Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Newbie issue with IAMs - could be related to other bugs #1621

Open
springcoil opened this issue Sep 25, 2018 · 1 comment
Open

Newbie issue with IAMs - could be related to other bugs #1621

springcoil opened this issue Sep 25, 2018 · 1 comment

Comments

@springcoil
Copy link

Context

I get the following error.

Error: Failed to manage IAM roles!
You may lack the necessary AWS permissions to automatically manage a Zappa execution role.
To fix this, see here: https://github.com/Miserlou/Zappa#using-custom-aws-iam-roles-and-policies```

It works with my default AWS profile, but not the following. 

```{
    "dev": {
        "profile_name": "springcoil",
        "project_name": "weather_london",
        "s3_bucket": "zappa-abcdefg123",
        "events": [{
           "function": "tweet.check_time_and_post",
           "expression": "cron(30 * * * ? *)"
        }],
        "environment_variables": {
            "DS_KEY": "...",
            "TW_CONSUMERKEY": "...",
            "TW_CONSUMERKEYSECRET": "...",
            "TW_ACCESSTOKEN": "...",
            "TW_ACCESSTOKENSECRET": "...",
            "DWX_LATITUDE": "...",
            "DWX_LONGITUDE": "...",
            "DWX_TZ": "Europe/London"
        }
    }
}   ```

<!--- Provide a more detailed introduction to the issue itself, and why you consider it to be a bug -->
<!--- Also, please make sure that you are running Zappa _from a virtual environment_ and are using Python 2.7/3.6 -->

## Expected Behavior
I changed the IAM roles etc as described in https://github.com/Miserlou/Zappa/issues/244 but found it didn't work.
## Actual Behavior
<!--- Tell us what happens instead -->

## Possible Fix
<!--- Not obligatory, but suggest a fix or reason for the bug -->

## Steps to Reproduce
<!--- Provide a link to a live example, or an unambiguous set of steps to -->
<!--- reproduce this bug include code to reproduce, if relevant -->
1.
2.
3.

## Your Environment
<!--- Include as many relevant details about the environment you experienced the bug in -->
* Zappa version used:
* Operating System and Python version: MacOSX and python 3.6
* The output of `pip freeze`:
```argcomplete==1.9.3
base58==1.0.0
boto3==1.9.10
botocore==1.12.10
certifi==2018.8.24
cfn-flip==1.0.3
chardet==3.0.4
click==6.7
docutils==0.14
durationpy==0.5
future==0.16.0
hjson==3.0.1
idna==2.5
jmespath==0.9.3
kappa==0.6.0
lambda-packages==0.20.0
oauthlib==2.1.0
placebo==0.8.2
PySocks==1.6.8
python-dateutil==2.6.1
python-slugify==1.2.4
pytz==2017.2
PyYAML==3.12
requests==2.18.2
requests-oauthlib==1.0.0
s3transfer==0.1.13
six==1.11.0
toml==0.9.6
tqdm==4.19.1
troposphere==2.3.3
tweepy==3.6.0
Unidecode==1.0.22
urllib3==1.22
Werkzeug==0.14.1
wsgi-request-logger==0.4.6
zappa==0.46.2```

* Link to your project (optional):
* Your `zappa_settings.py`: 

My iam policy - 
```{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iam:GetRole",
                "iam:PutRolePolicy"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:PassRole"
            ],
            "Resource": [
                "arn:aws:iam::126227402951:role/ZappaLambdaExecution"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "apigateway:DELETE",
                "apigateway:GET",
                "apigateway:PATCH",
                "apigateway:POST",
                "apigateway:PUT",
                "events:DeleteRule",
                "events:DescribeRule",
                "events:ListRules",
                "events:ListTargetsByRule",
                "events:PutRule",
                "events:PutTargets",
                "events:RemoveTargets",
                "lambda:AddPermission",
                "lambda:CreateFunction",
                "lambda:DeleteFunction",
                "lambda:GetFunction",
                "lambda:GetPolicy",
                "lambda:ListVersionsByFunction",
                "lambda:RemovePermission",
                "lambda:UpdateFunctionCode",
                "lambda:UpdateFunctionConfiguration",
                "cloudformation:CreateStack",
                "cloudformation:DeleteStack",
                "cloudformation:DescribeStackResource",
                "cloudformation:DescribeStacks",
                "cloudformation:ListStackResources",
                "cloudformation:UpdateStack",
                "logs:DescribeLogStreams",
                "logs:FilterLogEvents"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::zappa-abcdefg123"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:PutObject",
                "s3:CreateMultipartUpload",
                "s3:AbortMultipartUpload",
                "s3:ListMultipartUploadParts",
                "s3:ListBucketMultipartUploads"
            ],
            "Resource": [
                "arn:aws:s3:::zappa-abcdefg123/*"
            ]
        }
    ]
}``` 
@springcoil
Copy link
Author

I believe #244 might be related but I tried those fixes to no avail.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant