Comments (8)
I believe this is due to the imported Bucket not having the correct access permissions. The issue was resolved for newly created buckets in this PR. Does the imported bucket have Object Writer
ownership permissions?
from cdk-serverless-clamscan.
I believe this is due to the imported Bucket not having the correct access permissions. The issue was resolved for newly created buckets in this PR. Does the imported bucket have
Object Writer
ownership permissions?
Hi, the error we are getting is related to virusdeflog bucket which is not an imported bucket.
Update: My bad, this is the imported bucket, but it has correct properties set, see my latest comments.
from cdk-serverless-clamscan.
Was the virusDefinitionLogBucket
created in an earlier version of the CDK? That's a bucket that is getting passed into the construct so you will need to make sure that it has the correct object writer permissions
from cdk-serverless-clamscan.
logBucket has following properties set:
versioned: false,
encryption: BucketEncryption.S3_MANAGED,
objectOwnership: ObjectOwnership.OBJECT_WRITER,
I am using newer version of cdk. (2.100.0). The issue does not comes up when we use older version of cdk than this.
from cdk-serverless-clamscan.
Can you share the full CloudFormation error including the logical id and CDK identifier of the resource that is throwing the error?
from cdk-serverless-clamscan.
Resource handler returned message: "Access Denied (Service: S3, Status Code: 403, Request ID: RWR4YE6NZYHN8BRQ, Extended Request ID: yJRnXEJpvZXgYPTF8twHG0b6psj86gkC2Ys6No2IGyqb7bDcwjBxjcMyOR9btgKM0aM0PMFVwhg=)" (RequestToken: 04049524-9442-f26e-165a-f194dd0efb27, HandlerErrorCode: AccessDenied)
logical id - ourstackamevirusscanVirusDefsBucketPolicyB482E79B
type - AWS::S3::BucketPolicy
from cdk-serverless-clamscan.
I'm unable to reproduce this. I was able to successfully deploy this construct using cdk version 2.103.0
using the following application.
import * as cdk from 'aws-cdk-lib';
import { Bucket } from 'aws-cdk-lib/aws-s3';
import { ServerlessClamscan } from 'cdk-serverless-clamscan';
export class MyStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const virusDefinitionLogBucket = new Bucket(this, 'logs');
const input = new Bucket(this, 'input');
new ServerlessClamscan(this, 'clamscan', {
buckets: [input],
defsBucketAccessLogsConfig: {
logsBucket: virusDefinitionLogBucket,
logsPrefix: 'virusDefinition-log',
},
});
}
}
const app = new cdk.App();
new MyStack(app, 'test-cdk-2-103-0-clamscan');
app.synth();
I'm only seeing access denied errors on stack deletion. The S3 Bucket that contains the Virus Definitions has a bucket policy that will likely cause a deletion error if you when deleting the stack associated in the construct. However since the bucket itself gets deleted, you can run the destroy command again to resolve the error.
from cdk-serverless-clamscan.
Thank you, deleting the bucket and recreating seems to have fixed the issue for us.
from cdk-serverless-clamscan.
Related Issues (20)
- Feature Request: Optional Property to provide own iam.PolicyStatement for Bucket. HOT 2
- Need guidance as beginner
- cdk deploy failed HOT 4
- Yum is no longer available in AWS python images HOT 1
- Access Denied on Deployment HOT 8
- cannot scan large files: No such file or directory: '7za' HOT 3
- PyPi Release not working since 2.6.61 HOT 1
- Error when trying to use a pre-existing bucket HOT 2
- scanning large file failed. No such file or directory: '7za' HOT 3
- Run Against Backlog HOT 2
- Lambda Timing out after max runtime 900s on 102400mb lambda HOT 2
- pnpm fails: EISDIR EISDIR: illegal operation on a directory, read HOT 1
- Feature Request: Filtering Options for Scanning (Tags, Extensions, Paths, Size) HOT 3
- Access to Infected Files
- Deploy Failing HOT 2
- Is it possible to add multiple buckets to the same ServerlessClamscan? HOT 2
- cdk deploy -failed HOT 7
- After importing buckets, S3 trigger invoked for existing files, instead of newly created files HOT 1
- Feature request: option to allow multiple lambda listen to s3 events
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cdk-serverless-clamscan.