Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix repository creation permission in pipeline management #536

Merged
merged 1 commit into from
Oct 3, 2022
Merged

Fix repository creation permission in pipeline management #536

merged 1 commit into from
Oct 3, 2022

Conversation

sbkok
Copy link
Collaborator

@sbkok sbkok commented Sep 26, 2022

Why?

When a CodeCommit repository was supposed to be created, it would fail with the following error message:

An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:sts::111111111111:assumed-role/adf-global-base-deploymen-CreateRepositoryLambdaRo-GP8W3IRDCGY2/ADFPipelineCreateRepositoryFunction is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::111111111111:role/adf-automation-role
Traceback (most recent call last):
File "/var/task/create_repository.py", line 48, in lambda_handler
repo = Repo(
File "/opt/python/repo.py", line 36, in init
self.session = sts.assume_cross_account_role(
File "/opt/python/sts.py", line 24, in assume_cross_account_role
sts_response = self.client.assume_role(
File "/var/runtime/botocore/client.py", line 391, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/var/runtime/botocore/client.py", line 719, in _make_api_call
raise error_class(parsed_response, operation_name)

What?

Updated the crate repository role and create/update rule roles to include a role name. Updated the adf-automation-role assume role permissions to allow these two roles to assume into it.

By submitting this pull request, I confirm that you can use, modify, copy, and
redistribute this contribution, under the terms of your choice.

@sbkok
Fix repository creation permission in pipeline management
52d49a4 
**Why?**

When a CodeCommit repository was supposed to be created, it would fail with the
following error message:

> An error occurred (AccessDenied) when calling the AssumeRole operation:
> User: arn:aws:sts::111111111111:assumed-role/adf-global-base-deploymen-CreateRepositoryLambdaRo-GP8W3IRDCGY2/ADFPipelineCreateRepositoryFunction
> is not authorized to perform: sts:AssumeRole on resource:
> arn:aws:iam::111111111111:role/adf-automation-role
> Traceback (most recent call last):
>   File "/var/task/create_repository.py", line 48, in lambda_handler
>     repo = Repo(
>   File "/opt/python/repo.py", line 36, in __init__
>     self.session = sts.assume_cross_account_role(
>   File "/opt/python/sts.py", line 24, in assume_cross_account_role
>     sts_response = self.client.assume_role(
>   File "/var/runtime/botocore/client.py", line 391, in _api_call
>     return self._make_api_call(operation_name, kwargs)
>   File "/var/runtime/botocore/client.py", line 719, in _make_api_call
>     raise error_class(parsed_response, operation_name)

**What?**

Updated the crate repository role and create/update rule roles to include
a role name. Updated the `adf-automation-role` assume role permissions to
allow these two roles to assume into it.
@sbkok sbkok added the bug Something isn't working label Sep 26, 2022
@sbkok sbkok added this to the v3.2.0 milestone Sep 26, 2022
@StewartW StewartW merged commit 9dead09 into awslabs:master Oct 3, 2022
@sbkok sbkok deleted the fix/pipeline-generation-policies branch January 23, 2023 15:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@StewartW StewartW StewartW approved these changes

@javydekoning javydekoning javydekoning approved these changes

@thomasmcgannon thomasmcgannon Awaiting requested review from thomasmcgannon

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
v3.2.0
Development

Successfully merging this pull request may close these issues.
3 participants
@sbkok @javydekoning @StewartW