search

exasol / ci-isolation-aws

AWS account setup for isolating CI builds
MIT License
2 stars 2 forks source link

AWS Nuke logs error about missing permissions #26

Closed kaklakariada closed 1 year ago

kaklakariada commented 1 year ago

See log:

time="2023-05-09T06:01:56Z" level=error msg="Failed to get listed policy protected-s3-files-vs-ci-user-policy-1: AccessDenied: User: arn:aws:sts::XXX:assumed-role/protected-aws-account-cleanup-role/AWSCodeBuild-XXX is not authorized to perform: iam:GetPolicy on resource: policy arn:aws:iam::XXX:policy/protected-s3-files-vs-ci-user-policy-1 with an explicit deny in an identity-based policy\n\tstatus code: 403, request id: XXX"
kaklakariada commented 1 year ago

Works as intended. The role explicitly forbids actions on protected resources.