Jenkins `infra` step failing due to invalid DB parameter

[CloudNiner]

Error applying plan:

1 error(s) occurred:

* aws_db_instance.postgresql: Error modifying DB Instance dbstaging: InvalidParameterValue: Requested storage size (120) cannot be less then the current storage size (240)
    status code: 400, request id: 1013325d-f9e1-11e6-a079-8b72f98d12dd

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

[rajadain]

I downloaded and updated the terraform.tfvars file from S3's staging-us-east-1-climate-config bucket, but have been unable to reupload the file because of permissions issues:

aws s3 --profile=climate cp ~/Downloads/terraform.tfvars s3://staging-us-east-1-climate-config/terraform/terraform.tfvars
upload failed: ../../Downloads/terraform.tfvars to s3://staging-us-east-1-climate-config/terraform/terraform.tfvars A client error (AccessDenied) occurred when calling the PutObject operation: Access Denied

I tried editing the permissions of the file, the bucket and my own account to get it to work but couldn't. I also tried to login using the systems account but the password in LastPass did not work. Could use some assistance on this tomorrow. /cc @tnation14

[CloudNiner]

Your user IAM permissions appear fine.

Did you try calling the aws s3 command with the option --sse 'aws:kms'? See here: http://docs.aws.amazon.com/cli/latest/reference/s3/cp.html

Typically we encrypt those files via the default aws kms account key using server side encryption.

Alternatively try uploading the file via the AWS console, making sure to add the option to do SSE via the default KMS key.

[tnation14]

I normally use --sse AES256 but @CloudNiner is correct.

[CloudNiner]

We should be consistent. If ops is using --sse AES256 across multiple projects, then go ahead and switch to that.

[rajadain]

Okay, that's what I was missing, that worked:

$ aws s3 --profile=climate cp --sse AES256 ~/Downloads/terraform.tfvars s3://staging-us-east-1-climate-config/terraform/terraform.tfvars
upload: ../../../Downloads/terraform.tfvars to s3://staging-us-east-1-climate-config/terraform/terraform.tfvars

But I can't do infra plan anymore because my permissions seem to have been revoked again. Not sure if this caused this or something else.

Was this a consequence of uploading the file, or something else? Can my permissions be reset?

[CloudNiner]

Very weird. Your permissions changed sometime between when I looked at them this AM and just now. I reset your user permissions to match those of the other developers.

[rajadain]

Thanks! I think that did the trick. Just ran infra plan again and didn't see the database size in the output (details removed):

~ aws_ecs_service.cc_api_http
~ aws_ecs_service.cc_api_https
-/+ aws_ecs_task_definition.cc_api_http
-/+ aws_ecs_task_definition.cc_api_https
-/+ aws_ecs_task_definition.cc_api_management
~ aws_elasticache_parameter_group.memcached

This should kick in automatically on next develop build. I'm going to mark this issue as Done.