aws-samples / service-catalog-engine-for-terraform-os

Apache License 2.0
135 stars 41 forks source link

Have you seen an issue with retrieving a canonical_user_id? #92

Closed anthony-esper-allspring closed 3 months ago

anthony-esper-allspring commented 3 months ago

Error: listing S3 Buckets: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: JCHBR1FX14VY71NC, HostID: lL56Fzb/EjALMeuz8zwc7zC9lMxHSPoGz5GPcMapRXoo8KlSA94SH9yRzqxKvXkDvBlCXOlN+Xc=, api error AccessDenied: Access Denied with module.s3_bucket_for_logs.data.aws_canonical_user_id.this[0], on .terraform/modules/s3_bucket_for_logs/main.tf line 3, in data "aws_canonical_user_id" "this": 3: data "aws_canonical_user_id" "this" { failed to run commands: exit status 1,

Hello,

My install is working fine but I am having an error when a TF module is performing a lookup of the canonical user id - have you seen this? The role which I am using for my launch constraint has all actions allowed for s3.

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/canonical_user_id https://registry.terraform.io/modules/terraform-aws-modules/s3-bucket/aws/latest

module "s3_bucket_for_logs" { source = "terraform-aws-modules/s3-bucket/aws"

bucket = "${local.name}-${local.env}-alb-logs-${random_integer.bucket.result}" acl = "log-delivery-write"

force_destroy = true

control_object_ownership = true object_ownership = "ObjectWriter"

attach_elb_log_delivery_policy = true # Required for ALB logs attach_lb_log_delivery_policy = true # Required for ALB/NLB logs }

Any idea?

anthony-esper-allspring commented 3 months ago

Nevermind, I messed up the launch role by selecting the local role rather then the external role for the account that was provisioned to.