search

maciejtreder / serverless-apigw-binary

Serverless plugin for binary files support in AWS Gateway
MIT License
160 stars 33 forks source link

AccessDeniedException #19

Closed eraserfusion closed 7 years ago

eraserfusion commented 7 years ago

Starting in version 0.3.7 I am no longer able to deploy with this plugin. The following is the error log when deploying:

/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:31
            throw err;
            ^

Error: AccessDeniedException: User: arn:aws:iam::**************:user/********** is not authorized to perform: apigateway:GET on resource: arn:aws:apigateway:us-east-1::/restapis
    at Object.extractError (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/protocol/json.js:48:27)...

The resource that I am failing to authorize for looks like it is missing some information arn:aws:apigateway:us-east-1::/restapis.

If I reinstall this plugin with 0.3.6 my project deploys without a problem.

maciejtreder commented 7 years ago

Hello. Thank you for the report. Could you share your serverless.yml content?

eraserfusion commented 7 years ago

It's fairly large, but I think the relevant parts are included here:

service: service-name

frameworkVersion: "=1.18.1"

provider:
  name: aws
  runtime: nodejs6.10
  role: arn:aws:iam::lambda-role
  apiKeys:
    - ${self:service}-test-${self:custom.myStage}
  usagePlan:
    throttle:
      burstLimit: 1000
      rateLimit: 1000
  environment:
    serviceName: ${self:service}

plugins:
 - serverless-apigw-binary

custom:
  apigwBinary:
    types:
      - 'application/xml'
      - 'application/java-archive'
  myStage: ${opt:stage, self:provider.stage}
maciejtreder commented 7 years ago

Hello. Thank you for your input.

Could you verify if the issue is gone in the latest version (0.3.9)?

eraserfusion commented 7 years ago

The resource name now appears in full, but I am still getting an error deploying:

/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:31
            throw err;
            ^

Error: AccessDenied: User: arn:aws:iam::********:user/********** is not authorized to perform: cloudformation:DescribeStacks on resource: arn:aws:cloudformation:us-east-1:**********:stack/service-name-dev/*
    at Request.extractError (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/protocol/query.js:47:29)
    at Request.callListeners (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
    at Request.emit (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/sequential_executor.js:77:10)...

I am authorized to perform that action and the deploy still works correctly in 0.3.6

maciejtreder commented 7 years ago

Really strange.. I am performing exactly same action as Serverless for displaying deployed API url...

maciejtreder commented 7 years ago

Ok. I think I got it. Could you tell me if you have more than one AWS CLI profile?

eraserfusion commented 7 years ago

I only have 1 AWS CLI profile.

maciejtreder commented 7 years ago

Ok. Bug should be fixed. Could you verify again (version 0.4.0)?

eraserfusion commented 7 years ago

This works! Thank you very much for your quick response and fix!

maciejtreder commented 7 years ago

You're welcome.

Star is appreciated. :)