Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cloudfront: CreateInvalidation permissions needed for GitHubActions role #39

Closed
juano2310 opened this issue Oct 29, 2024 · 1 comment
Closed

cloudfront: CreateInvalidation permissions needed for GitHubActions role #39

juano2310 opened this issue Oct 29, 2024 · 1 comment
Assignees
@juano2310
Labels
bug Something isn't working

Comments

@juano2310
Copy link

juano2310 commented Oct 29, 2024
edited
Loading

Description

Run aws cloudfront create-invalidation --distribution-id E3M173ALO8IUZ7 --paths "/*"

An error occurred (AccessDenied) when calling the CreateInvalidation operation: User: arn:aws:sts:::assumed-role/ProdOscalIo-SiteDeploymentRole7F66118B-BJNCBB1RTT7T/GitHubActions is not authorized to perform: cloudfront:CreateInvalidation on resource: arn:aws:cloudfront:::distribution/E3M173ALO8IUZ7 because no identity-based policy allows the cloudfront:CreateInvalidation action

Page/URL

https://github.com/EasyDynamics/oscal.io/actions/runs/11577434195/job/32228809226#step:8:2

Expected behavior

Run aws cloudfront create-invalidation --distribution-id E3M173ALO8IUZ7 --paths "/*" should work without issues
@juano2310 juano2310 added the bug Something isn't working label Oct 29, 2024
@juano2310 juano2310 self-assigned this Oct 31, 2024
@juano2310
Copy link
Author

Deployment Role updated to allow CreateInvalidation for E3M173ALO8IUZ7 CloudFront Distribution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@juano2310 juano2310

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@juano2310