Followed documentation to setup AWS ServiceCatalog terraform reference architecture in my AWS account, where spoke account and hub account reside in the same region of the AWS account.
For end user setup i followed steps mentioned here
End user is able to see the products and provision the listed products. Even though product (for example s3) gets provisioned (can be seen through console by Admin user) but on service catalog console end user gets an error "Custom Resource failed to stabilize in expected time".
Error log collected from "terraformarchitecture-singleaccount-t-outputstore-<>" bucket is attached below
`
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/sc_terraform_wrapper/main.py", line 240, in main
run(cleanups, args, args.request, config, s3, response_poster)
File "/usr/local/lib/python3.7/site-packages/sc_terraform_wrapper/main.py", line 216, in run
state_file_location=state_file_location)
File "/usr/local/lib/python3.7/site-packages/sc_terraform_wrapper/response_poster.py", line 39, in post_response_with_expiration_check
state_file_location=state_file_location, reason=reason)
File "/usr/local/lib/python3.7/site-packages/sc_terraform_wrapper/response_poster.py", line 44, in _post_response
output_url = self.create_proxy_object()
File "/usr/local/lib/python3.7/site-packages/sc_terraform_wrapper/response_poster.py", line 80, in create_proxy_object
WebsiteRedirectLocation=presigned_url
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 314, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 612, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/bin/sc-terraform-wrapper", line 11, in
sys.exit(main())
File "/usr/local/lib/python3.7/site-packages/sc_terraform_wrapper/main.py", line 243, in main
response_poster.post_response_with_expiration_check('FAILED', reason=msg)
File "/usr/local/lib/python3.7/site-packages/sc_terraform_wrapper/response_poster.py", line 39, in post_response_with_expiration_check
state_file_location=state_file_location, reason=reason)
File "/usr/local/lib/python3.7/site-packages/sc_terraform_wrapper/response_poster.py", line 44, in _post_response
output_url = self.create_proxy_object()
File "/usr/local/lib/python3.7/site-packages/sc_terraform_wrapper/response_poster.py", line 80, in create_proxy_object
WebsiteRedirectLocation=presigned_url
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 314, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 612, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
`
Note: After looking at the error I did try again by giving all permissions to all the user but no luck.
It would be great if someone could help in what is the expected permissions or if I have overlooked some crucial step because of which i am getting this error.
chapmancl
commented
4 years ago
Followed documentation to setup AWS ServiceCatalog terraform reference architecture in my AWS account, where spoke account and hub account reside in the same region of the AWS account. For end user setup i followed steps mentioned here
End user is able to see the products and provision the listed products. Even though product (for example s3) gets provisioned (can be seen through console by Admin user) but on service catalog console end user gets an error "Custom Resource failed to stabilize in expected time".
Error log collected from "terraformarchitecture-singleaccount-t-outputstore-<>" bucket is attached below ` Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/sc_terraform_wrapper/main.py", line 240, in main run(cleanups, args, args.request, config, s3, response_poster) File "/usr/local/lib/python3.7/site-packages/sc_terraform_wrapper/main.py", line 216, in run state_file_location=state_file_location) File "/usr/local/lib/python3.7/site-packages/sc_terraform_wrapper/response_poster.py", line 39, in post_response_with_expiration_check state_file_location=state_file_location, reason=reason) File "/usr/local/lib/python3.7/site-packages/sc_terraform_wrapper/response_poster.py", line 44, in _post_response output_url = self.create_proxy_object() File "/usr/local/lib/python3.7/site-packages/sc_terraform_wrapper/response_poster.py", line 80, in create_proxy_object WebsiteRedirectLocation=presigned_url File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 314, in _api_call return self._make_api_call(operation_name, kwargs) File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 612, in _make_api_call raise error_class(parsed_response, operation_name) botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "/usr/local/bin/sc-terraform-wrapper", line 11, in
sys.exit(main())
File "/usr/local/lib/python3.7/site-packages/sc_terraform_wrapper/main.py", line 243, in main
response_poster.post_response_with_expiration_check('FAILED', reason=msg)
File "/usr/local/lib/python3.7/site-packages/sc_terraform_wrapper/response_poster.py", line 39, in post_response_with_expiration_check
state_file_location=state_file_location, reason=reason)
File "/usr/local/lib/python3.7/site-packages/sc_terraform_wrapper/response_poster.py", line 44, in _post_response
output_url = self.create_proxy_object()
File "/usr/local/lib/python3.7/site-packages/sc_terraform_wrapper/response_poster.py", line 80, in create_proxy_object
WebsiteRedirectLocation=presigned_url
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 314, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 612, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
`
Note: After looking at the error I did try again by giving all permissions to all the user but no luck.
It would be great if someone could help in what is the expected permissions or if I have overlooked some crucial step because of which i am getting this error.