INFORMATION
Relevant information to this issue:
ISSUE
I tried deploying my app but I am getting a deployment error due to a 403 error accessing the built image from ecs. Not sure it is relevant but I can run the app using docker locally.
HOW TO REPRODUCE
Describe step by step how to reproduce the issue
Run a deployment of the app.
Hi @bsimakis , can you please provide your Qovery web console url to take a look? Is it an app deployed via git or a container registry?
Hi,
It looks the qovery user doesn’t have enough permission. Can you please check the permissions:
Thanks
Hi @rophilogene, the link is included in my original post.
Deployed via Git with the Dockerfile.
Hello @Pierre_Mavro, I confirmed the qovery user setup and permissions match the page you provided. Here is the policy from the IAM console:
{
"Statement": [
{
"Action": [
"dynamodb:*",
"iam:*",
"ec2:*",
"autoscaling:*",
"application-autoscaling:*",
"elasticloadbalancing:*",
"ecr:*",
"ecs:*",
"eks:*",
"rds:*",
"elasticache:*",
"kms:*",
"logs:*",
"cloudwatch:*",
"cloudtrail:LookupEvents",
"events:DescribeRule",
"events:DeleteRule",
"events:ListRuleNamesByTarget",
"events:ListTargetsByRule",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"es:AddTags",
"es:RemoveTags",
"es:ListTags",
"es:DeleteElasticsearchDomain",
"es:DescribeElasticsearchDomain",
"es:CreateElasticsearchDomain",
"s3:*",
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
}
Hi,
The issue is now solved. The cause was an app responsible for pushing ECR credentials which were in bad shape (registry-creds). I restarted it and it’s now working.
Sorry for the inconvenience.
Pierre
Thank you, that worked