Error executing "ListVersionsByFunction" #158
Description
Hi, I'm running into issues during the activation of the sidecar, I'm running Laravel Vapor.
Any help would be appreciated.
Here's an example of my GH action of vapor.yaml
Error:
==> Running Command: php artisan sidecar:deploy
[Sidecar] Deploying Wnx\SidecarBrowsershot\Functions\BrowsershotFunction to Lambda as `sc-rs-qa-1741652285-browsershot`.
↳ Environment: qa-1741652285
↳ Architecture: x86_64
↳ Package Type: Zip
↳ Runtime: nodejs20.x
↳ Creating new lambda function.
↳ Packaging files for deployment.
↳ Package unchanged. Reusing s3://sidecar-bucket-eu1/sidecar/001-b73c584759b4e912afd6837624598c2c.zip.
...
Deployment Failed
Deployment hook failed.
Hook: sidecar:activate
[Sidecar] Activating function Wnx\SidecarBrowsershot\Functions\BrowsershotFunction.
↳ Environment variables not managed by Sidecar. Skipping.
In WrappedHttpHandler.php line 196:
Error executing "ListVersionsByFunction" on "https://lambda.eu-west-1.amazo
naws.com/2015-03-31/functions/sc-rs-qa-1741652285-browsershot/versions?MaxI
tems=50"; AWS HTTP error: Client error: `GET https://lambda.eu-west-1.amazo
naws.com/2015-03-31/functions/sc-rs-qa-1741652285-browsershot/versions?MaxI
tems=50` resulted in a `403 Forbidden` response:
{"Message":"User: arn:aws:sts::******:assumed-role/laravel-vapor-role
/vapor-rs-qa-1741652285-cli is not (truncated...)
AccessDeniedException (client): User: arn:aws:sts::******:assumed-ro
le/laravel-vapor-role/vapor-rs-qa-1741652285-cli is not authoriz
ed to perform: lambda:ListVersionsByFunction on resource: arn:aws:lambda:eu
-west-1:******:function:sc-rs-qa-1741652285-browsershot because no id
entity-based policy allows the lambda:ListVersionsByFunction action - {"Mes
sage":"User: arn:aws:sts::******:assumed-role/laravel-vapor-role/vapo
r-rs-qa-1741652285-cli is not authorized to perform: lambda:List
VersionsByFunction on resource: arn:aws:lambda:eu-west-1:******:funct
ion:sc-rs-qa-1741652285-browsershot because no identity-based policy allows
the lambda:ListVersionsByFunction action"}
In RequestException.php line 111:
Client error: `GET https://lambda.eu-west-1.amazonaws.com/2015-03-31/functi
ons/sc-rs-qa-1741652285-browsershot/versions?MaxItems=50` resulted in a `40
3 Forbidden` response:
{"Message":"User: arn:aws:sts::******:assumed-role/laravel-vapor-role
/vapor-rs-qa-1741652285-cli is not (truncated...)
vapor.yml
build:
...
- 'php artisan sidecar:deploy'
deploy:
...
- 'php artisan sidecar:activate'
GH Action
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_GITHUB_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_GITHUB_SECRET_ACCESS_KEY }}
aws-region: eu-west-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
...
- name: Deploy Vapor
id: vapor_deploy
run: |
VAPOR_ENV="${{ needs.run-vars.outputs.qa_env }}"
export VAPOR_ENV="$VAPOR_ENV"
export SIDECAR_ENV="$VAPOR_ENV"
vapor deploy $VAPOR_ENV \
--commit="${{ fromJSON(needs.run-vars.outputs.gh_info).head_sha }}" \
--message=${{ toJSON(fromJSON(needs.run-vars.outputs.gh_info).commit_title) }}
env:
COMPOSER_MIRROR_PATH_REPOS: 1
VAPOR_API_TOKEN: ${{ secrets.VAPOR_API_TOKEN }}
SIDECAR_ACCESS_KEY_ID: ${{ secrets.SIDECAR_ACCESS_KEY_ID }}
SIDECAR_SECRET_ACCESS_KEY: ${{ secrets.SIDECAR_SECRET_ACCESS_KEY }}
SIDECAR_EXECUTION_ROLE: 'arn:aws:iam::******:role/sidecar-execution-role'