Deployment Failures due to Missing ECR Permissions are Unclear #474
Description
Describe the bug
If a user is missing permissions for the ECR actions that are required to push an image, a deployment may fail without any indication that it is permissions related.
To Reproduce
Attempt to deploy an ASP.NET project to Amazon ECS using Fargate from a profile that does not have permissions outlined in https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html
Logs
Missing ecr:PutImage:
...
85e4188ce0b6: Retrying in 2 seconds
f6f8b240d039: Retrying in 1 second
ef88254ae9f8: Retrying in 1 second
81d60a2eba3d: Retrying in 1 second
5f70bf18a086: Retrying in 1 second
85e4188ce0b6: Retrying in 1 second
EOF
Failed to push Docker Image
Added the write permissions for pushing, but missing BatchCheckLayerAvailability
...
4832fdfc801b: Waiting
bada36334461: Waiting
4e7bd47e4668: Waiting
error parsing HTTP 403 response body: unexpected end of JSON input: ""
Failed to push Docker Image
Expected behavior
It would be nice if we can check if we have appropriate permissions prior to deployment and show a helpful error if not, or at least throw a more helpful exception like we do elsewhere:
Unhandled exception. This is a bug. Please copy the stack trace below and file a bug at https://github.com/aws/aws-dotnet-deploy.
User: arn:aws:iam::<redacted> is not authorized to perform: cloudformation:DescribeStackEvents on resource:
Environment (please complete the following information):
- CLI Version: [eg. 1.0.0] 0.36.8
- Include the output of
dotnet --info
Version: 6.0.201
- OS Info: Windows 10
This is a 🐛 bug report