Error: Your query returned no results when deploying ECS deploy runner to new account.
A customer asked: > I'm provisioning a new AWS account to add to our deployed Reference Architecture. I'm currently working on setting up the ECS deploy runner in our new account. Everything is applied except for the ECS deploy runner and Bastion host, but I'm currently getting this error: ``` ╷ │ Error: Your query returned no results. Please change your search criteria and try again. │ │ with module.ec2_baseline.data.aws_ami.existing[0], │ on ../../base/ec2-baseline/main.tf line 262, in data "aws_ami" "existing": │ 262: data "aws_ami" "existing" { │ ╵ ``` How can I resolve this error?
You need to ensure the AMIs are shared with the new account, as well as the KMS key. This is managed through packer at AMI build time. If you followed the steps in the guide, then the KMS key should already be accessible by the new account when you applied account-baseline in the shared account, so the last step is to update each of the build_*.sh scripts in the shared/REGION/_regional/amis folder to include the new account ID in the ami_account_ids list: https://github.com/gruntwork-io/terraform-aws-service-catalog/blob/master/examples/for-production/infrastructure-live/shared/us-west-2/_regional/amis/build_bastion_host.sh#L28 Once the script is updated, you have two options for rolling this out: • Force packer to build a new version of the ami by updating the version_tag flag in each of the scripts, here: https://github.com/gruntwork-io/terraform-aws-service-catalog/blob/master/examples/for-production/infrastructure-live/shared/us-west-2/_regional/amis/build_bastion_host.sh#L76. For example, you can update this to --var version_tag="$PACKER_TEMPLATE_REPO_REF".1. Note that you will need to update the module references to use that version in the ami filter (e.g., for ecs-deploy-runner, you will need to update https://github.com/gruntwork-io/terraform-aws-service-catalog/blob/master/examples/for-production/infrastructure-live/_envcommon/mgmt/ecs-deploy-runner.hcl#L205 to be values = ["ecs-deploy-runner-worker-v0.82.0.1-*"]). • Manually update the existing AMIs by using the AWS web console or AWS cli to share the AMI with the new account. Refer to https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-explicit.html for the instructions on how to do this. Note that you will still want to update the script even if you opt for the manual update approach, since you want to make sure that new AMIs you build (e.g., if you want to update to the latest service catalog version) will share with the new account.