:07.255Z] INFO  [19138] : Command processor should execute command.
[2018-12-31T19:19:07.255Z] DEBUG [19138] : Storing current stage..
[2018-12-31T19:19:07.255Z] DEBUG [19138] : Stage_num does not exist. Not saving null stage. Returning..
[2018-12-31T19:19:07.255Z] DEBUG [19138] : Reading config file: /etc/elasticbeanstalk/.aws-eb-stack.properties
[2018-12-31T19:19:07.256Z] DEBUG [19138] : Retrieving metadata for key: AWS::ElasticBeanstalk::Ext||_ContainerConfigFileContent||commands..
[2018-12-31T19:19:07.256Z] DEBUG [19138] : Retrieving metadata for key: AWS::ElasticBeanstalk::Ext||_API||_Commands..
[2018-12-31T19:19:07.257Z] INFO  [19138] : Found enabled addons: ["logpublish", "logstreaming"].
[2018-12-31T19:19:07.258Z] INFO  [19138] : Updating Command definition of addon logpublish.
[2018-12-31T19:19:07.258Z] INFO  [19138] : Updating Command definition of addon logstreaming.
[2018-12-31T19:19:07.258Z] DEBUG [19138] : Loaded definition of Command CMD-TailLogs.
[2018-12-31T19:19:07.258Z] INFO  [19138] : Executing CMD-TailLogs
[2018-12-31T19:19:07.259Z] INFO  [19138] : Executing command: CMD-TailLogs...
[2018-12-31T19:19:07.259Z] INFO  [19138] : Executing command CMD-TailLogs activities...
[2018-12-31T19:19:07.259Z] DEBUG [19138] : Setting environment variables..
[2018-12-31T19:19:07.259Z] INFO  [19138] : Running AddonsBefore for command CMD-TailLogs...
[2018-12-31T19:19:07.259Z] DEBUG [19138] : Running stages of Command CMD-TailLogs from stage 0 to stage 0...
[2018-12-31T19:19:07.259Z] INFO  [19138] : Running stage 0 of command CMD-TailLogs...
[2018-12-31T19:19:07.259Z] DEBUG [19138] : Loaded 1 actions for stage 0.
[2018-12-31T19:19:07.259Z] INFO  [19138] : Running 1 of 1 actions: TailLogs...

Would greatly appreciate if anyone knows a fix for this.

AWS Elastic Beanstalk has finally deployed my application but still has the permission denied from accessing tmp file

Error: EACCES: permission denied, open '/tmp/firebaseadminsdk.json'

Followed exactly the documentation from AWS on storing Private Keys Securely in AWS S3.

Proceeded to create a S3 bucket without changing any permission during the creation. Bucket -> Permission -> Access Control List, checked if the canonical ID matches my IAM account and allow read access. The bucket still doesn't want to be read which I had to go into bucket policy and create a new policy using AWS Policy Generator.

Referenced from this Elastic Beanstalk S3 access via ebextensions.

Also had issues with node-gyp fails due to permission denied which I followed this https://stackoverflow.com/a/46001517/10638194.

I have also added 2 more .ebextensions which I feel one might not be needed

00_dir_permission.config

files:
  "/opt/elasticbeanstalk/hooks/appdeploy/pre/00_set_tmp_permissions.sh":
    mode: "000755"
    owner: root
    group: root
    content: |
      #!/usr/bin/env bash
      chown -R ec2-user /tmp
      chown -R $USER:$(id -gn $USER) /tmp/.config
      chown -R nodejs:nodejs /tmp/.npm

00_change_npm_permissions.config

files:
  "/opt/elasticbeanstalk/hooks/appdeploy/post/00_set_tmp_permissions.sh":
    mode: "000755"
    owner: root
    group: root
    content: |
      #!/usr/bin/env bash
      chown -R nodejs:nodejs /tmp/.npm

For the second config file I changed the path from /tmp/npm. to just /tmp/ which was the file that finally allowed my application to deploy but it looks like the same as the first config file, only difference being one is before deployment while the other is after deployment.

tngrj
  • 141
  • 3
  • 14
  • Is this key to be used as a signer for something? Do you have the option to use a path to a file instead? If so, it would be much easier to securely download a file through an elastic beanstalk configuration file instead. – littleforest Dec 31 '18 at 19:30
  • The key is used for Firebase Admin SDK, it was a .json file but since it was possible to just use 3 of the main info (out of the .json file) to initialise it, I decided to remove it completely. In localhost im using .env to keep the keys in it but since I can't commit that I was going to pass that through aws env variable. How would I go about using the path to the file? Do I keep the .json file in S3 and then call it? – tngrj Dec 31 '18 at 19:57

1 Answers1

3

Here is an example of securely downloading a .json file from S3 to your Elastic Beanstalk server. See the AWS documentation for reference. If you use your default elastic beanstalk bucket like in the AWS example, you don't need to worry about setting up permissions on the S3 bucket.

