search

awslabs / aws-service-catalog-puppet

This is a framework where you list your AWS accounts with tags and your AWS Service Catalog products with tags or target accounts. The framework works through your lists, dedupes and spots collisions and then provisions the products into your AWS accounts for you. It handles the Portfolio sharing, its acceptance and can provision products cross account and cross region.
Apache License 2.0
76 stars 41 forks source link

IAM failure on DescribeStacks #266

Closed belialboy closed 4 years ago

belialboy commented 4 years ago

Please include a link to your expanded manifest, the full contents of your AWS CodeBuild output (see https://aws-service-catalog-puppet.readthedocs.io/en/latest/puppet/using_the_cli.html#export-puppet-pipeline-logs)

Please ensure you are using the latest version and have run a validate command on your manifest file see (https://aws-service-catalog-puppet.readthedocs.io/en/latest/puppet/validate.html)

Steps to reproduce

  1. Underpants
  2. build
  3. Profit!

Expected results

No error

Actual results

2020-03-05T17:48:50.645+00:00
Traceback (most recent call last):
2020-03-05T17:48:50.645+00:00
File "/usr/local/bin/servicecatalog-puppet", line 11, in <module>
2020-03-05T17:48:50.645+00:00
sys.exit(cli())
2020-03-05T17:48:50.645+00:00
File "/usr/local/lib/python3.7/site-packages/click/core.py", line 764, in __call__
2020-03-05T17:48:50.645+00:00
return self.main(*args, **kwargs)
2020-03-05T17:48:50.645+00:00
File "/usr/local/lib/python3.7/site-packages/click/core.py", line 717, in main
2020-03-05T17:48:50.645+00:00
rv = self.invoke(ctx)
2020-03-05T17:48:50.645+00:00
File "/usr/local/lib/python3.7/site-packages/click/core.py", line 1137, in invoke
2020-03-05T17:48:50.645+00:00
return _process_result(sub_ctx.command.invoke(sub_ctx))
2020-03-05T17:48:50.645+00:00
File "/usr/local/lib/python3.7/site-packages/click/core.py", line 956, in invoke
2020-03-05T17:48:50.645+00:00
return ctx.invoke(self.callback, **ctx.params)
2020-03-05T17:48:50.645+00:00
File "/usr/local/lib/python3.7/site-packages/click/core.py", line 555, in invoke
2020-03-05T17:48:50.645+00:00
return callback(*args, **kwargs)
2020-03-05T17:48:50.645+00:00
File "/usr/local/lib/python3.7/site-packages/servicecatalog_puppet/cli.py", line 51, in bootstrap_spoke_as
2020-03-05T17:48:50.645+00:00
core.bootstrap_spoke_as(puppet_account_id, iam_role_arns, permission_boundary)
2020-03-05T17:48:50.645+00:00
File "/usr/local/lib/python3.7/site-packages/servicecatalog_puppet/core.py", line 260, in bootstrap_spoke_as
2020-03-05T17:48:50.645+00:00
permission_boundary
2020-03-05T17:48:50.645+00:00
File "/usr/local/lib/python3.7/site-packages/servicecatalog_puppet/core.py", line 239, in _do_bootstrap_spoke
2020-03-05T17:48:50.645+00:00
cloudformation.create_or_update(**args)
2020-03-05T17:48:50.645+00:00
File "/usr/local/lib/python3.7/site-packages/betterboto/cloudformation.py", line 38, in create_or_update
2020-03-05T17:48:50.645+00:00
raise e
2020-03-05T17:48:50.645+00:00
File "/usr/local/lib/python3.7/site-packages/betterboto/cloudformation.py", line 33, in create_or_update
2020-03-05T17:48:50.645+00:00
StackName=stack_name
2020-03-05T17:48:50.645+00:00
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 316, in _api_call
2020-03-05T17:48:50.645+00:00
return self._make_api_call(operation_name, kwargs)
2020-03-05T17:48:50.645+00:00
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 626, in _make_api_call
2020-03-05T17:48:50.645+00:00
raise error_class(parsed_response, operation_name)
2020-03-05T17:48:50.645+00:00
botocore.exceptions.ClientError: An error occurred (OptInRequired) when calling the DescribeStacks operation: The AWS Access Key Id needs a subscription for the service
2020-03-05T17:48:50.645+00:00
2020-03-05T17:48:50.645+00:00
[Container] 2020/03/05 17:48:48 Command did not exit successfully servicecatalog-puppet bootstrap-spoke-as ${PUPPET_ACCOUNT_ID} ${ASSUMABLE_ROLE_IN_ROOT_ACCOUNT} ${ORGANIZATION_ACCOUNT_ACCESS_ROLE_ARN} exit status 1
2020-03-05T17:48:50.645+00:00
[Container] 2020/03/05 17:48:48 Phase complete: BUILD State: FAILED
2020-03-05T17:48:50.645+00:00
[Container] 2020/03/05 17:48:48 Phase context status code: COMMAND_EXECUTION_ERROR Message: Error while executing command: servicecatalog-puppet bootstrap-spoke-as ${PUPPET_ACCOUNT_ID} ${ASSUMABLE_ROLE_IN_ROOT_ACCOUNT} ${ORGANIZATION_ACCOUNT_ACCESS_ROLE_ARN}. Reason: exit status 1
2020-03-05T17:48:50.645+00:00
[Container] 2020/03/05 17:48:48 Entering phase POST_BUILD
2020-03-05T17:48:50.645+00:00
[Container] 2020/03/05 17:48:48 Phase complete: POST_BUILD State: SUCCEEDED
2020-03-05T17:48:50.645+00:00
[Container] 2020/03/05 17:48:48 Phase context status code: Message:
eamonnfaherty commented 4 years ago

this was an issue the account vending machine product and has since been resolved.