This message was deleted.
# atlantis-community
s
This message was deleted.
d
How are you specifying the IAM role, is it configured at the instance level or within your TF?
j
Does the backend configuration use kms? Does the role have permission to use the kms key for crypto operations on the state file(s)?
💯 1
m
The IAM role is configured with IRSA on the pod
the bucket is encrypted using Amazon S3 managed keys, and the same IAM role is working on the old atlantis deployment i have
d
I would recommend checking your terraform to make sure there isn't anything override the AWS provider configuration
Sine you mentioned exec'ing into the pod and being able to access the state file from S3, thus confirming the IAM role from IRSA service account is working on the pod
m
after trying a lot of things, upgrading the TF version made it work, we were running an old version 0.12.27, and somehow it wasn't picking the right IAM role, running TF plan within the pod from version 0.12 and 0.13, produced different results, 0.13 picked the right IAM role