Closed CloudNiner closed 7 years ago
I downloaded and updated the terraform.tfvars
file from S3's staging-us-east-1-climate-config
bucket, but have been unable to reupload the file because of permissions issues:
aws s3 --profile=climate cp ~/Downloads/terraform.tfvars s3://staging-us-east-1-climate-config/terraform/terraform.tfvars
upload failed: ../../Downloads/terraform.tfvars to s3://staging-us-east-1-climate-config/terraform/terraform.tfvars A client error (AccessDenied) occurred when calling the PutObject operation: Access Denied
I tried editing the permissions of the file, the bucket and my own account to get it to work but couldn't. I also tried to login using the systems account but the password in LastPass did not work. Could use some assistance on this tomorrow. /cc @tnation14
Your user IAM permissions appear fine.
Did you try calling the aws s3
command with the option --sse 'aws:kms'
? See here: http://docs.aws.amazon.com/cli/latest/reference/s3/cp.html
Typically we encrypt those files via the default aws kms account key using server side encryption.
Alternatively try uploading the file via the AWS console, making sure to add the option to do SSE via the default KMS key.
I normally use --sse AES256
but @CloudNiner is correct.
We should be consistent. If ops is using --sse AES256
across multiple projects, then go ahead and switch to that.
Okay, that's what I was missing, that worked:
$ aws s3 --profile=climate cp --sse AES256 ~/Downloads/terraform.tfvars s3://staging-us-east-1-climate-config/terraform/terraform.tfvars
upload: ../../../Downloads/terraform.tfvars to s3://staging-us-east-1-climate-config/terraform/terraform.tfvars
But I can't do infra plan
anymore because my permissions seem to have been revoked again. Not sure if this caused this or something else.
Was this a consequence of uploading the file, or something else? Can my permissions be reset?
Very weird. Your permissions changed sometime between when I looked at them this AM and just now. I reset your user permissions to match those of the other developers.
Thanks! I think that did the trick. Just ran infra plan
again and didn't see the database size in the output (details removed):
~ aws_ecs_service.cc_api_http
~ aws_ecs_service.cc_api_https
-/+ aws_ecs_task_definition.cc_api_http
-/+ aws_ecs_task_definition.cc_api_https
-/+ aws_ecs_task_definition.cc_api_management
~ aws_elasticache_parameter_group.memcached
This should kick in automatically on next develop
build. I'm going to mark this issue as Done.