We have two CDN hostnames for Copr (STG and prod):
download.copr-dev.fedorainfracloud.org
download.copr.fedorainfracloud.org
I am in the AWS > CloudFront > the hostname > Behaviors > Create behavior, and I am trying to create a new one with the following values:
Path pattern: /resalloc/* Cache policy: CachingDisabled
/resalloc/*
CachingDisabled
But I am getting
User: arn:aws:sts::redacted/frostyx is not authorized to perform: cloudfront:UpdateDistribution on resource: arn:aws:cloudfront::redacted because no identity-based policy allows the cloudfront:UpdateDistribution action
Can you please give me the permissions to do so, or create the behavior for me? Ideally only for the STG instance so I can make sure it doesn't break something before we do it for production.
At your convenience
We never setup IAM rules for cloudfront, since we didn't think people needed to make changes to it very often.
I changed the copr-dev one, can you confirm? If it looks good I can just do the prod one then.
Metadata Update from @kevin: - Issue assigned to kevin - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: low-trouble, medium-gain, ops
Thank you @kevin, the STG instance seems to behave as I wanted. At your convenience, can you please do the same for production?
Done. Let us know if there's any problems or further adjustments. :)
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Seems to work, thank you very much @kevin
Log in to comment on this ticket.