This message was deleted.
# generals
sparse-intern-71089
11/21/2019, 4:43 PMThis message was deleted.
w
white-balloon-205
11/21/2019, 5:06 PM
From your notes - sounds like you indeed don’t have permission to read these files in S3 - and I would expect Pulumi needs to read them to list details of the stacks. I don’t know precisely what to suggest without seeing all the policies you have applied to these buckets - but it does not sound like there is anything particularly Pulumi specific here.
Unfortunately, cross-account bucket policy configuration in AWS is frequently very confusing.
b
boundless-monkey-50243
11/21/2019, 5:11 PMSo typically in this situation one would apply a condition to the bucket policy that requires bucket-owner-full-control, but Pulumi barfs at that.
boundless-monkey-50243
11/21/2019, 5:12 PMThe bucket policies are just global access delegated to the sub-accounts. It seems to be an object-level problem.
w
white-balloon-205
11/21/2019, 6:04 PM
but Pulumi barfs at thatAre you saying that you can download the contents of a file with a set of credentials, but cannot see it with
pulumi stack lsb
boundless-monkey-50243
11/21/2019, 6:10 PMI'm saying that I can't upload to a bucket with an ACL restriction.
boundless-monkey-50243
11/21/2019, 6:10 PMWhich is why we don't have them
boundless-monkey-50243
11/21/2019, 6:10 PMAnd which appears related, though I'm not yet certain, to having the bucket owner account unable to find the stack.
5 Views