This message was deleted.
# atlantis-communitys
Slackbot
04/13/2023, 4:01 PMThis message was deleted.
d
Dylan Page
04/13/2023, 4:15 PMHow are you specifying the IAM role, is it configured at the instance level or within your TF?
j
Jason Reslock
04/13/2023, 4:31 PMDoes the backend configuration use kms? Does the role have permission to use the kms key for crypto operations on the state file(s)?
💯 1
m
Manav Sikka
04/13/2023, 10:29 PMThe IAM role is configured with IRSA on the pod
Manav Sikka
04/13/2023, 10:32 PMthe bucket is encrypted using Amazon S3 managed keys, and the same IAM role is working on the old atlantis deployment i have
d
Dylan Page
04/14/2023, 2:06 AMI would recommend checking your terraform to make sure there isn't anything override the AWS provider configuration
Dylan Page
04/14/2023, 2:06 AMSine you mentioned exec'ing into the pod and being able to access the state file from S3, thus confirming the IAM role from IRSA service account is working on the pod
m
Manav Sikka
04/19/2023, 1:32 PMafter trying a lot of things, upgrading the TF version made it work, we were running an old version 0.12.27, and somehow it wasn't picking the right IAM role, running TF plan within the pod from version 0.12 and 0.13, produced different results, 0.13 picked the right IAM role