Closed
Bug 1306467
Opened 8 years ago
Closed 8 years ago
Grant IAM permission rds:CreateEventSubscription to treeherder devs
Categories
(Tree Management :: Treeherder: Infrastructure, defect, P2)
Tree Management
Treeherder: Infrastructure
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: emorley, Unassigned)
References
Details
I get this whilst trying to add an event subscription (https://console.aws.amazon.com/rds/home?region=us-east-1#event-subscriptions:): User: arn:aws:iam::699292812394:user/emorley is not authorized to perform: rds:CreateEventSubscription on resource: arn:aws:rds:us-east-1:699292812394:es:treeherder-rds-instances (Service: AmazonRDS; Status Code: 403; Error Code: AccessDenied; Request ID: 3843047f-8684-11e6-9a4b-0bb7c49b0747) Jake, I don't suppose you could add this using Terraform, in Kendall's absence? https://github.com/mozilla-platform-ops/devservices-aws/blob/master/base/iam-policies.tf https://github.com/mozilla-platform-ops/devservices-aws/blob/master/base/iam-roles.tf
Flags: needinfo?(jwatkins)
|
||
Comment 1•8 years ago
|
||
Yeah, no problem. :-) aws_iam_policy.treeherder_rds-policy: Modifying... ... aws_iam_policy.treeherder_rds-policy: Modifications complete commit 1563d67ad7b30eaa71cdbd3c740a880690b7ef65 Author: Jake Watkins <jwatkins@mozilla.com> Date: Thu Sep 29 15:10:11 2016 -0700 Bug 1306467 - allows treeherder group to change rds EventSubscriptions
Flags: needinfo?(jwatkins)
|
|
||
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
|
Reporter | |
Comment 2•8 years ago
|
||
Unfortunately I still get the same error as in comment 0. I think the resource might be incorrect? That block of the Terraform file references "arn:aws:rds:us-east-1:699292812394:db:treeherder-*", whereas comment 0 contains "...:es:...".
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
||
Comment 3•8 years ago
|
||
(In reply to Ed Morley [:emorley] from comment #2) > Unfortunately I still get the same error as in comment 0. > > I think the resource might be incorrect? That block of the Terraform file > references "arn:aws:rds:us-east-1:699292812394:db:treeherder-*", whereas > comment 0 contains "...:es:...". I've added the es resource to this policy and confirmed with :emorley that it works this time. :-) commit f05f4ba892b7bcf3d0b0ffb289ce2239ae8ae1c0 Author: Jake Watkins <jwatkins@mozilla.com> Date: Thu Sep 29 17:04:30 2016 -0700 Bug 1306467 - add rds event subscription as resource
Status: REOPENED → RESOLVED
Closed: 8 years ago → 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•