AccessDeniedException

Question

AccessDeniedException

eraserfusion opened this issue 7 years ago · comments

Starting in version 0.3.7 I am no longer able to deploy with this plugin. The following is the error log when deploying:

/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:31
            throw err;
            ^

Error: AccessDeniedException: User: arn:aws:iam::**************:user/********** is not authorized to perform: apigateway:GET on resource: arn:aws:apigateway:us-east-1::/restapis
    at Object.extractError (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/protocol/json.js:48:27)...

The resource that I am failing to authorize for looks like it is missing some information arn:aws:apigateway:us-east-1::/restapis.

If I reinstall this plugin with 0.3.6 my project deploys without a problem.

Maciej Treder · Answer 1 · Wed Sep 13 2017 07:41:32 GMT+0800 (China Standard Time)

Hello. Thank you for the report. Could you share your serverless.yml content?

eraserfusion · Answer 2 · Wed Sep 13 2017 08:05:32 GMT+0800 (China Standard Time)

It's fairly large, but I think the relevant parts are included here:

service: service-name

frameworkVersion: "=1.18.1"

provider:
  name: aws
  runtime: nodejs6.10
  role: arn:aws:iam::lambda-role
  apiKeys:
    - ${self:service}-test-${self:custom.myStage}
  usagePlan:
    throttle:
      burstLimit: 1000
      rateLimit: 1000
  environment:
    serviceName: ${self:service}

plugins:
 - serverless-apigw-binary

custom:
  apigwBinary:
    types:
      - 'application/xml'
      - 'application/java-archive'
  myStage: ${opt:stage, self:provider.stage}

Maciej Treder · Answer 3 · Wed Sep 13 2017 19:07:06 GMT+0800 (China Standard Time)

Hello. Thank you for your input.

Could you verify if the issue is gone in the latest version (0.3.9)?

eraserfusion · Answer 4 · Wed Sep 13 2017 21:59:39 GMT+0800 (China Standard Time)

The resource name now appears in full, but I am still getting an error deploying:

/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/request.js:31
            throw err;
            ^

Error: AccessDenied: User: arn:aws:iam::********:user/********** is not authorized to perform: cloudformation:DescribeStacks on resource: arn:aws:cloudformation:us-east-1:**********:stack/service-name-dev/*
    at Request.extractError (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/protocol/query.js:47:29)
    at Request.callListeners (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
    at Request.emit (/usr/local/lib/node_modules/serverless/node_modules/aws-sdk/lib/sequential_executor.js:77:10)...

I am authorized to perform that action and the deploy still works correctly in 0.3.6

Maciej Treder · Answer 5 · Wed Sep 13 2017 22:22:52 GMT+0800 (China Standard Time)

Really strange.. I am performing exactly same action as Serverless for displaying deployed API url...

Maciej Treder · Answer 6 · Wed Sep 13 2017 22:25:35 GMT+0800 (China Standard Time)

Ok. I think I got it. Could you tell me if you have more than one AWS CLI profile?

eraserfusion · Answer 7 · Wed Sep 13 2017 22:29:22 GMT+0800 (China Standard Time)

I only have 1 AWS CLI profile.

Maciej Treder · Answer 8 · Thu Sep 14 2017 02:52:47 GMT+0800 (China Standard Time)

Ok. Bug should be fixed. Could you verify again (version 0.4.0)?

eraserfusion · Answer 9 · Thu Sep 14 2017 06:38:44 GMT+0800 (China Standard Time)

This works! Thank you very much for your quick response and fix!

Maciej Treder · Answer 10 · Thu Sep 14 2017 15:18:11 GMT+0800 (China Standard Time)

You're welcome.

Star is appreciated. :)