https://pulumi.com logo
#aws
Title
# aws
g

gifted-student-18589

06/29/2023, 8:24 AM
question regarding S3 buckets, S3 Object Lambda Access Point, and OLAP policies.. I have this code, c/p-ed from your AWS docs:
Copy code
const exampleBucketV2 = new aws.s3.BucketV2("example-bucket-v2", {});
        const exampleAccessPoint = new aws.s3.AccessPoint("example-ap", {
            bucket: exampleBucketV2.id
        });
        const exampleObjectLambdaAccessPoint = new aws.s3control.ObjectLambdaAccessPoint(
            "example-olap",
            {
                configuration: {
                    supportingAccessPoint: exampleAccessPoint.arn,
                    transformationConfigurations: [
                        {
                            actions: ["GetObject"],
                            contentTransformation: {
                                awsLambda: {
                                    functionArn: getS3Object.output.arn
                                }
                            }
                        }
                    ]
                }
            }
        );
        const exampleObjectLambdaAccessPointPolicy =
            new aws.s3control.ObjectLambdaAccessPointPolicy(
                "example-olap-policy",
                {
                    policy: exampleObjectLambdaAccessPoint.arn.apply(arn =>
                        JSON.stringify({
                            Version: "2008-10-17",
                            Statement: [
                                {
                                    Effect: "Allow",
                                    Action: "s3-object-lambda:GetObject",
                                    Principal: {
                                        AWS: "xxx123abc"
                                    },
                                    Resource: arn
                                }
                            ]
                        })
                    )
                }
            );
When I deploy this, I get this from AWS:
Copy code
creating S3 Object Lambda Access Point (xxx123abc:example-olap-policy-0ae82c8) Policy: NoSuchAccessPoint: The specified accesspoint does not exist
So, basically, for some reason AP can't be found. But clearly, from the code, AP is created. Not sure if this is a bug somewhere in Pulumi/TF, but at this point, I'm out of ideas. Was banging my head against this for quite some time now 😅
Copy code
CLI
Version      3.37.2
Go Version   go1.17.12
Go Compiler  gc

Plugins
NAME    VERSION
nodejs  unknown

Host
OS       darwin
Version  12.3
Arch     x86_64

This project is written in nodejs: executable='/private/var/folders/j3/33xmnlyn6db75qqn6n06j6nh0000gn/T/xfs-cc5233cb/node' version='v16.19.0'

