cloudtools / stacker

An AWS CloudFormation Stack orchestrator/manager.
http://stacker.readthedocs.io/en/stable/
BSD 2-Clause "Simplified" License
709 stars 167 forks source link

stacker bucket will always be created with default aws profile regardless of -p option #673

Open ronend opened 6 years ago

ronend commented 6 years ago

stacker.log Running stacker build -p dronen1 ./config/environments/prod/us-east-1.env ./config/capabilities/zone/avm/custom_resources.yaml Stacker errored out: [2018-10-23T23:44:08] Using default AWS provider mode [2018-10-23T23:44:09] Access denied for bucket stacker-templates-us-east-1-1540336332. Did you remember to use a globally unique name? Traceback (most recent call last): File "/Users/dronen/workspace/stacker/stacker/util.py", line 495, in ensure_s3_bucket s3_client.head_bucket(Bucket=bucket_name) File "/Users/dronen/workspace/mufg-infrastructure/venv3/lib/python3.6/site-packages/botocore/client.py", line 314, in _api_call return self._make_api_call(operation_name, kwargs) File "/Users/dronen/workspace/mufg-infrastructure/venv3/lib/python3.6/site-packages/botocore/client.py", line 612, in _make_api_call raise error_class(parsed_response, operation_name) botocore.exceptions.ClientError: An error occurred (403) when calling the HeadBucket operation: Forbidden Traceback (most recent call last): File "/Users/dronen/workspace/mufg-infrastructure/venv3/bin/stacker", line 7, in <module> exec(compile(f.read(), __file__, 'exec')) File "/Users/dronen/workspace/stacker/scripts/stacker", line 10, in <module> args.run(args) File "/Users/dronen/workspace/stacker/stacker/commands/stacker/build.py", line 58, in run dump=options.dump) File "/Users/dronen/workspace/stacker/stacker/actions/base.py", line 199, in execute self.pre_run(*args, **kwargs) File "/Users/dronen/workspace/stacker/stacker/actions/build.py", line 396, in pre_run self.ensure_cfn_bucket() File "/Users/dronen/workspace/stacker/stacker/actions/base.py", line 159, in ensure_cfn_bucket self.bucket_region) File "/Users/dronen/workspace/stacker/stacker/util.py", line 495, in ensure_s3_bucket s3_client.head_bucket(Bucket=bucket_name) File "/Users/dronen/workspace/mufg-infrastructure/venv3/lib/python3.6/site-packages/botocore/client.py", line 314, in _api_call return self._make_api_call(operation_name, kwargs) File "/Users/dronen/workspace/mufg-infrastructure/venv3/lib/python3.6/site-packages/botocore/client.py", line 612, in _make_api_call raise error_class(parsed_response, operation_name) botocore.exceptions.ClientError: An error occurred (403) when calling the HeadBucket operation: Forbidden The problem is in the constructor of actions.base.BaseAction.__init__(), the session is built without the profile: self.s3_conn = get_session(self.bucket_region).client('s3') The profile is not passed to this constructor, so I have no idea how this might be solved other than adding karg to the constructor.

ejholmes commented 6 years ago

This is definitely a bug. I’ll dig in when I have time (or happy to review if someone sends a PR).

One easy way around this would be to create the bucket before hand. That’s actually what we do at Remind, since it allows us to manage the bucket through CloudFormation.

On Wed, Oct 24, 2018 at 10:57 AM ronend notifications@github.com wrote:

Running stacker build -p dronen1 ./config/environments/prod/us-east-1.env ./config/capabilities/zone/avm/custom_resources.yaml Stacker errored out: [2018-10-23T23:44:08] Using default AWS provider mode [2018-10-23T23:44:09] Access denied for bucket stacker-templates-us-east-1-1540336332. Did you remember to use a globally unique name? Traceback (most recent call last): File "/Users/dronen/workspace/stacker/stacker/util.py", line 495, in ensure_s3_bucket s3_client.head_bucket(Bucket=bucket_name) File "/Users/dronen/workspace/mufg-infrastructure/venv3/lib/python3.6/site-packages/botocore/client.py", line 314, in _api_call return self._make_api_call(operation_name, kwargs) File "/Users/dronen/workspace/mufg-infrastructure/venv3/lib/python3.6/site-packages/botocore/client.py", line 612, in _make_api_call raise error_class(parsed_response, operation_name) botocore.exceptions.ClientError: An error occurred (403) when calling the HeadBucket operation: Forbidden Traceback (most recent call last): File "/Users/dronen/workspace/mufg-infrastructure/venv3/bin/stacker", line 7, in

exec(compile(f.read(), __file__, 'exec')) File "/Users/dronen/workspace/stacker/scripts/stacker", line 10, in args.run(args) File "/Users/dronen/workspace/stacker/stacker/commands/stacker/build.py", line 58, in run dump=options.dump) File "/Users/dronen/workspace/stacker/stacker/actions/base.py", line 199, in execute self.pre_run(*args, **kwargs) File "/Users/dronen/workspace/stacker/stacker/actions/build.py", line 396, in pre_run self.ensure_cfn_bucket() File "/Users/dronen/workspace/stacker/stacker/actions/base.py", line 159, in ensure_cfn_bucket self.bucket_region) File "/Users/dronen/workspace/stacker/stacker/util.py", line 495, in ensure_s3_bucket s3_client.head_bucket(Bucket=bucket_name) File "/Users/dronen/workspace/mufg-infrastructure/venv3/lib/python3.6/site-packages/botocore/client.py", line 314, in _api_call return self._make_api_call(operation_name, kwargs) File "/Users/dronen/workspace/mufg-infrastructure/venv3/lib/python3.6/site-packages/botocore/client.py", line 612, in _make_api_call raise error_class(parsed_response, operation_name) botocore.exceptions.ClientError: An error occurred (403) when calling the HeadBucket operation: Forbidden The problem is in the constructor of actions.base.BaseAction.__init__(), the session is built without the profile: self.s3_conn = get_session(self.bucket_region).client('s3') The profile is not passed to this constructor, so I have no idea how this might be solved other than adding karg to the constructor. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub , or mute the thread .