Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

S3 creation error: CannotCreateExternalResource managed/bucket.s3.aws.crossplane.io failed to create the Bucket: InvalidBucketAclWithObjectOwnership: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting #12

Closed
jonashackt opened this issue May 5, 2023 · 1 comment · Fixed by #13
Closed

S3 creation error: CannotCreateExternalResource managed/bucket.s3.aws.crossplane.io failed to create the Bucket: InvalidBucketAclWithObjectOwnership: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting #12

jonashackt opened this issue May 5, 2023 · 1 comment · Fixed by #13

Comments

@jonashackt
Copy link
Owner

jonashackt commented May 5, 2023
edited
Loading

There seem to be new security rules for AWS S3 from April 2023 on https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-block-public-access-disable-access-control-lists-buckets-april-2023/

Running a k describe bucket.s3.aws.crossplane.io/microservice-ui-nuxt-js-static-bucket2 gives the following error event:

$ k describe bucket.s3.aws.crossplane.io/microservice-ui-nuxt-js-static-bucket2
...
Events:
  Type     Reason                        Age                From                                 Message
  ----     ------                        ----               ----                                 -------
  Warning  CannotCreateExternalResource  47s (x9 over 85s)  managed/bucket.s3.aws.crossplane.io  failed to create the Bucket: api error InvalidBucketAclWithObjectOwnership: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting

Thats also a problem in Terraform, see hashicorp/terraform-provider-aws#28353

And this so Q&A: https://stackoverflow.com/questions/76097031/aws-s3-bucket-cannot-have-acls-set-with-objectownerships-bucketownerenforced-s

This now leads to failing pipelines all over - see #11 etc.
@jonashackt
Copy link
Owner Author

Also see crossplane-contrib/provider-aws@95d2125

jonashackt added a commit that referenced this issue May 5, 2023
@jonashackt
#12: Understand the problem and sketch a first solution where we need…
27c50ed 
… to use the official AWS provider instead of the classic
jonashackt added a commit that referenced this issue May 8, 2023
@jonashackt
#12: trying to solve the S3 error using the classic provider (which d…
c4731dd 
…oesn't seem to work)
jonashackt added a commit that referenced this issue May 8, 2023
@jonashackt
#12: classic provider solving
eb25385
jonashackt added a commit that referenced this issue May 8, 2023
@jonashackt
#12: just pasting some docs
3d4a682
jonashackt added a commit that referenced this issue May 8, 2023
@jonashackt
#12: Beginning to integrate the upbound official Upjet generated AWS …
d54bb40 
…provider
jonashackt added a commit that referenced this issue May 8, 2023
@jonashackt
#12: Restructure provider configs and crossplane install directories
e9f28df
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: Installing the Upbound AWS official Upjet Provider
4d47eae
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: First working Composition using AWS Provider - yay we have an S3…
b2b3084 
… Bucket again!
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: WebsiteConfiguration added
356baaf
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: Fully working S3 deployment with public access
634293c
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: Using PatchSets for the duplicate patches definitions
b5e7229
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: debug info added to GitHub Actions pipe
c989beb
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: Give the AWS Provider some more time to come up (3mins)
535d86a
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: Seems that our kind has not enough resources? see https://stacko…
b082b2c 
…verflow.com/questions/56327843/minikube-is-slow-and-unresponsive
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: maybe using the brew install method for kind in GHA is better
9754dce
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: Switching over to microk8s just for testing if there's more power
e08ff46
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: hmm, kind seems to work
0fbe9e5
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: Giving crossplane more time to get the Bucket up and running
f2b1cee
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: even more time to wait for the claim to be ready
42230c0
@jonashackt jonashackt mentioned this issue May 9, 2023
Merged
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: Understand the problem and sketch a first solution where we need…
5bf27a5 
… to use the official AWS provider instead of the classic
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: trying to solve the S3 error using the classic provider (which d…
1f44ead 
…oesn't seem to work)
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: classic provider solving
49236e9
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: just pasting some docs
abeb21d
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: Beginning to integrate the upbound official Upjet generated AWS …
12c3ec4 
…provider
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: Restructure provider configs and crossplane install directories
1130c26
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: Installing the Upbound AWS official Upjet Provider
dff4790
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: First working Composition using AWS Provider - yay we have an S3…
e780f0f 
… Bucket again!
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: WebsiteConfiguration added
8c48aea
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: Fully working S3 deployment with public access
27f19ca
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: Using PatchSets for the duplicate patches definitions
9ba4763
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: debug info added to GitHub Actions pipe
db6b8d1
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: Give the AWS Provider some more time to come up (3mins)
06d8a8d
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: Seems that our kind has not enough resources? see https://stacko…
64ba53a 
…verflow.com/questions/56327843/minikube-is-slow-and-unresponsive
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: maybe using the brew install method for kind in GHA is better
abbdcef
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: Switching over to microk8s just for testing if there's more power
1bc92af
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: hmm, kind seems to work
0f6e2bb
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: Giving crossplane more time to get the Bucket up and running
6236659
jonashackt added a commit that referenced this issue May 9, 2023
@jonashackt
#12: even more time to wait for the claim to be ready
4f01064
jonashackt added a commit that referenced this issue May 10, 2023
@jonashackt
#12: Split up Azure and AWS provisioning in GitHub Actions since we o…
6e7ec22 
…therwise run into K8s API performance issues
jonashackt added a commit that referenced this issue May 10, 2023
@jonashackt
#12: Fix Azure pipe and some renames
3bd16b3
jonashackt added a commit that referenced this issue May 10, 2023
@jonashackt
#12: Split up Azure and AWS provisioning in GitHub Actions since we o…
50ce81b 
…therwise run into K8s API performance issues
jonashackt added a commit that referenced this issue May 10, 2023
@jonashackt
#12: Fix Azure pipe and some renames
c6b433a
jonashackt added a commit that referenced this issue May 10, 2023
@jonashackt
#12: Giving AWS more time for deletion and using the Azure claim to d…
f377f59 
…elete storage account and resource group
jonashackt added a commit that referenced this issue May 10, 2023
@jonashackt
#12: Azure: waiting for the claim the same way like in AWS to prevent…
df746c7 
… error ` Error from server (NotFound): resourcegroups.azure.crossplane.io "rg-crossplane" not found`
jonashackt added a commit that referenced this issue May 10, 2023
@jonashackt
#12: Right now we don't have a better measurement for Azure resources
0c6a9ca
jonashackt added a commit that referenced this issue May 10, 2023
@jonashackt
#12: Azure claim driving me nuts: now using the account directly.
ddb73f5 
Also added the ix Covers
jonashackt added a commit that referenced this issue May 10, 2023
@jonashackt
#12: last try giving Azure more time
1a423d6
jonashackt added a commit that referenced this issue May 10, 2023
@jonashackt
#12: Reflecting splitted pipelines in build badges
986674e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@jonashackt