Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ibm_is_vpc_dns_resolution_binding between VPCs now requires auth policy #757

Closed
toddgiguere opened this issue Mar 29, 2024 · 0 comments · Fixed by #775
Closed

ibm_is_vpc_dns_resolution_binding between VPCs now requires auth policy #757

toddgiguere opened this issue Mar 29, 2024 · 0 comments · Fixed by #775
Assignees
@MatthewLemmond
Labels
bug 🐞 Something isn't working internal-synced

Comments

@toddgiguere
Copy link
Contributor

The latest test of example hub-spoke-delegated-resolver is failing to set up the DNS resolver in the spoke VPC with the following error:

Error: CreateVPCDnsResolutionBindingWithContext failed the provided token is not authorized to connect the specified dns-resolution-binding (ID:r006-96473c8b-81a7-4738-b588-e91601e70bb4) in this account

In the IBM Cloud Web UI for VPC, when setting up a DNS resolver manually, the following text is displayed:

Important: The DNS hub VPC administrator must create a service-to-service authentication policy that grants this DNS-shared VPC DNSBindingConnector permission on the DNS hub VPC.

This might be a new requirement, as this example (and test case) have been running successfully up until March 19 2024, and only the most recent test run of the example (March 26) is reporting this error with no other changes to the module in that time.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MatthewLemmond MatthewLemmond

Labels
bug 🐞 Something isn't working internal-synced
Projects
None yet
Milestone
No milestone
3 participants
@MatthewLemmond @toddgiguere @terraform-ibm-modules-ops