This message was deleted Pulumi Community #getting-started

Join Slack

This message was deleted.

# getting-started

sparse-intern-71089

05/28/2021, 6:24 PM

This message was deleted.

miniature-musician-31262

05/28/2021, 6:46 PM

It’s hard to say without seeing some code, but I can share that when I’ve done something similar, I’ve passed in these two managed policies to allow the container task to access the upload bucket:

Copy code

myBucket.onObjectCreated("onUploadEvent", new aws.lambda.CallbackFunction<aws.s3.BucketEvent, void>("onUploadHandler", {
    policies: [
        aws.iam.ManagedPolicies.AWSLambdaFullAccess,
        aws.iam.ManagedPolicies.AmazonEC2ContainerServiceFullAccess,
    ],
    ..

Have you tried these and not had any luck?

miniature-musician-31262

05/28/2021, 6:48 PM

It does require a handle to the bucket (above,

myBucket

), which you can get in your program using `aws.s3.Bucket.get()`: https://www.pulumi.com/docs/reference/pkg/aws/s3/bucket/#look-up

hundreds-kite-52072

05/28/2021, 10:12 PM

The two managed policies don't work. On trying pulumi up I get this error : Error attaching policy arnawsiam:awspolicy/AmazonEC2ContainerServiceFullAccess to IAM Role onNewVideoCreated-d00e07e: NoSuchEntity: Policy arnawsiam:awspolicy/AmazonEC2ContainerServiceFullAccess does not exist or is not attachable. status code: 404, request id: 8648df91-e856-4b6e-96d8-b44e22c92412 And AWSLambdaFullAccess is deprecated.

hundreds-kite-52072

05/28/2021, 10:15 PM

I'm using the bucket.get() function to get the handle and that is working fine. In the lambda function I can read from the bucket but the docker container can't.

hundreds-kite-52072

05/28/2021, 10:18 PM

Do I need an executionRole on the FargateTaskDefinition if so, what?

miniature-musician-31262

05/28/2021, 10:24 PM

ah, my code is quite old, which may explain why you’re seeing that error. let me try updating it to latest pulumi/aws, etc.

hundreds-kite-52072

05/28/2021, 10:24 PM

Thank you! Really appreciate your help!

miniature-musician-31262

05/28/2021, 10:37 PM

No problem — I’m definitely not expert-level AWS, but I can at least share what’s working for me. 🙂 Here’s what I’m attempting to upgrade to now —

Copy code

{
    ...
    "dependencies": {
        "@pulumi/aws": "^4.6.0",
        "@pulumi/awsx": "^0.30.0",
        "@pulumi/pulumi": "^3.3.1",
        ...
    }
}

miniature-musician-31262

05/28/2021, 10:37 PM

Will report back as soon I’m able to validate

miniature-musician-31262

05/28/2021, 10:50 PM

Ok so that did work for me — I had to update a couple of references for those managed policies, but I just deployed and verified things all work as they should. Here’s the file I’m using to define the upload handler and task definition: https://gist.github.com/cnunciato/9409f84fbf965e6105a5365220a638ba

miniature-musician-31262

05/28/2021, 10:50 PM

Lines 39 and 40 contain the managed-policy references.

miniature-musician-31262

05/28/2021, 10:52 PM

(I’m pulling the container image from Docker, but I don’t believe shouldn’t matter here.)

miniature-musician-31262

05/28/2021, 11:01 PM

And it looks like those two lines have applied these two policies on the role that was associated with the Lambda:

miniature-musician-31262

05/28/2021, 11:01 PM

Hopefully that helps shed some light!

hundreds-kite-52072

06/01/2021, 10:24 AM

Really appreciate this. Just back from a long weekend off an will be looking at this today.

👍 1

6 Views

Open in Slack

Previous Next