search

aws-samples / amazon-chime-sdk-click-to-call

MIT No Attribution
24 stars 14 forks source link

Deployment error - ForbiddenException: Access Denied for LogDestination #128

Closed yapweiyih closed 6 months ago

yapweiyih commented 7 months ago

Describe the issue

Received error during deployment.

Steps to Reproduce

git clone https://github.com/aws-samples/amazon-chime-sdk-click-to-call.git
yarn launch

Current behavior

Received the following error deployment from resoruce VoiceConnectorpstnVoiceConnectorvoiceConnectorRequestpstnCustomResource27AF2C83.

Error log:

Received response status [FAILED] from custom resource. Message returned: ForbiddenException: Access Denied for LogDestination: /aws/ChimeVoiceConnectorSipMessages/b8jeooounm1hpuaa209rfg. Please check LogDestination permission (Service: AWSIngestionHub; Status Code: 400; Error Code: LogDestinationPermissionIssueException; Request ID: 24f571c2-59cf-4ee6-aea1-8f733b34cc13; Proxy: null) at de_ForbiddenExceptionRes (/var/task/index.js:21238:25) at de_CommandError (/var/task/index.js:21150:23) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async /var/task/index.js:4649:24 at async /var/task/index.js:2926:22 at async /var/task/index.js:8277:53 at async /var/task/index.js:468:27 at async putLogging (/var/task/index.js:35589:5) at async CreateVoiceConnector (/var/task/index.js:35364:5) at async handler (/var/task/index.js:35926:27) (RequestId: 2a9b9f3f-baa5-40fd-a76f-95b023464947)

AWS SDK version used

➜  amazon-chime-sdk-click-to-call git:(main) yarn list --pattern aws-sdk

yarn list v1.22.19
warning package.json: License should be a valid SPDX license expression
warning amazon-chime-sdk-click-to-call@0.0.0: License should be a valid SPDX license expression
├─ @aws-sdk/client-chime-sdk-identity@3.511.0
├─ @aws-sdk/client-chime-sdk-media-pipelines@3.511.0
├─ @aws-sdk/client-chime-sdk-meetings@3.511.0
├─ @aws-sdk/client-chime-sdk-messaging@3.511.0
├─ @aws-sdk/client-chime-sdk-voice@3.511.0
├─ @aws-sdk/client-kinesis-video@3.511.0
├─ @aws-sdk/client-ssm@3.511.0
├─ @aws-sdk/client-sso-oidc@3.511.0
├─ @aws-sdk/client-sso@3.511.0
├─ @aws-sdk/client-sts@3.511.0
├─ @aws-sdk/core@3.511.0
├─ @aws-sdk/credential-provider-env@3.511.0
├─ @aws-sdk/credential-provider-http@3.511.0
├─ @aws-sdk/credential-provider-ini@3.511.0
├─ @aws-sdk/credential-provider-node@3.511.0
├─ @aws-sdk/credential-provider-process@3.511.0
├─ @aws-sdk/credential-provider-sso@3.511.0
├─ @aws-sdk/credential-provider-web-identity@3.511.0
├─ @aws-sdk/middleware-host-header@3.511.0
├─ @aws-sdk/middleware-logger@3.511.0
├─ @aws-sdk/middleware-recursion-detection@3.511.0
├─ @aws-sdk/middleware-signing@3.511.0
├─ @aws-sdk/middleware-user-agent@3.511.0
├─ @aws-sdk/region-config-resolver@3.511.0
├─ @aws-sdk/token-providers@3.511.0
├─ @aws-sdk/types@3.511.0
├─ @aws-sdk/util-endpoints@3.511.0
├─ @aws-sdk/util-locate-window@3.495.0
├─ @aws-sdk/util-user-agent-browser@3.511.0
├─ @aws-sdk/util-user-agent-node@3.511.0
├─ @aws-sdk/util-utf8-browser@3.259.0
└─ aws-sdk@2.1555.0

Operating System and version

Macos Sonoma 14.3.1

arunwij commented 6 months ago

Got the same issue

schuettc commented 6 months ago

Have removed configuration of logging for the VC during deployment. You should be able to add logging back after it's deployed.

https://github.com/aws-samples/amazon-chime-sdk-click-to-call/commit/20351d09d10b56024dc9d280401ee8d47b8fb03a

arunwij commented 6 months ago

That worked! Thank you