search

aws-samples / amazon-mwaa-examples

Amazon Managed Workflows for Apache Airflow (MWAA) Examples repository contains example DAGs, requirements.txt, plugins, and CloudFormation templates focused on Amazon MWAA.
MIT No Attribution
106 stars 61 forks source link

BUG: MWAA Start Stop is not able to re-add tags to environment #84

Closed jmflynn81 closed 3 months ago

jmflynn81 commented 3 months ago

When the start-stop-mwaa-environment service attempts to resume an environment which originally had a tag applied, it fails to create the environment due to a missing permission airflow:TagResource.

Steps to reproduce: Set-up an MWAA environment with tags applied. Set-up start stop service for this environment. Stop works fine. Start fails to create environment with a similar message to the following in CloudTrail...

"User: arn:aws:sts::######:assumed-role/test-mwaa-start-stop-mwaa-mwaaresumingnewenvironmen-#######/test-mwaa-start-stop-mwaa-mwaaresumingnewenvironme-NNEECId1PYKo is not authorized to perform: airflow:TagResource on resource: arn:aws:airflow:eu-west-2:######:environment/teststartstop"
crupakheti commented 3 months ago

Thank you for your PR, @jmflynn81 ! Closing the issue.