https://serverless-stack.com/ logo
Join Slack
Powered by
<@U01MV4U2EV9> Still having issues with the Aurora...
# help
j
@thdxr Still having issues with the Aurora Postgressql example. This time just around permissions not being set properly on the function
Copy code
AccessDeniedException: User: arn:aws:sts::[account-id]:assumed-role/dev-StaticStack-TestFunctionServiceRole6AB-GP14VRU9OK1W/dev-StaticStack-TestFunction22AD90FC-WMZHGEQhE67G is not authorized to perform: secretsmanager:GetSecretValue on resource: arn:aws:secretsmanager:us-west-2:[account-id]:secret:AuroraClusterSecret12D1355B-B2VD4Q3XORvi-sYJj1G because no identity-based policy allows the secretsmanager:GetSecretValue action
The stack code
Copy code
const cluster = new RDS(this, 'AuroraCluster', {
      engine: 'postgresql10.14',
      defaultDatabaseName: DATABASE_NAME,
      migrations: 'stacks/migrations/dist',
    });

    new Function(this, 'TestFunction', {
      handler: 'services/sample/index.handler',
      environment: {
        DATABASE_NAME,
        DATABASE_CLUSTER_ARN: cluster.clusterArn,
        DATABASE_SECRET_ARN: cluster.secretArn,
      },
      permissions: [cluster],
    });
Actually just found it. Looks like the docs need to be updated to do this:
Copy code
permissions: [cluster.rdsServerlessCluster]
instead of
Copy code
permissions: [cluster]
f
Hey @Justin Robinson it’s a bug that was fixed in 0.65.4. 
permissions: [cluster]
should work!
j
Wrong @justindra lol
j
Nice catch @Jay 😛 @Frank sorry about that. I thought I was on the latest version already. But was one minor behind.
2 Views
Open in Slack
PreviousNext
Powered by