Deploying from behind a company firewall

[ge-vlad-romanov]

Describe the bug
When using the deployer from behind a company firewall, there are timeouts coming back from the AWS SDK S3 uploader, such as this:
Error uploading file: undefined NetworkingError: connect ETIMEDOUT 223.255.255.255:443

(the extra ETIMEDOUT message was as a result of me editing line 60 in uploader.js locally to include ${item} in the console output).

Are there extra proxy-related or SSL certificate related parameters/env vars that have to be set? All the usual HTTP_PROXY etc vars are set.

Screenshots
Here is the full output:

Generating ES5 bundles for differential loading...
ES5 bundle generation complete.

chunk {2} polyfills-es2015.6add0b345a094d8b0a10.js (polyfills) 36.1 kB [initial] [rendered]
chunk {3} polyfills-es5.6638f72b6c535c999f48.js (polyfills-es5) 129 kB [initial] [rendered]
chunk {1} main-es2015.0c7762b3c0bda4e97e6f.js (main) 122 kB [initial] [rendered]
chunk {1} main-es5.0c7762b3c0bda4e97e6f.js (main) 147 kB [initial] [rendered]
chunk {0} runtime-es2015.c9afb3256f2870e161de.js (runtime) 1.45 kB [entry] [rendered]
chunk {0} runtime-es5.c9afb3256f2870e161de.js (runtime) 1.45 kB [entry] [rendered]
chunk {4} styles.09e2c710755c8867a460.css (styles) 0 bytes [initial] [rendered]
Date: 2020-04-21T15:17:56.164Z - Hash: 2a974f7786c53293ca7d - Time: 11456ms
✔ Build Completed
Start uploading files...
Error uploading file: undefined
Error uploading file: undefined
Error uploading file: undefined
Error uploading file: undefined
Error uploading file: undefined
Error uploading file: undefined
Error uploading file: undefined
Error uploading file: undefined
Error uploading file: undefined
Error uploading file: undefined
✔ Finished uploading files...

Additional context
I did manage to upload to my S3 bucket via the AWS CLI, but I had to turn off ssl verification there, which may be a similar problem to what I'm seeing here.

[Jefiozie]

Hi @ge-vlad-romanov, I think you have a situation where you maybe need to configure a proxy within the AWS SDK. See the explanation here. Are you able to try this and see if this will resolve your problem? If this is the case are you willing to make a PR?

[ge-vlad-romanov]

Hi @Jefiozie - thank you for getting back to me.

I can confirm that I got around the proxy issue using the code from your link.

There was another change I had to make locally to uploader.js to cater for our set-up, since we are using a non-default AWS profile with a session token. I was getting InvalidAccessKeyId: The AWS Access Key Id you provided does not exist in our records. errors when uploading the files, and I noticed that the S3 constructor had the access key id and secret access key from the NG_DEPLOY_AWS_*** env vars, but not my session token (understandably so!). I manually set the sessionToken property on the const s3 = new S3({}) constructor and everything uploaded without problem to S3.

Sorry for the slightly long-winded and verbose explanation :D I guess the simple solution could be support for a NG_DEPLOY_AWS_SESSION_TOKEN env variable that can be passed to the S3 constructor, e.g.

const s3 = new AWS.S3({
  apiVersion: 'latest',
  secretAccessKey: getSecretAccessKey(options),
  accessKeyId: getAccessKeyId(options),
  sessionToken: getSessionToken(options),    
});

where getSessionToken() returns a session token if it exists in the environment, or null as it currently does. The question is if this suits your vision of how the deploy builder should operate though, as I realise our set-up is potentially a bit different from the 'default' one.