Bug 2021364 - Installer requires invalid AWS permission s3:GetBucketReplication
Summary: Installer requires invalid AWS permission s3:GetBucketReplication
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.10
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
: 4.10.0
Assignee: Patrick Dillon
QA Contact: Yunfei Jiang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-11-09 01:01 UTC by Patrick Dillon
Modified: 2022-03-10 16:26 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-03-10 16:26:09 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 5232 0 None open Bug 2021364: aws: remove invalid s3 permission 2021-11-09 01:02:48 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-10 16:26:27 UTC

Description Patrick Dillon 2021-11-09 01:01:45 UTC
s3:GetBucketReplication is not a valid IAM action. The correct action is s3:GetReplicationConfiguration which is also included.

https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazons3.html

Since the installer attempts to verify that it has all of the permissions that it thinks it needs, it fails when it checks for this permission and aborts the install. This means that we must include the invalid permission in our IAM policy and ignore the warnings that this generates in order to run the cluster install.

Comment 4 Yunfei Jiang 2021-11-17 08:00:48 UTC
verified. PASS
OCP Version: 4.10.0-0.nightly-2021-11-15-034648


1. Checked IAM permissions on AWS, s3:GetBucketReplication permission does not exits.
2. Trying to install OCP, no warning or error/fatal messages:
level=info msg=Credentials loaded from the "default" profile in file "/home/cloud-user/.aws/credentials"
level=info msg=Consuming Install Config from target directory
level=info msg=Creating infrastructure resources...

Comment 7 errata-xmlrpc 2022-03-10 16:26:09 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056


Note You need to log in before you can comment on or make changes to this bug.