Couldn't Download Artifact From bucket

[JhonathanOrtiz]

Hi all.

I've successfully installed TRE following the instructions but I'm facing a problem while trying to launch the product.

Brief context, I've created a terraform file that set up a SageMaker domain I tested the configuration locally and it's working. Take in account that this is working on multi-account setup and all the changes are being reflected from mangement account to child account

Everything seems to be working as expected, but when I launch the product I get following error.

Could not download artifact S3://sc-bb8a97221778f3a88404ef6b472ecccf-us-east-2/out/31e1fb34acfe78135ae8efa7a879be72/18fb769de1b5769789b705b77b1620d1-985f42732ee0bdc5caafb73afc91eda3dd528ebd3d90279e7b53221b1f0af9a2-ec1c35936c831cd9be8702804ce713fe5e635582f06a0485b1b8e938f928a6d5-1708651327111-2ad3fd57-06f0-4731-a340-9325919e0093 using launch role <ROLE_ARN>: Failed to execute API: HeadObject with request Id: 4JG52CXYX68VVVJA: An error occurred (403) when calling the HeadObject operation: Forbidden
failed to run commands: exit status 

After reading the error, I went to S3 and that bucket doesn't exists in none of the accounts. Any help would be appreciated.

Summary.

• HeadObject operation: Forbidden
• Bucket: sc-bb8a97221778f3a88404ef6b472ecccf-us-east-2
• Bucket wasn't created by TRE deploy.
• Tested using administrator role

[gonzalezbensmol]

One question would be do you have the SCLaunch Role (IAM Roles) set up in both accounts to allow the source account to launch the product to the child account?

[JhonathanOrtiz]

Hi @gonzalezbensmol - This is now solved. There was two issues:

1. I didn't create the role on the child account. (Now is solved)
2. Role must be SCLaunch-{{ suffix }}

Thanks a lot for your help.