I'm trying to reduce the AWS permissions on the IA...
# helpe
Erik Robertson
12/21/2021, 10:06 AMI'm trying to reduce the AWS permissions on the IAM user that deploys/drops SST stacks and have actually switched to using a service role for CloudFront as per @Frank’s recommendation and using the --role-arn flag on sst commands. I've been able to remove a stack bu now trying to recreate it I'm getting the following weird error :
Copy code
Bucket named 'cdk-hnb659fds-assets-055101xxxxxx-us-west-2' exists, but not in account 055101xxxxxx. Wrong account?Erik Robertson
12/21/2021, 11:10 AMTo follow up, I'm assuming maually deleting the buckets was the way to go. So now it's requesting me to re-bootstrap CDK, but throwing me :
Copy code
Not downgrading existing bootstrap stack from version '5' to version '0'. Use --force to force.Erik Robertson
12/21/2021, 2:27 PMThis is making me crazy 😄 I did use the --force flag and that worked ok but I'm back to what looks like square one as I'm getting a similar bucket error when running start:
Copy code
fail: Bucket named 'cdktoolkit-stagingbucket-16nekzwxdtnze' exists, but not in account 055101xxxxxx. Wrong account?Erik Robertson
12/21/2021, 8:59 PMI resolved this. I'm now trying to recall how... : After a few different attempts, I did use the --force flag and I think that worked ok....
f
Frank
12/21/2021, 10:17 PM
Hey @Erik Robertson huh.. I’ve actually never seen that Wrong account error…
Frank
12/21/2021, 10:20 PM
Just came across this thread https://github.com/aws/aws-cdk/issues/6808
Frank
12/21/2021, 10:20 PM
Could i be that the IAM role doesn’t have the
s3:getBucketLocatione
Erik Robertson
12/21/2021, 10:54 PMSo it definitely has it now, and I'm pretty sure I had it in there also back then, but can't be 100% sure since my policy kept evolving throughout the day.