medusa-project / book-tracker

Medusa Book Tracker
0 stars 0 forks source link

Import failed #52

Closed henryborchers closed 9 months ago

henryborchers commented 9 months ago

I'm unable import records in Booktracker.

When I try I get the following error.

Import failed: User: arn:aws:sts::721945215539:assumed-role/ECS-book-tracker-role/db2b87ae8e3544b787da8a2f49a3c9be is not authorized to perform: sqs:sendmessage on resource: arn:aws:sqs:us-east-2:721945215539:book-tracker-prod because no identity-based policy allows the sqs:sendmessage action

adolski commented 9 months ago

We recently updated the Book Tracker to send SQS messages (#7) and it looks like we neglected to grant that permission to the book tracker's role. So, I just did that and launched another import and I'll keep an eye on it.

@genschmitt Do you know if there is any Terraform that we should update for this?

genschmitt commented 9 months ago

@adolski I checked the terraform repos and I don't see book trackers permissions anywhere. Adding from the console is good for now, this is likely something we would want to transition to Terraform at some point in the future.

adolski commented 9 months ago

Thanks @genschmitt!

@gaurijo, I've created #53 for you. BTW, here is what I did to add the permission to the role (I pretty much always forget to do this when modifying an app to use a new AWS service):

  1. In the AWS console, go to the IAM section
  2. Click on Access Management -> Roles in the left menu
  3. Search for and click on the Book Tracker role
  4. Click the "add permissions" button and "attach policies"
  5. Search for "SQS"
  6. Add the one that looks most appropriate (AmazonSQSFullAccess)

(Although, after #53 is done, we shouldn't do it this way anymore.)