search

stelligent / mutato

Repo formerly known as mu-cdk. A.K.A Mu2. Pronounced: mew-tah-toe
https://stelligent.github.io/mutato/
MIT License
23 stars 2 forks source link

deploying with non-admin permissions #56

Open scottnixonjr opened 4 years ago

scottnixonjr commented 4 years ago

In preparation for the blog post, I followed the steps in this gist to test a deployment of mutato's sample application. https://gist.github.com/mneil/e32dd411a44d4d0cac01b42de5841ef4

Here is the error from the Acceptance CFN deployment:

2020-04-06 10:02:49 UTC-0700 | networkacceptanceVPCPublicSubnet2SubnetB70416C7 | CREATE_FAILED | Template error: Fn::Select cannot select nonexistent value at index 1

2020-04-06 10:02:49 UTC-0700 | networkacceptanceVPCPrivateSubnet2Subnet6A11D49B | CREATE_FAILED | Template error: Fn::Select cannot select nonexistent value at index 1

Stack:arn:aws:cloudformation:us-east-1:324320755747:stack/Mutato-App-acceptance-scottnixonjr-mutato-example-basic-master/3fcc9ae0-7828-11ea-9956-0a1f955da693 is in ROLLBACK_COMPLETE state and can not be updated. (Service: AmazonCloudFormation; Status Code: 400; Error Code: ValidationError; Request ID: c54d08e7-346a-49d2-8dfd-3d4c353fdcca)

The CodeBuild process logs show this error message

Stack Mutato-App-acceptance-scottnixonjr-mutato-example-basic-master

User: arn:aws:sts::324320755747:assumed-role/Mutato-Pipeline-scottnixonjr-mut-buildRoleD55766F0-164PZ68Q754WL/AWSCodeBuild-e93bc96e-8c71-45c0-9b2f-0700fab3ba5a is not authorized to perform: cloudformation:GetTemplate on resource: arn:aws:cloudformation:us-east-1:324320755747:stack/Mutato-App-acceptance-scottnixonjr-mutato-example-basic-master/3fcc9ae0-7828-11ea-9956-0a1f955da693

3p3r commented 4 years ago

the deployment succeeded in the mutato dev account where you are an admin and failed in the labs account where you are not, currently the deployer needs to have admin access to the account and I will document this.

I will keep this open to eventually fix non-admin deploys.