From 1110a118f8fc77965f52e1c6ae87d7f788f635c8 Mon Sep 17 00:00:00 2001 From: akash1810 Date: Thu, 19 Sep 2024 19:02:35 +0100 Subject: [PATCH] chore: Add changeset --- .changeset/popular-laws-thank.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .changeset/popular-laws-thank.md diff --git a/.changeset/popular-laws-thank.md b/.changeset/popular-laws-thank.md new file mode 100644 index 0000000000..5a41497385 --- /dev/null +++ b/.changeset/popular-laws-thank.md @@ -0,0 +1,15 @@ +--- +"@guardian/cdk": patch +--- + +fix(experimental-ec2-pattern): Create Policy first + +When deploying Prism with the `GuEc2AppExperimental` for the first time, the deployment failed with the cloud-init-output logs stating: + +```log +An error occurred (AccessDenied) when calling the DescribeTargetHealth operation: User: arn:aws:sts::000000000000:assumed-role/prism-CODE-InstanceRolePrism/i-0cee86d64de253ca4 is not authorized to perform: elasticloadbalancing:DescribeTargetHealth because no identity-based policy allows the elasticloadbalancing:DescribeTargetHealth action +``` + +This suggests the instance update was started before the policy was created. + +Make the ASG depend on the policy that grants these permissions to resolve, as CloudFormation creates dependencies first.