8000 Fix function policies for Athena outputs in S3 by davisengeler · Pull Request #94 · Vibe-House-LLC/memeSRC · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Fix function policies for Athena outputs in S3 #94

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 23, 2023
Merged

Fix function policies for Athena outputs in S3 #94

merged 2 commits into from
Feb 23, 2023

Conversation

davisengeler
Copy link
Contributor

Description

There was an issue with the S3 permissions on the Analytics functions which caused Athena to fail in some circumstances:

Unable to verify/create output bucket

By default, amplify's storage access setting from the cli only allows s3:ListBucket, s3:PutObject, and s3:GetObject, but Amplify seems to need more to work properly in all cases. To fix this, I added to the functions' custom policies to allow the necessary S3 permissions.

Added this policy

This policy has been added to all analytics policies (anything using Athena):

{
  "Effect": "Allow",
  "Action": [
    "s3:GetBucketLocation",
    "s3:GetObject",
    "s3:ListBucket",
    "s3:ListBucketMultipartUploads",
    "s3:ListMultipartUploadParts",
    "s3:AbortMultipartUploads",
    "s3:CreateBucket",
    "s3:PutObject"
  ],
  "Resource": [
    {
      "Fn::Join": [
        "",
        [
          "arn:aws:s3:::",
          {
            "Ref": "storagememesrcGeneratedImagesBucketName"
          }
        ]
      ]
    },
    {
      "Fn::Join": [
        "",
        [
          "arn:aws:s3:::",
          {
            "Ref": "storagememesrcGeneratedImagesBucketName"
          },
          "/*"
        ]
      ]
    }
  ]
}

@davisengeler davisengeler added bug Something isn't working enhancement New feature or request labels Feb 23, 2023
@davisengeler davisengeler self-assigned this Feb 23, 2023
@davisengeler davisengeler merged commit ac9d7f6 into beta Feb 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AustinWoodard AustinWoodard Awaiting requested review from AustinWoodard

Assignees

@davisengeler davisengeler

Labels
bug Something isn't working enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@davisengeler
0