Closed lgarron closed 3 years ago
Q. How do I know if I have any functions using Ruby 2.5? The following command shows how to use the AWS CLI [3] to list all functions in your account using Ruby2.5:
aws lambda list-functions --function-version ALL --output text --query "Functions[?Runtime=='ruby2.5'].FunctionArn"
Unfortunately, this doesn't work for our default IAM user:
An error occurred (AccessDeniedException) when calling the ListFunctions operation: User: arn:aws:iam::285938427530:user/WCA is not authorized to perform: lambda:ListFunctions on resource: *
I'm going to try to see if I can authorize it.
I'm going to try to see if I can authorize it.
Alright, I was able to log into the AWS root user and grant AWSLambda_FullAccess
to the WCA user. Now we get:
> aws lambda list-functions --function-version ALL --output text --query "Functions[?Runtime=='ruby2.5'].FunctionArn"
arn:aws:lambda:us-west-2:285938427530:function:wcalink_prod:$LATEST
I now get:
> terraform init
Initializing the backend...
╷
│ Error: Failed to decode current backend config
│
│ The backend configuration created by the most recent run of "terraform init" could not be decoded: unsupported attribute "lock_table". The configuration may have been initialized by an
│ earlier version that used an incompatible configuration structure. Run "terraform init -reconfigure" to force re-initialization of the backend.
╵
> terraform init -reconfigure
Initializing the backend...
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
╷
│ Error: Invalid legacy provider address
│
│ This configuration or its associated state refers to the unqualified provider "aws".
│
│ You must complete the Terraform 0.13 upgrade process before upgrading to later versions.
╵
It seems that we were on Terraform 0.12, and I need to install 0.13, 0.14, and 0.15 each in turn. Going to try https://warrensbox.medium.com/how-to-manage-different-terraform-versions-for-each-project-51cca80ccece#:~:text=Brew%20tap%20install%20terraform%20%E2%80%94%20tfswitch&text=If%20you%20do%20not%20have,dropdown%20and%20start%20using%20terraform.
It seems that we were on Terraform 0.12, and I need to install 0.13, 0.14, and 0.15 each in turn. Going to try https://warrensbox.medium.com/how-to-manage-different-terraform-versions-for-each-project-51cca80ccece#:~:text=Brew%20tap%20install%20terraform%20%E2%80%94%20tfswitch&text=If%20you%20do%20not%20have,dropdown%20and%20start%20using%20terraform.
Using tfswitch
to install Terraform 0.12 seems to work, but the WCA user is missing... a bunch of permissions.
I don't feel comfortable putting all these permissions on the WCA user without discussing it with more of the WST, so I've sent and email and Slack question about involving someone else.
Error: error getting Route53 Hosted Zone (Z3JXHOI02QR037): AccessDenied: User: arn:aws:iam::285938427530:user/WCA is not authorized to perform: route53:GetHostedZone on resource: arn:aws:route53:::hostedzone/Z3JXHOI02QR037
status code: 403, request id: 63029216-f101-4e27-85b6-165f14be7922
Error: AccessDeniedException: User: arn:aws:iam::285938427530:user/WCA is not authorized to perform: dynamodb:DescribeTable on resource: arn:aws:dynamodb:us-west-2:285938427530:table/wca-terraform-state-lock-dynamo
status code: 400, request id: 841L4CPQVSOV0VK0OCKKT4BT37VV4KQNSO5AEMVJF66Q9ASUAAJG
Error: Error describing certificate: AccessDeniedException: User: arn:aws:iam::285938427530:user/WCA is not authorized to perform: acm:DescribeCertificate on resource: arn:aws:acm:us-east-1:285938427530:certificate/1c87c578-1dff-4d65-a647-a9caa6b80a49
status code: 400, request id: 564fd983-9119-45bc-a65a-04e25d8dfbd3
Error: error reading API Gateway REST API (po0bbvqnoc): AccessDeniedException: User: arn:aws:iam::285938427530:user/WCA is not authorized to perform: apigateway:GET on resource: arn:aws:apigateway:us-west-2::/restapis/po0bbvqnoc
status code: 403, request id: b5b3abb9-700a-42e1-8d1b-474d6236ee31
Hi Lucas, I sent you new credentials that you can use to change this.
Alright, it took a few tries of config updates, but I think I got it done!
This used to return something (arn:aws:lambda:us-west-2:285938427530:function:wcalink_prod:$LATEST
), but no longer does:
aws lambda list-functions --function-version ALL --output text --query "Functions[?Runtime=='ruby2.5'].FunctionArn"
btw. you can also use tenv that support Terraform as well as OpenTofu (and Terragrunt :) ) in one tool. It allow you to simplify version management and can do much more, than tfswitch.
We got this email from AWS: