pulumi-aws icon indicating copy to clipboard operation
pulumi-aws copied to clipboard

Published 20 hours ago verified publisher icon pulumi

Error in assuming access role

Open AreebSiddiqui opened this issue 1 year ago • 7 comments

What happened?

I am trying to create an AppRunner service, and for that, I am creating an IAM Role that has an AmazonEC2ContainerRegistryFullAccess policy attached to it. But when I try to deploy it gives me the following error:

Error:

aws:apprunner:Service (node-app): error: 1 error occurred: * error creating App Runner Service (node-app): InvalidRequestException: Error in assuming access role arn:aws:iam::402228412873:role/apprunner-role-83c64cban

Expected Behavior

It should create an AppRunner Service.

Steps to reproduce

 const policy = {
   "Version": "2012-10-17",
   "Statement": [
     {
       "Effect": "Allow",
       "Principal": {
         "Service": "build.apprunner.amazonaws.com"
       },
       "Action": "sts:AssumeRole"
     }
   ]
 };

  // Base Role
  const role = await new aws.iam.Role("apprunner-role", {
    assumeRolePolicy: JSON.stringify(policy)
  });

  const ec2ContainerRegistry = new aws.iam.RolePolicyAttachment("AmazonEC2ContainerRegistryFullAccess", {
    role: role,
    policyArn: "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess"
  });

const nodeapp = new aws.apprunner.Service("node-app", {
    serviceName: "node-app",
    sourceConfiguration: {
    autoDeploymentsEnabled: false,
    authenticationConfiguration: {
      accessRoleArn: role.arn
    },
    imageRepository: {
      imageConfiguration: {
        port: "8080",
      },
      imageIdentifier: repositoryUrl,
      imageRepositoryType: "ECR_PUBLIC",
    },
  },
  tags: {
    Name: "example-apprunner-service",
  },
});

Output of pulumi about

CLI
Version 3.57.1 Go Version go1.20.1 Go Compiler gc

Plugins NAME VERSION aws 5.31.0 awsx 1.0.2 docker 4.0.0 docker 3.6.1 nodejs unknown

Host
OS ubuntu Version 22.04 Arch x86_64

This project is written in nodejs: executable='/home/areebpersonal/.nvm/versions/node/v16.17.1/bin/node' version='v16.17.1'

Current Stack: mareebsiddiqui/midrun-infra/dev

Found no resources associated with dev

Found no pending operations associated with dev

Backend
Name pulumi.com URL https://app.pulumi.com/AreebSiddiqui User AreebSiddiqui Organizations AreebSiddiqui, mareebsiddiqui

Dependencies: NAME VERSION @aws-sdk/client-codebuild 3.289.0 @pulumi/aws 5.31.0 @pulumi/awsx 1.0.2 @pulumi/docker 4.0.0 @pulumi/pulumi 3.57.1 @types/express 4.17.17 dotenv 16.0.3 express 4.18.2 @types/node 16.18.14

Pulumi locates its logs in /tmp by default

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

AreebSiddiqui avatar Mar 12 '23 21:03 AreebSiddiqui