search

sst / ion

❍ — a new engine for SST
https://ion.sst.dev
MIT License
1.08k stars 126 forks source link

Permissions property doesn't work on Remix component #457

Closed pablote closed 4 weeks ago

pablote commented 1 month ago

I've added a permissions property to a Remix component, like this:

image

When I deploy this I don't see these permissions being reflected on the lambda's execution role, and because of it trying to use this resources I get a AccessDeniedException from AWS. I've tried bringing the stage down and recreating, but no luck.

Thanks

jayair commented 1 month ago

Can you share a screenshot of the function that you were checking on in the AWS Console?

pablote commented 1 month ago

This is how it looks on lambda:

Screenshot 2024-05-24 at 8 54 03 AM

And if I go to IAM:

image

Btw, I've tried a few things, like adding more permissions, this is an example straight from the docs, but it doesn't seem to make any change:

Screenshot 2024-05-24 at 8 58 34 AM
pablote commented 1 month ago

I've managed to get this working. Let me explain what I did because there seem to be some underlying issues with SST.

1) I created a new, clean, Remix app and deployed it with the permissions prop setup. Permissions correctly showed up on the Lambda, so the problem must be with my application. 2) I tried sst removing and sst deploying the app again, the problem is still there, permissions don't show up on the Lambda. 3) I sst remove the app, and go looking into AWS. This is the first time I notice sst is not actually removing the app. The lambda, cloudfront distribution, s3 bucket, iam roles, are all still there. Even if try to sst remove it again I get a "already removed" message. If I deploy and remove, it never fails, but it never deletes stuff on AWS. 4) I start to delete stuff manually on AWS, and delete all traces of SST in the project. Sst init again and deploy from scratch. This turned out to be a little more complicated than expected, it'd would keep trying to use a bucket I deleted and bail out because it couldn't find it. Looking for the error in ion code I found that there were some configs in ssm pointing to this bucket. Deleted them all. 5) Deployed the app again and now it's fully working :D.

I understand that poking into AWS generated stuff is not the expected behavior, but at the same time, the tooling doesn't seem to recover from weird cases like the one I fell into.

jayair commented 1 month ago

Your app should've been removed on sst remove. Unless you are setting the retain flag: https://ion.sst.dev/docs/reference/config/#removal

What are you using?

pablote commented 1 month ago

retain was not being set, and from what I can see it doesn't keep the lambdas unless retain-all is used.. anyway, it's working fine now, and sst remove correctly deletes everything, it just didn't do it before, I don't know why

jayair commented 4 weeks ago

Weird. Closing this for now.