Skip to content
This repository has been archived by the owner on Feb 5, 2024. It is now read-only.

BUG: Serverless Canary Plugin permissions aren't valid for -developer/-admin users #39

Closed
ryan-roemer opened this issue Dec 2, 2019 · 2 comments
Closed

BUG: Serverless Canary Plugin permissions aren't valid for -developer/-admin users #39

ryan-roemer opened this issue Dec 2, 2019 · 2 comments
Labels
bug Something isn't working

Comments

@ryan-roemer
Copy link
Member

Trying this:

$ STAGE=sandbox aws-vault exec FIRST.NAME-admin --no-session -- \
  yarn lambda:deploy

# ...

  Serverless Error ---------------------------------------
 
  An error occurred: CodeDeployServiceRole - API: iam:CreateRole User: arn:aws:iam::ACCOUNT:user/FIRST.NAME-admin is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::ACCOUNT:role/sls-simple-reference-sandbox-CodeDeployServiceRole-236BX48WS9ZX.

Looks like from generated resources from serverless-plugin-canary-deployments. What do we need to do to get that hooked up to our -admin role to be able to create?
@ryan-roemer ryan-roemer added the bug Something isn't working label Dec 2, 2019
@ryan-roemer ryan-roemer mentioned this issue Dec 2, 2019
Merged
@tptee
Copy link
Contributor

tptee commented Dec 2, 2019

The IAM in the canary policy looks right: https://github.com/FormidableLabs/terraform-aws-serverless/blob/master/modules/canary/policy-developer.tf#L31

Wondering if it's not getting attached to the admin role...will check!

ryan-roemer added a commit that referenced this issue Dec 3, 2019
@ryan-roemer
Misc: documentation updates + bugfixes (#36)
84dddf3 
- Add warning have to re-initialize terraform when switching stages. #35 
- Add notes and warnings about aws-vault + IAM + MFA stuff. Adds note about #38 future work
- Update `terrraform-aws-serverless` to fix deploys. Fixes #40 , #39
@ryan-roemer
Copy link
Member Author

Fixed in #36

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ryan-roemer @tptee