Current Stack: aaa

TYPE                                                           URN
pulumi:pulumi:Stack                                            urn:pulumi:aaa::api::pulumi:pulumi:Stack::api-aaa
pulumi:providers:aws                                           urn:pulumi:aaa::api::pulumi:providers:aws::default_5_41_0
aws:s3/bucketV2:BucketV2                                       urn:pulumi:aaa::api::aws:s3/bucketV2:BucketV2::example-bucket-v2
aws:s3/accessPoint:AccessPoint                                 urn:pulumi:aaa::api::aws:s3/accessPoint:AccessPoint::fileManagerBucketAccessPoint
aws:s3/accessPoint:AccessPoint                                 urn:pulumi:aaa::api::aws:s3/accessPoint:AccessPoint::example-ap
aws:iam/role:Role                                              urn:pulumi:aaa::api::aws:iam/role:Role::pb-export-pages-lambda-role
aws:iam/policy:Policy                                          urn:pulumi:aaa::api::aws:iam/policy:Policy::PbExportPageTaskLambdaPolicy
aws:iam/rolePolicyAttachment:RolePolicyAttachment              urn:pulumi:aaa::api::aws:iam/rolePolicyAttachment:RolePolicyAttachment::pb-export-pages-lambda-role-default-execution-role
aws:iam/rolePolicyAttachment:RolePolicyAttachment              urn:pulumi:aaa::api::aws:iam/rolePolicyAttachment:RolePolicyAttachment::pb-export-pages-lambda-role-policy
aws:iam/role:Role                                              urn:pulumi:aaa::api::aws:iam/role:Role::pb-import-page-lambda-role
aws:iam/policy:Policy                                          urn:pulumi:aaa::api::aws:iam/policy:Policy::ImportPageLambdaPolicy
aws:iam/rolePolicyAttachment:RolePolicyAttachment              urn:pulumi:aaa::api::aws:iam/rolePolicyAttachment:RolePolicyAttachment::pb-import-page-lambda-role-default-execution-role
aws:iam/rolePolicyAttachment:RolePolicyAttachment              urn:pulumi:aaa::api::aws:iam/rolePolicyAttachment:RolePolicyAttachment::pb-import-page-lambda-role-policy
aws:iam/role:Role                                              urn:pulumi:aaa::api::aws:iam/role:Role::headless-cms-lambda-role
aws:iam/policy:Policy                                          urn:pulumi:aaa::api::aws:iam/policy:Policy::HeadlessCmsLambdaPolicy
aws:iam/policy:Policy                                          urn:pulumi:aaa::api::aws:iam/policy:Policy::ApwSchedulerExecuteActionLambdaPolicy
aws:iam/role:Role                                              urn:pulumi:aaa::api::aws:iam/role:Role::apw-scheduler-execute-action-lambda-role
aws:iam/policy:Policy                                          urn:pulumi:aaa::api::aws:iam/policy:Policy::FileManagerLambdaPolicy
aws:s3/bucketPolicy:BucketPolicy                               urn:pulumi:aaa::api::aws:s3/bucketPolicy:BucketPolicy::fm-bucket-s3-policy
aws:cloudwatch/eventRule:EventRule                             urn:pulumi:aaa::api::aws:cloudwatch/eventRule:EventRule::apw-scheduler-event-rule
aws:iam/role:Role                                              urn:pulumi:aaa::api::aws:iam/role:Role::fm-get-s3-object-role
aws:iam/role:Role                                              urn:pulumi:aaa::api::aws:iam/role:Role::fm-lambda-role
aws:iam/role:Role                                              urn:pulumi:aaa::api::aws:iam/role:Role::apw-scheduler-schedule-action-lambda-role
aws:iam/policy:Policy                                          urn:pulumi:aaa::api::aws:iam/policy:Policy::ApwSchedulerScheduleActionLambdaPolicy
aws:iam/rolePolicyAttachment:RolePolicyAttachment              urn:pulumi:aaa::api::aws:iam/rolePolicyAttachment:RolePolicyAttachment::headless-cms-lambda-role-default-execution-role
aws:iam/rolePolicyAttachment:RolePolicyAttachment              urn:pulumi:aaa::api::aws:iam/rolePolicyAttachment:RolePolicyAttachment::headless-cms-lambda-role-policy
aws:iam/rolePolicyAttachment:RolePolicyAttachment              urn:pulumi:aaa::api::aws:iam/rolePolicyAttachment:RolePolicyAttachment::apw-scheduler-execute-action-lambda-role-policy-attachment
aws:iam/rolePolicyAttachment:RolePolicyAttachment              urn:pulumi:aaa::api::aws:iam/rolePolicyAttachment:RolePolicyAttachment::apw-scheduler-execute-action-lambda-AWSLambdaBasicExecutionRole
aws:iam/rolePolicyAttachment:RolePolicyAttachment              urn:pulumi:aaa::api::aws:iam/rolePolicyAttachment:RolePolicyAttachment::apw-scheduler-schedule-action-lambda-role-policy-attachment
aws:iam/rolePolicyAttachment:RolePolicyAttachment              urn:pulumi:aaa::api::aws:iam/rolePolicyAttachment:RolePolicyAttachment::apw-scheduler-schedule-action-lambda-AWSLambdaBasicExecutionRole
aws:iam/rolePolicyAttachment:RolePolicyAttachment              urn:pulumi:aaa::api::aws:iam/rolePolicyAttachment:RolePolicyAttachment::fm-lambda-role-policy
aws:iam/rolePolicyAttachment:RolePolicyAttachment              urn:pulumi:aaa::api::aws:iam/rolePolicyAttachment:RolePolicyAttachment::fm-lambda-role-default-execution-role
aws:cloudfront/originAccessIdentity:OriginAccessIdentity       urn:pulumi:aaa::api::aws:cloudfront/originAccessIdentity:OriginAccessIdentity::mujo-origin-identity
aws:apigatewayv2/api:Api                                       urn:pulumi:aaa::api::aws:apigatewayv2/api:Api::api-gateway
aws:iam/role:Role                                              urn:pulumi:aaa::api::aws:iam/role:Role::api-lambda-role
aws:iam/policy:Policy                                          urn:pulumi:aaa::api::aws:iam/policy:Policy::ApiGraphqlLambdaPolicy
aws:apigatewayv2/stage:Stage                                   urn:pulumi:aaa::api::aws:apigatewayv2/stage:Stage::default
aws:iam/rolePolicyAttachment:RolePolicyAttachment              urn:pulumi:aaa::api::aws:iam/rolePolicyAttachment:RolePolicyAttachment::api-lambda-role-default-execution-role
aws:iam/rolePolicyAttachment:RolePolicyAttachment              urn:pulumi:aaa::api::aws:iam/rolePolicyAttachment:RolePolicyAttachment::api-lambda-role-policy
