Stack Stuck when Creating Gitlab or Github Repo

[danielxf007]

Hello, when cloudformation is creating the repos using sdlf-cicd/template-cicd-sdlf-repositories.gitlab.yaml or sdlf-cicd/template-cicd-sdlf-repositories.github.yaml, the stack gets stuck on CREATE_IN_PROGRESS for the git resources, I've already activated gitlab and github extensions on cloudformation following the exmaple at https://github.com/aws-ia/cloudformation-gitlab-resource-providers/tree/main/GitLab-Projects-Project and https://github.com/aws-ia/cloudformation-github-resource-providers/tree/main/GitHub-Repositories-Repository, is there any additional configuration that I'm not aware of?

[cnfait]

The GitLab resource types can be a bit of a pain to use... can you try creating a simple stack with just a single GitLab project? this would make it easier to find where the issue is:

AWSTemplateFormatVersion: '2010-09-09'
Description: Shows how to create a GitLab project
Resources:
  MySampleProject:
    Type: GitLab::Projects::Project
    Properties:
      Name: my-sample-project

Let me know if you have the exact same issue with this template.

We're not completely happy with our GitLab support currently (and we consider our GitHub support not sufficiently tested yet), we're hoping to improve that later this month.

[danielxf007]

Even for that one the stack gets stucked

[cnfait]

There are several things you can check.

--

Permissions on the GitLab access token (I do not remember the names of the permissions, but something like read_api/write_api are required)

--

The IAM role used when registering the resource type on CloudFormation registry.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html

Can you check the trust relationships of this role? does it look like this?

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "resources.cloudformation.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

Usually these conditions are present too:

      "Condition": {
        "StringEquals": {
          "aws:SourceAccount": "123456789012"
        },
        "StringLike": {
          "aws:SourceArn": "arn:aws:cloudformation:us-east-1:123456789012:type/resource/Organization-Service-Resource/*"
        }

If the permissions on the role are not too broad you should try to create the stack without these conditions, check if it works, and if it does add them back one by one to understand what is causing the issue.

--

[danielxf007]

I've already tried. I followed the example at https://github.com/aws-ia/cloudformation-gitlab-resource-providers/tree/main/GitLab-Projects-Project and I created the token with all permissions and I created a role with admin access and finally I did the part of the trust relationship with the source arn, yet it keeps getting stuck on CREATE_IN_PROGRESS

[cnfait]

Honestly this sounds like some kind of networking issue between CloudFormation and your GitLab instance, I'm not sure I can easily help you.

As I said before though, we're hoping to improve our GitLab support later this month, so maybe that will help. This is quite a bit of work though, and the days go faster than I'd like.

[cristiambustos]

Hi @danielxf007, did you manage to solve this issue?