User not authorized to perform the action #4
Comments
|
This happens when I've added the Volumes in my docker-compose file. I was able to deploy the stacks without the volume specification and the demo application worked fine. However I have a use case where I need to provide the EFS |
|
This is maybe temporary problem. My CloudTrail log recorded this error as "unknown error". |
|
Hi @innayatullah , thank you for reporting the issue. I've just gone through the blog walk through again and I am not able to recreate this error. If you are following through the blog, the permissions that Compose needs to stand up the sample application can be found here. If you need to add additional permissions to stand up the stack, this is where you should do it (not in the role that a CLI user uses when running Do you mind sharing the compose file you are trying to deploy? |
|
I am also experiencing the same issue i didnt touch any of the config, just simply run the tutorial to see how it is all working together. x-aws-vpc: ${AWS_VPC}
x-aws-cluster: ${AWS_ECS_CLUSTER}
x-aws-loadbalancer: ${AWS_ELB}
services:
frontend:
image: ${IMAGE_URI:-frontend}:${IMAGE_TAG:-latest}
build: ./frontend
environment:
REDIS_URL: "backend"
networks:
- demoapp
ports:
- 80:80
backend:
image: public.ecr.aws/docker/library/redis:6.2
volumes:
- redisdata:/data
networks:
- demoapp
volumes:
redisdata:
networks:
demoapp:
I have tried rerunning the pipeline by doing aws s3 cp compose-bundle.zip s3://$BUCKET_NAME/compose-bundle.zipbut no luck... it fails at the same place |
|
I dont exactly know what's happening, but here's some screenshots that I have This is the Looking for the IAM role. There are 2 Role Policy:
Below screenshot shows the EFS policy/permissions |
|
Hi @frinzekt , if you have a look in Cloudtrail do you find the failing API Call? I've just ran through the walk-through successfully and I have 2 successfully created Mount Targets.
I'm trying to find out if there is a missing permission in the ExtractBuildRole or if there is an issue else where in the deployment. (Note, be careful to sanitise any output if you do want to paste a cloudtrail response in this issue). |
|
Hi @ollypom, Thank you very much for the tutorial. I am learning heaps on it so far. I believe, I have found the cloudtrail event record I did not find it using the Resource Type filter, so I used the Event name filter Screen Shot 2022-02-24 at 7 50 02 am
I am not sure why it says |
|
Yeah I'm not sure why Using your user outside of CodePipeline / Cloudformation are you able to create Mount Targets in your account? |
|
I ended up adding the following permission policy via IAM: to the following roles: I don't know which one was effective, I can try removing one and trying to see if fails but I really don't have time, it has already been way too problematic trying to run the demo even |
|
Thanks, for me it was enough to add AmazonElasticFileSystemFullAccess to compose-pipeline-ExtractBuildRole-XX |
|
I'm encountering a similar issue. While using the AmazonElasticFileSystemFullAccess policy resolves the problem, I'm curious about the specific permission that's missing. I've tried experimenting with the elasticfilesystem:TagResource permission, but I continue to face the same error. Does anyone know which exact permission might be the key to solving this? |
I'm getting the error while applying the changeset
"User is not authorized to perform that action on the specified resource Service:Efs"
I've tried to give the permissions to DescribeNetworkInterfaceGroups to both the user in CLI as well as the ExtractBuildRole inside ComposeRolePolicy but without any luck.
Can you guys help me out in this.
The text was updated successfully, but these errors were encountered: