INFORMATION
Relevant information to this issue:
ISSUE
I tried deploying my app but I am getting a deployment error due to a 403 error accessing the built image from ecs. Not sure it is relevant but I can run the app using docker locally.
HOW TO REPRODUCE
Describe step by step how to reproduce the issue
Run a deployment of the app.
Hi @bsimakis , can you please provide your Qovery web console url to take a look? Is it an app deployed via git or a container registry?
Hi,
It looks the qovery user doesn’t have enough permission. Can you please check the permissions:
Thanks
Hello @Pierre_Mavro, I confirmed the qovery user setup and permissions match the page you provided. Here is the policy from the IAM console:
{
"Statement": [
{
"Action": [
"dynamodb:*",
"iam:*",
"ec2:*",
"autoscaling:*",
"application-autoscaling:*",
"elasticloadbalancing:*",
"ecr:*",
"ecs:*",
"eks:*",
"rds:*",
"elasticache:*",
"kms:*",
"logs:*",
"cloudwatch:*",
"cloudtrail:LookupEvents",
"events:DescribeRule",
"events:DeleteRule",
"events:ListRuleNamesByTarget",
"events:ListTargetsByRule",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"es:AddTags",
"es:RemoveTags",
"es:ListTags",
"es:DeleteElasticsearchDomain",
"es:DescribeElasticsearchDomain",
"es:CreateElasticsearchDomain",
"s3:*",
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
}
Hi,
The issue is now solved. The cause was an app responsible for pushing ECR credentials which were in bad shape (registry-creds). I restarted it and it’s now working.
Sorry for the inconvenience.
Pierre
Thank you, that worked
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.