Skip to content
This repository was archived by the owner on Nov 5, 2024. It is now read-only.

AWSS3Source - Fix client to use iamRole#1401

Merged
FranBarrera merged 1 commit intotriggermesh:mainfrom
FranBarrera:fix-awss3client
Apr 28, 2023
Merged

AWSS3Source - Fix client to use iamRole#1401
FranBarrera merged 1 commit intotriggermesh:mainfrom
FranBarrera:fix-awss3client

Conversation

@FranBarrera
Copy link
Contributor

@FranBarrera FranBarrera commented Apr 27, 2023
edited
Loading

Closes #1396

Note:
This PR fix the issue with the aws client to use the iamRole but it's still needed to follow the EKS IAM Role Auth instructions explained in this PR: #1243

@FranBarrera FranBarrera requested a review from a team April 27, 2023 13:36
@FranBarrera FranBarrera self-assigned this Apr 27, 2023
@tzununbekov tzununbekov self-requested a review April 28, 2023 07:44
tzununbekov
tzununbekov approved these changes Apr 28, 2023
View reviewed changes
Copy link
Member

@tzununbekov tzununbekov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@FranBarrera did you figure out why previous version didn't work? I'm not quite sure what was changed in this PR from functional point of view

@FranBarrera
Copy link
Contributor Author

FranBarrera commented Apr 28, 2023

@tzununbekov Yes, the problem was with this code: https://github.com/triggermesh/triggermesh/pull/1401/files#diff-c1ccaf7d16fe601df5071a72ffe5d1c25c8953ce39807b3a2fba4d480183f485L90-L91

That code was failing to get the cred value, it was requiring to put our generated iam user in the users iam role trusted policy:

This was the error in the triggermesh-controller:

Error creating AWS API clients: retrieving AWS IAM Role: AccessDenied: User: arn:aws:sts::0000000000000:assumed-role/0000000c/i-000000000 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::0000000000000:role/fran-test-s3

Now it works like the others AWS Sources and doesn't require extra permissions.

@FranBarrera FranBarrera merged commit c02ba41 into triggermesh:main Apr 28, 2023
@FranBarrera FranBarrera deleted the fix-awss3client branch April 28, 2023 10:16
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@tzununbekov tzununbekov tzununbekov approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@FranBarrera FranBarrera

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Unable to use iam role for authentication with awss3source

2 participants

@FranBarrera @tzununbekov