Fail to create runner-binaries-syncer when S3 SSE is enabled #2105
Comments
|
I wonder what's the right fix. I'm thinking of removing the policy (69-103 lines in main.tf), which denies upload if the upload doesn't set a server-side encryption header. If the policy is not created, the object will be encrypted with the default encryption setting when the SSE header is not set. This sounds like a better idea to me than requiring every upload request to have the SSE header. Does it sound reasonable? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I got a 403 error when I tried to appy the terraform configs.
After I did an investigation, I found that it's because I have enabled server-side encryption for the S3 bucket. As a result the terraform module applies a policy to reject any object that is not encrypted (69-103 lines in main.tf).
On the other hand, the trigger object is not configured to use SSE (135-142 lines in runner-binaries-syncer.tf). That's the cause of the 403 error.
I can make a PR to fix this issue if that's ok.
The text was updated successfully, but these errors were encountered: