Hi. When trying to deploy cloudmapper auditor application to aws according to https://github.com/duo-labs/cloudmapper/blob/main/auditor/README.md the cdk deploy command fails with multiple _CREATEFAILED You are not authorized to perform this operation error messages followed by a summary looking like this:
CloudmapperauditorStack The following resource(s) failed to create: [alarmforwarderServiceRoleB9026B1B, taskDefinitioncloudmappercontainerLogGroup7F93E70E, CloudMapperVpcIGW7E937F7B, ClusterEB0123A7, taskDefinitionExecutionRoleA4CD45BC, taskDefinitionEventsRole377A8C74, cloudmapperalarm0DFD3BAB, LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9116ECFB, taskDefinitionTaskRole3DEF31E0, CloudMapperVpcAF815FDA, CDKMetadata].
Apparently the user which the application is being deployed with (cloudmapper) misses permissions/requires specific role(s) to be assigned to him.
Question: is there a list of roles the user cloudmapper has to be assigned before running the cdk deploy command? I've gone through the instructions a few times, this point doesn't seem to be covered there.
Hi. When trying to deploy cloudmapper auditor application to aws according to https://github.com/duo-labs/cloudmapper/blob/main/auditor/README.md the cdk deploy command fails with multiple _CREATEFAILED You are not authorized to perform this operation error messages followed by a summary looking like this:
CloudmapperauditorStack The following resource(s) failed to create: [alarmforwarderServiceRoleB9026B1B, taskDefinitioncloudmappercontainerLogGroup7F93E70E, CloudMapperVpcIGW7E937F7B, ClusterEB0123A7, taskDefinitionExecutionRoleA4CD45BC, taskDefinitionEventsRole377A8C74, cloudmapperalarm0DFD3BAB, LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9116ECFB, taskDefinitionTaskRole3DEF31E0, CloudMapperVpcAF815FDA, CDKMetadata].
Apparently the user which the application is being deployed with (cloudmapper) misses permissions/requires specific role(s) to be assigned to him.
Question: is there a list of roles the user cloudmapper has to be assigned before running the cdk deploy command? I've gone through the instructions a few times, this point doesn't seem to be covered there.
Thanks in advance.