Deployment to eu-west-2 fails with error: Encountered a permissions error performing a tagging operation
SolP-Aleios opened this issue · 4 comments
When attempting to deploy version 2.1.9 from the Serverless Application Repository to eu-west-2 with all default parameter values results in the following error in CloudFormation for the deployment of the UsEast1Deployment stack in us-east-1:
Resource handler returned message: "Encountered a permissions error performing a tagging operation, please add required tag permissions. See https://repost.aws/knowledge-center/cloudformation-tagging-permission-error for how to resolve. Resource handler returned message: "Access Denied (Service: S3, Status Code: 403, Request ID: 2FB9496CMHWVN6P1, Extended Request ID: djlPxh01P7F7YtA9WBgwRx8a1gR2K5mHAHicJJhlq1AzO6UIuuZW75R2RQNwiNbLSj//TObklnA=)"" (RequestToken: b459529b-bdfb-d768-e7ed-828ee30a52ad, HandlerErrorCode: UnauthorizedTaggingOperation)
I believe this is due to the role used by the UsEast1Deployment lambda lacking the s3:PutBucketTagging permission.
Thanks for the report. Sounds easy to reproduce, but I'm not sure why this would suddenly not work.
Thanks for the swift response! I am also confused as to why this would only crop up now.
I have cloned the repo and made that one line change to add s3:PutBucketTagging to the UsEast1Deployment's policy and then deployed it with SAM to eu-west-2 and all works as expected.
Would you like me to open a PR with this change?
Would you like me to open a PR with this change?
That would be great!
Couldn't reproduce it but we've added s3:PutBucketTagging permission now