anthony-esper-allspring
commented
1 month ago Nevermind, I messed up the launch role by selecting the local role rather then the external role for the account that was provisioned to.
Closed anthony-esper-allspring closed 1 month ago
anthony-esper-allspring
commented
1 month ago Nevermind, I messed up the launch role by selecting the local role rather then the external role for the account that was provisioned to.
Error: listing S3 Buckets: operation error S3: ListBuckets, https response error StatusCode: 403, RequestID: JCHBR1FX14VY71NC, HostID: lL56Fzb/EjALMeuz8zwc7zC9lMxHSPoGz5GPcMapRXoo8KlSA94SH9yRzqxKvXkDvBlCXOlN+Xc=, api error AccessDenied: Access Denied with module.s3_bucket_for_logs.data.aws_canonical_user_id.this[0], on .terraform/modules/s3_bucket_for_logs/main.tf line 3, in data "aws_canonical_user_id" "this": 3: data "aws_canonical_user_id" "this" { failed to run commands: exit status 1,
Hello,
My install is working fine but I am having an error when a TF module is performing a lookup of the canonical user id - have you seen this? The role which I am using for my launch constraint has all actions allowed for s3.
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/canonical_user_id https://registry.terraform.io/modules/terraform-aws-modules/s3-bucket/aws/latest
module "s3_bucket_for_logs" { source = "terraform-aws-modules/s3-bucket/aws"
bucket = "${local.name}-${local.env}-alb-logs-${random_integer.bucket.result}" acl = "log-delivery-write"
force_destroy = true
control_object_ownership = true object_ownership = "ObjectWriter"
attach_elb_log_delivery_policy = true # Required for ALB logs attach_lb_log_delivery_policy = true # Required for ALB/NLB logs }
Any idea?