Documentation Needed: `longEnvVars` option requires S3 read access for the instances (?)

[convexset]

Looks like the longEnvVars option requires S3 read access for the instances.

I tried it some time back and it didn't work and I was in too much of a hurry to get it working. Now that I know a bit more about EB and have looked in the source code it seems like that's the case. https://github.com/zodern/mup-aws-beanstalk/blob/master/src/assets/env.yaml#L48

If that's right, it should be added to the documentation while doing this.

[jpaddison3]

Thanks for making this issue. 🙏

[zodern]

I am not able to reproduce. The instance profile is aws-elasticbeanstalk-ec2-role, which has read access to the s3 bucket.

[hugo-medcury]

The AWS-elasticbeanstalk-ec2-role does not have a permission to access s3 mup-APPNAME/env. We need to have an additional permission attaches to that role.

Ref: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-instanceprofile.html

[hugo-medcury]

For those who stuck with longEnvVars, please check:

1. Go to IAM
2. Role
3. Select aws-elasticbeanstalk-ec2-role
4. Add permissions
5. Create inline policy
6. JSON

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::mup-YOUR_APP_NAME",
                "arn:aws:s3:::mup-YOUR_APP_NAME/*"
            ]
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets"
            ],
            "Resource": "arn:aws:s3:::*"
        }
    ]
}

Save the setting.

[s7dhansh]

Additionally, I was getting a NoSuchKey error. In my mup-<app>/env' folder, a '0.txt' file was expected. It was not there, probably because this is an old app and I was switching to longEnvVars` now.

So, I added a dummy 0.txt file and it started working.

@zodern fyi.