search

aws-samples / aws-cudos-framework-deployment

Command Line Interface tool for Cloud Intelligence Dashboards deployment
https://catalog.workshops.aws/awscid
MIT No Attribution
400 stars 158 forks source link

v0.3.3 is broken: Layers for new releases are not published (403: Forbidden / AccessDeniedException) #801

Closed benbridts closed 5 months ago

benbridts commented 5 months ago

When using the latest version of the template (https://aws-managed-cost-intelligence-dashboards.s3.amazonaws.com/cfn/cid-cfn.yml), the stack fails to deploy with an Error on CidResourceLambdaLayer:

Resource handler returned message: "Your access has been denied by S3, please make sure your request credentials have permission to GetObject for aws-managed-cost-intelligence-dashboards-eu-west-1/cid-resource-lambda-layer/cid-0.3.3.zip. S3 Error Code: AccessDenied. S3 Error Message: Access Denied (Service: AWSLambdaInternal; Status Code: 403; Error Code: AccessDeniedException; Request ID: afd6441e-ec28-4e5f-ae5e-9b07dd142eca; Proxy: null)" (RequestToken: 6518417a-61ff-c0dc-4c4a-e2b457a7ce7f, HandlerErrorCode: GeneralServiceException)

When I try to download the S3 file I do indeed get an access denied:

~$ aws s3 cp s3://aws-managed-cost-intelligence-dashboards-eu-west-1/cid-resource-lambda-layer/cid-0.3.2.zip . --no-sign-request
download: s3://aws-managed-cost-intelligence-dashboards-eu-west-1/cid-resource-lambda-layer/cid-0.3.2.zip to ./cid-0.3.2.zip

~$ aws s3 cp s3://aws-managed-cost-intelligence-dashboards-eu-west-1/cid-resource-lambda-layer/cid-0.3.3.zip . --no-sign-request
fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden

This seems to be because the upload script fails, without failing the action:

see https://github.com/aws-samples/aws-cudos-framework-deployment/actions/runs/8829933297/job/24242012051

Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/home/runner/work/aws-cudos-framework-deployment/aws-cudos-framework-deployment/cid/__init__.py", line 3, in <module>
    __import__('pkg_resources').declare_namespace(__name__)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^
ModuleNotFoundError: No module named 'pkg_resources'
cat: cid-.hash: No such file or directory

The actuall failure is probably here: https://github.com/aws-samples/aws-cudos-framework-deployment/blob/main/assets/build_lambda_layer.sh#L3

Adding this to the top of all .sh files will at least surface this error in the github actions (see https://sipb.mit.edu/doc/safe-shell/):

set -euf -o pipefail
iakov-aws commented 5 months ago

please can you retry? There was a release pipeline in progress

iakov-aws commented 5 months ago

Great suggestion and analysis. Will look into it thanks!

iakov-aws commented 5 months ago

this works now from any acc.

aws s3 cp s3://aws-managed-cost-intelligence-dashboards-eu-west-1/cid-resource-lambda-layer/cid-0.3.3.zip .

Will close the issue. Thanks for suggestions on pipeline

benbridts commented 5 months ago

Works for me too, thanks!