Skip to content

Fix AccessDenied not recognized for MemoryDB/RSSL API calls#30226

Merged
greedy52 merged 1 commit intomasterfrom
STeve/p471_fix_aws_AccessDeniedException
Aug 10, 2023
Merged

Fix AccessDenied not recognized for MemoryDB/RSSL API calls#30226
greedy52 merged 1 commit intomasterfrom
STeve/p471_fix_aws_AccessDeniedException

Conversation

@greedy52
Copy link
Copy Markdown
Contributor

@greedy52 greedy52 commented Aug 9, 2023
edited
Loading

Found while testing #30054, that some AWS APIs are returning 400 with AccessDeniedException. The existing conversion was only expecting 403 for access denied thus not flagging these with trace.AccessDenied

AccessDeniedException: User: <aws-role-arn> is not authorized to perform: redshift-serverless:GetWorkgroup on resource: <redshift-serverless-workgroup-arn> because no identity-based policy allows the redshift-serverless:GetWorkgroup action
{
  RespMetadata: {
    StatusCode: 400,
    RequestID: \"<request-id>\"
  },
  Message_: \"User: <aws-role-arn> is not authorized to perform: redshift-serverless:GetWorkgroup on resource: <redshift-serverless-workgroup-arn>  because no identity-based policy allows the redshift-serverless:GetWorkgroup action\"
}.

AccessDeniedException: User: <aws-role-arn>  is not authorized to perform: memorydb:DescribeClusters on resource: <memorydb-arn> because no identity-based policy allows the memorydb:DescribeClusters action
	status code: 400, request id: <request-id>.

@greedy52 greedy52 added aws Used for AWS Related Issues. backport/branch/v11 labels Aug 9, 2023
@greedy52 greedy52 requested a review from smallinsky August 9, 2023 16:54
@github-actions github-actions Bot requested a review from lxea August 9, 2023 16:55
@greedy52 greedy52 requested review from Tener and gabrielcorado August 9, 2023 17:31
@public-teleport-github-review-bot public-teleport-github-review-bot Bot removed the request for review from lxea August 10, 2023 09:22
@greedy52 greedy52 added this pull request to the merge queue Aug 10, 2023
Merged via the queue into master with commit e2320d7 Aug 10, 2023
@greedy52 greedy52 deleted the STeve/p471_fix_aws_AccessDeniedException branch August 10, 2023 13:22
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Aug 10, 2023

@greedy52 See the table below for backport results.

Branch Result
branch/v11 Failed
branch/v12 Failed
branch/v13 Create PR

greedy52 added a commit that referenced this pull request Aug 10, 2023
@greedy52
Fix AccessDenied not recognized for MemoryDB/RSSL API calls (#30226)
6d8c73a
greedy52 added a commit that referenced this pull request Aug 10, 2023
@greedy52
Fix AccessDenied not recognized for MemoryDB/RSSL API calls (#30226)
8fa9307
This was referenced Aug 10, 2023
Merged
Merged
Merged
github-merge-queue Bot pushed a commit that referenced this pull request Aug 11, 2023
@greedy52
Fix AccessDenied not recognized for MemoryDB/RSSL API calls (#30226) (#…
1711d90 
…30284)
github-merge-queue Bot pushed a commit that referenced this pull request Aug 11, 2023
@greedy52
Fix AccessDenied not recognized for MemoryDB/RSSL API calls (#30226) (#…
3d51601 
…30285)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Tener Tener Tener approved these changes

@gabrielcorado gabrielcorado gabrielcorado approved these changes

@smallinsky smallinsky smallinsky approved these changes

Assignees

No one assigned

Labels

aws Used for AWS Related Issues. size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@greedy52 @Tener @gabrielcorado @smallinsky