drernie commented 9 months ago

https://searchminimal.quiltdata.com/b/searchminimal/packages/test/vivos/tree/e78ef4cca607aca8e2e5f6892569db7d94aebc39c8fbe93ac3828c32155796dd/README.md

drernie commented 9 months ago

First try

DOES NOT TRIGGER

drernie commented 9 months ago

                "bucket": {
                    "name": "nf-core-gallery",
                    "ownerIdentity": {
                    },
                    "arn": "arn:aws:s3:::nf-core-gallery"
                },
                "object": {
                    "key": "benchling/EXP23000052/entry.json",
                    "size": 2331,
                    "eTag": "8fc48a585d1c72b07c2449eb0a09eba7",
                    "versionId": "bBM8dgjKkP5.mqoGHP1x1vqCexpW0.DW",
                    "sequencer": "00656892F5816E21A4"
                }

drernie commented 9 months ago

`` "errorType": "AuthorizationErrorException", "errorMessage": "User: arn:aws:sts::850787717197:assumed-role/vivos-dev-vivoslambdarole9D9C002E-DVjqDplBLdpj/vivos-dev-launchBBD44B2B-qIWcyxN4YADT is not authorized to perform: SNS:Publish on resource: arn:aws:sns:us-west-2:850787717197:vivos-dev-VivosStatusTopicA15DB4F3-Max3zUxnKt9q because no identity-based policy allows the SNS:Publish action",

Perhaps related to the missing policy:
    //lambdaRole.addToPolicy(lambdaS3Policy);
    return lambdaRole;

drernie commented 9 months ago

Re-deployed Created Slack subscription: https://us-west-2.console.aws.amazon.com/sns/v3/home?region=us-west-2#/subscription/arn:aws:sns:us-west-2:850787717197:vivos-dev-VivosStatusTopicA15DB4F3-ZtWNeBPS4xWa:ea10986b-2b3e-4959-a22c-1f81d391ed10

drernie commented 9 months ago

DOH. Logs don't exist for New Lambdas until they run.

drernie commented 9 months ago

https://quilt-dtt.benchling.com/quilt-dev/f/lib_uz14ul16-quilt-integration/etr_rIzYadGt-vivos-test-5/edit

https://demo.quiltdata.com/b/nf-core-gallery/packages/benchling/EXP23000059 https://us-west-2.console.aws.amazon.com/cloudwatch/home?region=us-west-2#logsV2:log-groups/log-group/$252Faws$252Flambda$252Fvivos-dev-launchBBD44B2B-zwFaFh5KkBtO/log-events/2023$252F11$252F30$252F$255B$2524LATEST$255De42a0a4fff5f48a3be4c1a5f5eca6612

    "errorMessage": "User: arn:aws:sts::850787717197:assumed-role/vivos-dev-vivoslambdarole9D9C002E-Q4tTPcluvrrI/vivos-dev-launchBBD44B2B-zwFaFh5KkBtO is not authorized to perform: SNS:Publish on resource: arn:aws:sns:us-west-2:850787717197:vivos-dev-VivosStatusTopicA15DB4F3-TQBjuZymrju3 because no identity-based policy allows the SNS:Publish action",

DOH! The logging is causing the crash. Try reverting. NOT helping.

drernie commented 9 months ago

Try reading the error closely then...

"errorMessage": 
"User: 
arn:aws:sts::850787717197:assumed-role/vivos-dev-vivoslambdarole9D9C002E-Q4tTPcluvrrI/vivos-dev-launchBBD44B2B-zwFaFh5KkBtO
 is not authorized to perform:
 SNS:Publish on resource: 
arn:aws:sns:us-west-2:850787717197:vivos-dev-VivosStatusTopicA15DB4F3-TQBjuZymrju3 
because no identity-based policy allows the SNS:Publish action",

drernie commented 9 months ago

vivos-dev-vivoslambdarole9D9C002E-Q4tTPcluvrrI
AWS Service: lambda

The Lambda IS allowed to assume the Role

        "Effect": "Allow",
        "Principal": {
            "Service": "lambda.amazonaws.com"
        },
        "Action": "sts:AssumeRole"

The Topic does allow publish from there

vivos-dev-VivosStatusTopicA15DB4F3-TQBjuZymrju3

    {
      "Sid": "2",
      "Effect": "Allow",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Action": "sns:Publish",
      "Resource": "arn:aws:sns:us-west-2:850787717197:vivos-dev-VivosStatusTopicA15DB4F3-TQBjuZymrju3"
    }

drernie commented 9 months ago

DRIFT

Manually added AmazonSNSFullAccess to https://us-east-1.console.aws.amazon.com/iam/home?region=us-west-2#/roles/details/vivos-dev-vivoslambdarole9D9C002E-Q4tTPcluvrrI?section=permissions

data-yaml / vivos

feat: working demo #19

DRIFT