Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: assume IAM role before running cloudposse/github-action-atmos-get-setting #58

Merged
merged 2 commits into from
Aug 28, 2024
Merged

fix: assume IAM role before running cloudposse/github-action-atmos-get-setting #58

merged 2 commits into from
Aug 28, 2024

Conversation

goruha
Copy link
Member

@goruha goruha commented Aug 28, 2024

what

  • assume IAM role before running cloudposse/github-action-atmos-get-setting

why

As of atmos 1.86.2, when atmos.Component began actually retrieving the TF state, it broke cloudposse/github-action-atmos-affected-stacks which we resolved as part of this release of the aforementioned action. We just had the action assume the IAM role, and that was it. However in cases where this function is used, appropriate IAM credentials to also be a requirement for cloudposse/github-action-atmos-get-setting:

> Run cloudposse/github-action-atmos-get-setting@v1
template: all-atmos-sections:163:26: executing "all-atmos-sections" at <atmos.Component>: error calling Component: exit status 1

Error: error configuring S3 Backend: IAM Role (arn:aws:iam::xxxxxxxxxxxx:role/xxxx-core-gbl-root-tfstate) cannot be assumed.

There are a number of possible causes of this - the most common are:
  * The credentials used in order to assume the role are invalid
  * The credentials do not have appropriate permission to assume the role
  * The role ARN is not valid

Error: NoCredentialProviders: no valid providers in chain. Deprecated.
	For verbose messaging see aws.Config.CredentialsChainVerboseErrors

references

https://github.com/cloudposse/atmos/releases/tag/v1.86.2

@goruha goruha requested review from a team as code owners August 28, 2024 17:13
@goruha goruha requested review from hans-d and RoseSecurity August 28, 2024 17:13
@goruha goruha merged commit b453cd2 into main Aug 28, 2024
10 checks passed
@goruha goruha deleted the fix/assume-role-before-get-setting branch August 28, 2024 18:00
@github-actions GitHub Actions
Copy link

These changes were released in v2.5.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@korenyoni korenyoni korenyoni approved these changes

@hans-d hans-d Awaiting requested review from hans-d hans-d is a code owner automatically assigned from cloudposse/contributors

@RoseSecurity RoseSecurity Awaiting requested review from RoseSecurity RoseSecurity is a code owner automatically assigned from cloudposse/contributors

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@goruha @korenyoni