aws
[Bug]: env deploy fails to update EnvManagerRole duplicated statement
Description:
copilot env deploy fails to update EnvManagerRole because it duplicates sid: PatchPutObjectsToArtifactBucket.
Details:
This environment was created with a much earlier copilot version around October 2021. Can't remember which specific version was.
current copilot version: v1.33.4
manifest: name: prod type: Environment
Observed result:
copilot cli response:
Name: prod ✘ Unable to update the environment's manager role with upload artifacts permission ✘ upload artifacts for environment prod: ensure env manager role has permissions to upload: update environment template with PutObject permissions: wait until stack example-prod update is complete: ResourceNotReady: failed waiting for successful resource state
CloudFromation stack events:
Expected result:
I expect it to deploy the environment successfully.
Debugging:
From CloudTrail:
PatchPutObjectsToArtifactBucket statement is duplicated.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::stackset-example-infras-pipelinebuiltartifactbuc-1j0jzty5ft3op",
"arn:aws:s3:::stackset-example-infras-pipelinebuiltartifactbuc-1j0jzty5ft3op/*"
],
"Effect": "Allow",
"Sid": "PatchPutObjectsToArtifactBucket"
},
{
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::stackset-example-infras-pipelinebuiltartifactbuc-1j0jzty5ft3op",
"arn:aws:s3:::stackset-example-infras-pipelinebuiltartifactbuc-1j0jzty5ft3op/*"
],
"Effect": "Allow",
"Sid": "PatchPutObjectsToArtifactBucket"
},
{
"Action": [
"logs:GetLogRecord",
"logs:GetQueryResults",
"logs:StartQuery",
"logs:GetLogEvents",
"logs:DescribeLogStreams",
"logs:StopQuery",
"logs:TestMetricFilter",
"logs:FilterLogEvents",
"logs:GetLogGroupFields",
"logs:GetLogDelivery"
],
"Resource": "*",
"Effect": "Allow",
"Sid": "CloudwatchLogs"
},
...
