bitter-painter-79520
02/15/2023, 11:08 AMbillowy-army-68599
02/15/2023, 2:08 PMbitter-painter-79520
02/15/2023, 2:10 PMbillowy-army-68599
02/15/2023, 2:11 PMbitter-painter-79520
02/15/2023, 2:13 PMerror: 1 error occurred:
* creating urn:pulumi:qa::…::aws:s3/bucket:Bucket::…: 1 error occurred:
* error reading S3 Bucket (…-8efa1d8): Forbidden: Forbidden
status code: 403, request id: …, host id: …
The CloudTrail logs have no error for the user running Pullumi. There's also no message with the request id I get back from Pulumi.const s3BucketForLargeMails = new aws.s3.Bucket("…", {
arn: "private",
tags: {
"component": "…",
}
})
billowy-army-68599
02/15/2023, 2:34 PMarn: "private",
This doesn’t look correct, you can’t specify the arn of a bucketbitter-painter-79520
02/15/2023, 3:20 PMacl
.CreateBucket
being successful in CloudTrailResources:
+ 15 to create
~ 1 to update
16 changes. 5 unchanged
Updating (qa):
pulumi:pulumi:Stack: (same)
[urn=urn:pulumi:qa::…::pulumi:pulumi:Stack::...]
~ aws:s3/bucket:Bucket: (update)
[id=…-654a382]
[urn=urn:pulumi:qa::…::aws:s3/bucket:Bucket::...]
[provider=urn:pulumi:qa::…::pulumi:providers:aws::default_5_26_0::74d005a3-ff4e-4d41-9e2e-2b0456e8acb5]
acl : "private"
- arn : "private"
bucket : "…-654a382"
forceDestroy: false
tags : {
component : "…"
}
error: 1 error occurred:
* updating urn:pulumi:qa::…::aws:s3/bucket:Bucket::…: 1 error occurred:
* error reading S3 Bucket (…-654a382): Forbidden: Forbidden
status code: 403, request id: 4V3G5FTC8DP7E552, host id: …
error: update failed
Resources:
5 unchanged
Duration: 3s
Is there a way to figure out the IAM permissions I need for this operation?
billowy-army-68599
02/15/2023, 5:21 PMexport AWS_CSM_ENABLED=true
export AWS_CSM_PORT=31000
export AWS_CSM_HOST=127.0.0.1
bitter-painter-79520
02/15/2023, 5:53 PM