felipecosta09
commented
2 years ago @jack-c-tang any thoughts on this?
Closed Chiragkansara closed 11 months ago
felipecosta09
commented
2 years ago @jack-c-tang any thoughts on this?
trend-jack-c-tang
commented
2 years ago Hi @Chiragkansara, would you please elaborate what serverlessrepo-cloudone-filestorage-plugin-action-promote-or-quarantine role is? That role doesn't seem to be deployed along with app. Is it the role you created to configure VPC for the Lambda, and it doesn't have those permissions?
Chiragkansara
commented
1 year ago Hi @jack-c-tang the customer had to create the role "serverlessrepo-cloudone-filestorage-plugin-action-promote-or-quarantine" and assigned it the specific permissions of: "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface" in order for the lambda to be configured to run within a VPC. These permissions are lacking as FSS post-scan action plug-in's do not run within a VPC
felipecosta09
commented
1 year ago @Chiragkansara take a look at PR #139, as soon is merged, that should fix your issue.
trend-jack-c-tang
commented
11 months ago It's supported now.
"Within the "serverlessrepo-cloudone-filestorage-plugin-action-promote-or-quarantine" stack the "serverlessrepo-cloudone-filestorage-plugin-action-promote-or-quarantine" role lacks the permissions below in order for the lambda to be configured to run within a VPC. • "ec2:CreateNetworkInterface", • "ec2:DescribeNetworkInterfaces", • "ec2:DeleteNetworkInterface"
Could we please fix this, so that the post-scan action promote and quarantine plug-in can work within a VPC?