Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permissions issues (Support cases, S3 Objects, ECS clusters, etc) - Docker on ECS #87

Closed
dfeldstarsky opened this issue May 22, 2019 · 7 comments
Closed

Permissions issues (Support cases, S3 Objects, ECS clusters, etc) - Docker on ECS #87

dfeldstarsky opened this issue May 22, 2019 · 7 comments

Comments

@dfeldstarsky
Copy link

Hiya - love the app and dashboard. Running into some issues similar to #85 and other permissions issues.

I can't see ECS clusters, S3 object size, number of support cases, etc. I have attached your komiser policy to the ECS workspace role and most of the permissions are working!

image

Permission issues shown. 0 bucket size for s3 shown.

I am deploying on ECS Fargate, with a task definition attached.

Logs showing 500 errors:
image

Task def json:

[
    {
        "name": "komiser-task-def",
        "image": "<acc_name>.dkr.ecr.us-west-2.amazonaws.com/komiser:latest",
        "cpu": 512,
        "memory": 1024,
        "essential": true,
        "portMappings": [
            {
                "containerPort": 80,
                "hostPort": 80,
                "protocol": "tcp"
            },
            {
                "containerPort": 3000,
                "hostPort": 3000,
                "protocol": "tcp"
            }
        ],
        "logConfiguration": {
            "logDriver": "awslogs",
            "options": {
                "awslogs-group": "/aws/ecs/komiser",
                "awslogs-region": "us-west-2",
                "awslogs-stream-prefix": "komiser"
            }
        },
        "healthCheck": {
            "command": ["CMD-SHELL", "curl -f http://localhost || exit 1"],
            "interval": 30,
            "retries": 2,
            "timeout": 5
        },

        "environment": [
                    {
                        "name":"PORT",
                        "value":"80"
                    },
                    {
                        "name":"AWS_DEFAULT_REGION",
                        "value":"us-west-2"
                    }

                ],

        "mountPoints": [],
        "volumesFrom": []
    }
]
@dfeldstarsky
Copy link
Author

Seem to have the right environment variables:
image

@mlabouardy
Copy link
Collaborator

Hello @dfeldstarsky , thanks for reporting this out.

You need to add ""s3:GetBucketLocation"" permission to the IAM role :)

@mlabouardy
Copy link
Collaborator

I have updated the IAM policy with the missing permissions: https://github.com/mlabouardy/komiser/blob/master/policy.json

Let me know, if that fix your issues

@dfeldstarsky
Copy link
Author

@mlabouardy thanks so much for the quick reply + suggested fix. I applied the permissions change from your new policy and indeed I now get all the S3 metrics :).

Now the only permissions problems I see are AWS Support cases and correct ECS cluster counts. Cluster counts is still at 0 despite us having ~5. And we have 2 open AWS support cases.

Current 500 errors:
image

@mlabouardy
Copy link
Collaborator

@dfeldstarsky you can fix AWS support cases issue by using "support:*" (I have updated the IAM policy)

@mlabouardy
Copy link
Collaborator

@dfeldstarsky I was able to reproduce the issue regarding ECS clusters, I will fix that by the end of today, meanwhile, I will close this ticket, and I let you raise an issue regarding ECS if you dont mind :)

@dfeldstarsky dfeldstarsky mentioned this issue May 23, 2019
Closed
@dfeldstarsky
Copy link
Author

Done, opened a new issue 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mlabouardy @dfeldstarsky