Closed awskaran closed 2 years ago
@manics please try the egress app backend deployment again, but with this change added
Sorry for the delay.... I was debugging another problem:
09:29:40 | CREATE_FAILED | Custom::EmailConfigurationSetEventDestination
| EmailConfiguration...nationProd5F0E58F0
Received response status [FAILED] from custom resource. Message returned: User:
arn:aws:sts::<AWS_ACCOUNT_ID>:assumed-role/EgressAppBackend-AWS679f53fac002430cb0da
5b7982bd22-769NXUX4VELD/EgressAppBackend-AWS679f53fac002430cb0da5b7982bd22-wIPV
RylhsDgl is not authorized to perform: ses:CreateConfigurationSetEventDestinati
on on resource: arn:aws:ses:eu-west-2:<AWS_ACCOUNT_ID>:configuration-set/egress_app
_configuration_set_Prod because no identity-based policy allows the ses:CreateC
onfigurationSetEventDestination action (RequestId: 05159908-c27e-43dd-88ab-75cf
b31786bc)
I made this change:
diff --git a/src/components/egress_app_backend/egress_backend/components/email_configuration_set_event_dest/email_configuration_set_event_dest_cr.py b/src/components/egress_app_backend/egress_backend/components/email_configuration_set_event_dest/email_configuration_set_event_dest_cr.py
index 96a1cbc..d06cfd1 100644
--- a/src/components/egress_app_backend/egress_backend/components/email_configuration_set_event_dest/email_configuration_set_event_dest_cr.py
+++ b/src/components/egress_app_backend/egress_backend/components/email_configuration_set_event_dest/email_configuration_set_event_dest_cr.py
@@ -46,6 +46,7 @@ class EmailConfigurationSetEventDestinationCustomResource(cdk.Construct):
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
+ "ses:CreateConfigurationSetEventDestination",
],
)
)
And now it's successfully deployed!
That is a strange error as we did not face it and the iam policy statement on the custom resource has the required permissions
That is strange indeed, as I tried the egress app backend deployment last night on a new AWS account with a new EC2 instance (based on the updated template with the extra IAM permissions, cheers @manics for adding those!) and I didn't encounter this error hmm
Description
Declaration : By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license