Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bsweger/update readme remove statementid #44

Merged
merged 2 commits into from
May 15, 2024
Merged

Bsweger/update readme remove statementid #44

merged 2 commits into from
May 15, 2024

Conversation

bsweger
Copy link
Collaborator

@bsweger bsweger commented May 15, 2024
edited
Loading

Provisioning the infrastructure for a second cloud-based hub unearthed a bug in the Pulumi code.

It was using a static value as the statement_id in the lambda function permissions. The statement_id, however, must be unique (which is why the bug didn't surface until we added a second hub).

This PR removes statement_id altogether, since it's an optional attribute (and also updates the hub onboarding piece of the README).

Ilustration of what the PR proposes to remove (note that these names are currently unique because I was testing a fix, but upon further reflection, I don't think having a StatementId provides any value here)

image

@bsweger
Remove statement_id when giving the lambda function permission to a b…
158ce6a 
…ucket

It turns out that the statement_id must be unique, so it errored when we
associated a second bucket with the lambda function. That said, statement_id
is optional, so this changeset removes it.
@bsweger
Add more detailed instructions for onboarding a hub
77f6f58
@github-actions GitHub Actions
Copy link

🍹 preview on hubverse-aws/bsweger/hubverse-aws/hubverse

Pulumi report 
Previewing update (hubverse)

View Live: https://app.pulumi.com/bsweger/hubverse-aws/hubverse/previews/c904fc28-fb2a-40b5-8e4b-cd19cce2d6d7

@ Previewing update...........

pulumi:pulumi:Stack hubverse-aws-hubverse running 
@ Previewing update.....
aws:s3:BucketV2 hubverse-assets  
@ Previewing update....
aws:s3:BucketPolicy hubverse-assets-read-bucket-policy  
aws:iam:Role hubverse-transform-model-output-role  
aws:iam:Policy hubverse-cloudwatch-write-policy  
aws:s3:Bucket hubverse-cloud  
aws:lambda:Function hubverse-transform-model-output  
aws:iam:RolePolicyAttachment hubverse-transform-model-output-cloudwatch-policy  
aws:s3:BucketPublicAccessBlock hubverse-cloud-public-access-block  
aws:s3:BucketPolicy hubverse-cloud-read-bucket-policy  
aws:iam:Role hubverse-cloud  
aws:iam:Policy hubverse-cloud-write-bucket-policy  
aws:s3:Bucket bsweger-flusight-forecast  
aws:lambda:Permission hubverse-cloud-allow  
aws:iam:RolePolicyAttachment hubverse-cloud  
aws:iam:RolePolicyAttachment hubverse-cloud-transform-model-output-lambda  
aws:s3:BucketPublicAccessBlock bsweger-flusight-forecast-public-access-block  
aws:s3:BucketNotification hubverse-cloud-create-notification  
aws:s3:BucketPolicy bsweger-flusight-forecast-read-bucket-policy  
aws:iam:Role bsweger-flusight-forecast  
aws:iam:Policy bsweger-flusight-forecast-write-bucket-policy  
aws:lambda:Permission bsweger-flusight-forecast-allow  
aws:iam:RolePolicyAttachment bsweger-flusight-forecast  
aws:iam:RolePolicyAttachment bsweger-flusight-forecast-transform-model-output-lambda  
aws:s3:BucketNotification bsweger-flusight-forecast-create-notification  
pulumi:pulumi:Stack hubverse-aws-hubverse  
Resources:
25 unchanged

bsweger
bsweger commented May 15, 2024
View reviewed changes
src/hubverse_infrastructure/hubs/iam.py
allow_bucket = aws.lambda_.Permission(
resource_name=f"{hub_name}-allow",
statement_id="AllowExecutionFromS3Bucket",
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alternately, we can retain the statement_id but make it unique by incorporating the name of the hub

@bsweger bsweger mentioned this pull request May 15, 2024
Closed
3 tasks
@bsweger bsweger merged commit 174e54b into main May 15, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthewcornell matthewcornell matthewcornell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bsweger @matthewcornell