Here is the documentation for the file and container_commands directives. In this example, you are downloading the firebase config file to the /etc/pki/tls/certs/ directory. You can modify this location as needed.

# .ebextensions/firebase.config

# Make sure to update the bucket policy on the S3 bucket to
# allow access by the aws-elasticbeanstalk-ec2-role
Resources:
  AWSEBAutoScalingGroup:
    Metadata:
     AWS::CloudFormation::Authentication:
        S3Auth:
          type: "s3"
          buckets: ["my-bucket"]
          roleName:
            "Fn::GetOptionSetting":
              Namespace: "aws:autoscaling:launchconfiguration"
              OptionName: "IamInstanceProfile"
              DefaultValue: "aws-elasticbeanstalk-ec2-role"

 files:
   "/etc/pki/tls/certs/firebaseadminsdk.json":
      mode: "000400"
      owner: nodejs
      group: nodejs
      authentication: "S3Auth"
      source: https://s3-us-west-1.amazonaws.com/my-bucket/firebase-adminsdk-abcde-fghijklmn.json
littleforest
  • 2,057
  • 21
  • 29
  • 1
    Hi thanks for your reply! Been messing around with .ebextensions for a while and tried to do what u shown above without the container commands so the .json file would be in the /tmp/firebaseadminsdk.json path. Been throwing `Error: EACCES: permission denied, open '/tmp/firebaseadminsdk.json'` which im not sure what could be the issue now. – tngrj Jan 01 '19 at 18:01
  • 1
    Did you set up the permissions on the S3 bucket so that the aws-elasticbeanstalk-ec2-role has access to it? Though that error sounds like it might be an issue with permissions on the tmp directory. – littleforest Jan 01 '19 at 20:28
  • Yes I did. I had to edit the bucket policy too which I didn’t expected to need to for my environment to be able to access the bucket. Should be the permission issue on the tmp directory. Will take a look around again to find a solution – tngrj Jan 02 '19 at 00:01
  • I added more info into the main question – tngrj Jan 02 '19 at 02:20
  • 1
    Your `/tmp` directory should be accessible to everyone, so it doesn't seem like those two additional config files should be needed. Did you do any other architecture changes directly on the server? I'm wondering if you should revert your code to the Sample Application (or to a version prior to the latest two config files you added) and then terminate your server, and have it launch a new one. Then ssh in and check out the `/tmp` directory to see what kind of permissions it has. – littleforest Jan 02 '19 at 15:42
  • Hi so sorry to take this long to reply. I tried adding the container commands to move it into the .certificates folder but its now showing another error `Error: Cannot find module '.certificates/firebaseadminsdk.json'`. Not sure how do I go about installing that folder – tngrj Jan 22 '19 at 01:19
  • 2
    Were you able to successfully download the file from S3 into the `/tmp` directory? – littleforest Jan 22 '19 at 05:11
  • To be honest I couldn't ssh into my instance. Added a key pair into the config inside my instance in elastic bean and the health went to severe. So I'm unable to check if it did download it in – tngrj Jan 22 '19 at 08:01
  • 1
    Do you still have the Sample Application? I would revert your application to that if you can, set the key pair through the Elastic Beanstalk console, and see if you can ssh in. I work on Rails apps, so I can't help you with anything Node.js specific. – littleforest Jan 22 '19 at 16:06
  • 1
    Thanks for the help. I finally solved the issue and edited your answer to how I solved it. Changed the directory to /etc/pki/tls/certs/ as per the documentation and the owner and group to nodejs as when I did `cat /etc/ passwd` to listed the permission of all the users inside the system nodejs had a nologin tagged to it which might be causing the issue. – tngrj Jan 23 '19 at 16:30
  • The AWS tut shows how to DL files to actual Linux Sever. But - is it just assumed the application code has to then read in the file itself? – user2402616 Jul 16 '21 at 13:49
  • Yes, the application then has to read in the file. – littleforest Jul 16 '21 at 14:47
  • FYI, when I tried the `nodejs` user, I got an error that it was not a valid user. I changed the owner and group to `webapp`, and that worked. My case was that I had no problem getting the file from S3, but was getting permission issues trying to use he file in node. – mrshickadance Apr 30 '23 at 01:22