Conversation
branberry
changed the title
i80and
reviewed
Jun 16, 2023
Contributor
i80and
left a comment
i80and
left a comment
There was a problem hiding this comment.
Could you run poetry run python3 -m black mut/AuthenticationInfo.py? This should be part of our CI toolchain but isn't
i80and
approved these changes
Jun 16, 2023
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Ticket
DOP-3726
Notes
For the enhanced Autobuilder, we can't rely on the AWS credentials we get from SSM. this is because the credentials are for a specific IAM user that does not have permission to access the resources for the enhanced infrastructure. It appears that when we provide the AWS credentials as environment variables for the enhanced ECS tasks, they override the credentials that are defined and provided from using AWS CDK, causing permission issues.
The credentials in this case are already provided by the task role to access the S3 bucket. Therefore, we do not need to provide the AWS credentials from SSM to authorize access to the S3 buckets.