This message was deleted.
# getting-started
s
This message was deleted.
m
It’s hard to say without seeing some code, but I can share that when I’ve done something similar, I’ve passed in these two managed policies to allow the container task to access the upload bucket:
Copy code
myBucket.onObjectCreated("onUploadEvent", new aws.lambda.CallbackFunction<aws.s3.BucketEvent, void>("onUploadHandler", {
    policies: [
        aws.iam.ManagedPolicies.AWSLambdaFullAccess,
        aws.iam.ManagedPolicies.AmazonEC2ContainerServiceFullAccess,
    ],
    ..
Have you tried these and not had any luck?
It does require a handle to the bucket (above,
myBucket
), which you can get in your program using `aws.s3.Bucket.get()`: https://www.pulumi.com/docs/reference/pkg/aws/s3/bucket/#look-up
h
The two managed policies don't work. On trying pulumi up I get this error : Error attaching policy arnawsiam:awspolicy/AmazonEC2ContainerServiceFullAccess to IAM Role onNewVideoCreated-d00e07e: NoSuchEntity: Policy arnawsiam:awspolicy/AmazonEC2ContainerServiceFullAccess does not exist or is not attachable. status code: 404, request id: 8648df91-e856-4b6e-96d8-b44e22c92412 And AWSLambdaFullAccess is deprecated.
I'm using the bucket.get() function to get the handle and that is working fine. In the lambda function I can read from the bucket but the docker container can't.
Do I need an executionRole on the FargateTaskDefinition if so, what?
m
ah, my code is quite old, which may explain why you’re seeing that error. let me try updating it to latest pulumi/aws, etc.
h
Thank you! Really appreciate your help!
m
No problem — I’m definitely not expert-level AWS, but I can at least share what’s working for me. 🙂 Here’s what I’m attempting to upgrade to now —
Copy code
{
    ...
    "dependencies": {
        "@pulumi/aws": "^4.6.0",
        "@pulumi/awsx": "^0.30.0",
        "@pulumi/pulumi": "^3.3.1",
        ...
    }
}
Will report back as soon I’m able to validate
Ok so that did work for me — I had to update a couple of references for those managed policies, but I just deployed and verified things all work as they should. Here’s the file I’m using to define the upload handler and task definition: https://gist.github.com/cnunciato/9409f84fbf965e6105a5365220a638ba
Lines 39 and 40 contain the managed-policy references.
(I’m pulling the container image from Docker, but I don’t believe shouldn’t matter here.)
And it looks like those two lines have applied these two policies on the role that was associated with the Lambda:
Hopefully that helps shed some light!
h
Really appreciate this. Just back from a long weekend off an will be looking at this today.
👍 1