|
I have a dumb and small question for a personal project. I have a site hosted on an Elastic Beanstalk which I will update, but it also needs a file that's too big to package with the rest of it so I've been just SSHing in to manually copy it over. At first this was done with WinSCP, but later I've been loading it from an S3 bucket. The problem is that I've also got any ebextension script which should be doing it automatically and it does run, but the file ends up always being size 0?
|
# ¿ Sep 12, 2023 23:39 |
|
|
# ¿ May 10, 2024 06:05 |
|
Docjowles posted:If I had to guess the instance doesn’t have permission to read the object. If you run the script manually as the same user it normally runs under does it work? Are there logs you could inspect or anything in cloudtrail? Correct, when I run it manually in SSH it works. AFAIK, it is something to do with the permissions but I've found it rather difficult to find answers on that. I don't think I have cloud trail logs setup.
|
# ¿ Sep 13, 2023 23:12 |
|
Docjowles posted:If I had to guess the instance doesn’t have permission to read the object. If you run the script manually as the same user it normally runs under does it work? Are there logs you could inspect or anything in cloudtrail? ledge posted:Does the EC2 instance created by Elastic Beanstalk have a role associated to it that has a policy granting access to the S3 bucket? Sorry for not replying sooner, as full-stack development is now my day job, my hobby project needs to get by with the scraps of dev-energy I have left over. Alas, the logs don't tell me much beyond claiming that the ebextensions script ran successfully. So when I run it manually via SSH, I do the command by ec2-user, and it works. And I thought I've added the EB role to the S3 bucket and so on, but I guess not? How would I be able to find which one it is? Looking at the IAM console there are 3 accounts with a "last activity" that matches the last time I deployed the service, (cdk-hnb{etc, etc}) would these be the ones to add instead of the "RecipeAppIAMRole" or "RecipeBeanstalkServiceRole" in the S3 bucket policy? Do I need to add anything to the IAM roles, not just the s3 bucket? code:
|
# ¿ Sep 29, 2023 12:22 |
|
Vanadium posted:Can you make it run aws sts get-caller-identity? In SSH, .ebextensions, or both? I'll try that as well whatsfordinner
|
# ¿ Sep 30, 2023 02:35 |
|
Vanadium posted:Like in the context where you're not sure what role is being used. So, sure, both, why not. It's cheap and easy and doesn't even require any permissions! I finally got around to trying this in SSH and I found that it was being run by an 'assumed-role', which after I added it to the S3 permission config now seemingly allows it to work.
|
# ¿ Nov 27, 2023 10:21 |
|
|
# ¿ May 10, 2024 06:05 |
|
I used Elastic Beanstalk for the backend of my project.
|
# ¿ Jan 8, 2024 23:21 |