aws:cloudfront/distribution:Distribution                       urn:pulumi:aaa::api::aws:cloudfront/distribution:Distribution::api-cloudfront
aws:lambda/function:Function                                   urn:pulumi:aaa::api::aws:lambda/function:Function::fm-image-transformer
aws:lambda/function:Function                                   urn:pulumi:aaa::api::aws:lambda/function:Function::fm-manage
aws:lambda/function:Function                                   urn:pulumi:aaa::api::aws:lambda/function:Function::apw-scheduler-execute-action-lambda
aws:lambda/permission:Permission                               urn:pulumi:aaa::api::aws:lambda/permission:Permission::fm-manage-s3-lambda-permission
aws:s3/bucketNotification:BucketNotification                   urn:pulumi:aaa::api::aws:s3/bucketNotification:BucketNotification::bucketNotification
aws:lambda/function:Function                                   urn:pulumi:aaa::api::aws:lambda/function:Function::fm-download
aws:lambda/function:Function                                   urn:pulumi:aaa::api::aws:lambda/function:Function::fm-get-s3-object
aws:lambda/function:Function                                   urn:pulumi:aaa::api::aws:lambda/function:Function::pb-export-pages-combine
aws:lambda/function:Function                                   urn:pulumi:aaa::api::aws:lambda/function:Function::pb-import-page-queue-process
aws:lambda/permission:Permission                               urn:pulumi:aaa::api::aws:lambda/permission:Permission::allow-files-any
aws:apigatewayv2/integration:Integration                       urn:pulumi:aaa::api::aws:apigatewayv2/integration:Integration::files-any
aws:s3control/objectLambdaAccessPoint:ObjectLambdaAccessPoint  urn:pulumi:aaa::api::aws:s3control/objectLambdaAccessPoint:ObjectLambdaAccessPoint::example-olap
aws:s3control/objectLambdaAccessPoint:ObjectLambdaAccessPoint  urn:pulumi:aaa::api::aws:s3control/objectLambdaAccessPoint:ObjectLambdaAccessPoint::fileManagerBucketObjectLambdaAccessPoint
aws:lambda/function:Function                                   urn:pulumi:aaa::api::aws:lambda/function:Function::apw-scheduler-schedule-action-lambda
aws:apigatewayv2/route:Route                                   urn:pulumi:aaa::api::aws:apigatewayv2/route:Route::files-any
aws:lambda/permission:Permission                               urn:pulumi:aaa::api::aws:lambda/permission:Permission::eventTargetPermission
aws:cloudwatch/eventTarget:EventTarget                         urn:pulumi:aaa::api::aws:cloudwatch/eventTarget:EventTarget::apw-scheduler-event-rule-target
aws:lambda/function:Function                                   urn:pulumi:aaa::api::aws:lambda/function:Function::pb-export-pages-process
aws:lambda/function:Function                                   urn:pulumi:aaa::api::aws:lambda/function:Function::pb-import-page-queue-create
aws:lambda/function:Function                                   urn:pulumi:aaa::api::aws:lambda/function:Function::headless-cms
aws:lambda/permission:Permission                               urn:pulumi:aaa::api::aws:lambda/permission:Permission::allow-cms-post
aws:lambda/permission:Permission                               urn:pulumi:aaa::api::aws:lambda/permission:Permission::allow-cms-options
aws:apigatewayv2/integration:Integration                       urn:pulumi:aaa::api::aws:apigatewayv2/integration:Integration::cms-options
aws:apigatewayv2/integration:Integration                       urn:pulumi:aaa::api::aws:apigatewayv2/integration:Integration::cms-post
aws:apigatewayv2/route:Route                                   urn:pulumi:aaa::api::aws:apigatewayv2/route:Route::cms-options
aws:apigatewayv2/route:Route                                   urn:pulumi:aaa::api::aws:apigatewayv2/route:Route::cms-post
aws:s3/bucketObject:BucketObject                               urn:pulumi:aaa::api::aws:s3/bucketObject:BucketObject::./pbInstallation.zip
aws:lambda/function:Function                                   urn:pulumi:aaa::api::aws:lambda/function:Function::graphql
aws:apigatewayv2/integration:Integration                       urn:pulumi:aaa::api::aws:apigatewayv2/integration:Integration::graphql-post
aws:apigatewayv2/integration:Integration                       urn:pulumi:aaa::api::aws:apigatewayv2/integration:Integration::graphql-options
aws:dynamodb/tableItem:TableItem                               urn:pulumi:aaa::api::aws:dynamodb/tableItem:TableItem::apwSettings
aws:lambda/permission:Permission                               urn:pulumi:aaa::api::aws:lambda/permission:Permission::allow-graphql-options
aws:lambda/permission:Permission                               urn:pulumi:aaa::api::aws:lambda/permission:Permission::allow-graphql-post
aws:apigatewayv2/route:Route                                   urn:pulumi:aaa::api::aws:apigatewayv2/route:Route::graphql-post
aws:apigatewayv2/route:Route                                   urn:pulumi:aaa::api::aws:apigatewayv2/route:Route::graphql-options
pulumi:providers:aws                                           urn:pulumi:aaa::api::pulumi:providers:aws::default_5_10_0


Found no pending operations associated with aaa

Backend
Name           Adrians-MacBook-Pro-2.local
URL            file:///Users/adrian/dev/webiny-js-experiments/.pulumi/apps/api
User           adrian
Organizations

Pulumi locates its logs in /var/folders/j3/33xmnlyn6db75qqn6n06j6nh0000gn/T/ by default
warning: Failed to get information about the Pulumi program's plugins: Could not find either /Users/adrian/dev/webiny-js-experiments/.webiny/workspaces/apps/api/yarn.lock or /Users/adrian/dev/webiny-js-experiments/.webiny/workspaces/apps/api/package-lock.json
looking at this TF article here... IDK, it's all the same, didn't spot any differences
thinking maybe this is a question for repost.aws 🤔
solved it
this
name
param is not marked as a required field, but it DOES matter
this is not mentioned in the docs as well
so, something to potentially improve in the future
image.png