search

ministryofjustice / modernisation-platform

A place for the core work of the Modernisation Platform • This repository is defined and managed in Terraform
https://user-guide.modernisation-platform.service.justice.gov.uk
MIT License
680 stars 289 forks source link

Redeploy after nuke fails #2383

Closed gfou-al closed 2 years ago

gfou-al commented 2 years ago

The Redeploy after nuke GitHub action fails with the following error (https://github.com/ministryofjustice/modernisation-platform-environments/actions/runs/3214067978/jobs/5254188217):

Terraform has been successfully initialized!
Switched to workspace "sprinkler-development".

Error: error configuring Terraform AWS Provider: IAM Role (arn:aws:iam::946070829339:role/MemberInfrastructureAccess) cannot be assumed.

There are a number of possible causes of this - the most common are:
  * The credentials used in order to assume the role are invalid
  * The credentials do not have appropriate permission to assume the role
  * The role ARN is not valid

Error: operation error STS: AssumeRole, https response error StatusCode: 403, RequestID: f987bd80-e7fc-42ab-a276-d1b831669e21, api error AccessDenied: User: arn:aws:iam::946070829339:user/member-ci is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::946070829339:role/MemberInfrastructureAccess

  with provider["registry.terraform.io/hashicorp/aws"],
  on providers.tf line 8, in provider "aws":
   8: provider "aws" {
julialawrence commented 2 years ago

https://github.com/ministryofjustice/modernisation-platform-environments/pull/975

A quick fix to allow the workflow to run with OIDC.

More rework to follow in the next sprint.

julialawrence commented 2 years ago

https://github.com/ministryofjustice/modernisation-platform-environments/actions/runs/3259403389/jobs/5352197460

Redeploy after Nuke succeeded.