https://pulumi.com logo
b

better-baker-47643

09/17/2021, 2:01 PM
Hi everyone, new to pulumi and running the AWS s3 getting started tutorial but getting the dreaded AccessDenied errors:
Copy code
error: 1 error occurred:
        * updating urn:pulumi:staging::connection::aws:s3/bucket:Bucket::pulumi-staging-my-bucket: 1 error occurred:
        * AccessDenied: Access Denied
        status code: 403, request id: F72W8ZNDNM1BM1W9, host id: /2Z31uOorObZpN2gwgD59eWLKKhcrNvtqonR/ThWQng9kDDHBSaY5jaO/gx4u1BJFDqXLcSr/iU=
I've added all the s3 permissions that could possibly be relevant and tried debugging with
v=9
but can't see the command that is failing. Is there a way to output each AWS command being sent that I'm missing? tried looking through the docs and github issues but haven't found anything
trying cloudtrail generated policies now. would be nice if this was visible in pulumi though
even just a way to preview the AWS commands an update will issue would help
w

witty-candle-66007

09/17/2021, 2:38 PM
This looks like your AWS creds do not have permission to create an S3 bucket. As part of the getting started sequence did you use
aws configure
or environment variables to set up your AWS access? Can you use the AWS CLI to create a bucket? Something like
aws s3 mb <s3://bucket-name>
?
b

better-baker-47643

09/17/2021, 2:54 PM
nope, creds were good. turned out it was a few missing perms where it wasn't obvious to me that they were being used
like BucketLifecycle etc
the challenge is having to wait for cloudtrail to log the requsts and then go through the logs to see what failed
thats why i was wondering if its possible to preview all the API commands pulumi is going to send for a stack
w

witty-candle-66007

09/17/2021, 3:05 PM
The --debug and -v=9 flags provide the maximum debugging from the cli. But as you noted it doesn’t give detailed API inspection. That said, in case it helps, this issue includes some tips and tricks around attaching a debugger: https://github.com/pulumi/pulumi/issues/1372
👍 1