Description
Is there an existing issue for this?
- I have searched the existing issues
Describe the bug
Terraform pipeline returns the following error where running get_accounts.py script
`
[Container] 2024/07/08 21:29:23.374503 Running command python adf-build/helpers/terraform/get_accounts.py
34 | INFO:main:Management Account ID: 222
35 | Traceback (most recent call last):
36 | File "adf-build/helpers/terraform/get_accounts.py", line 190, in
37 | main()
38 | File "adf-build/helpers/terraform/get_accounts.py", line 31, in main
39 | accounts = get_accounts()
40 | File "adf-build/helpers/terraform/get_accounts.py", line 70, in get_accounts
41 | organizations = get_boto3_client(
42 | File "adf-build/helpers/terraform/get_accounts.py", line 145, in get_boto3_client
43 | role = sts.assume_role(
44 | File "/root/.pyenv/versions/3.8.17/lib/python3.8/site-packages/botocore/client.py", line 565, in _api_call
45 | return self._make_api_call(operation_name, kwargs)
46 | File "/root/.pyenv/versions/3.8.17/lib/python3.8/site-packages/botocore/client.py", line 1021, in _make_api_call
47 | raise error_class(parsed_response, operation_name)
48 | botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:sts::111:assumed-role/adf-codebuild-role/AWSCodeBuild-83a8ffad-f4fc-4d89-83a6-9d32d4d83dd2 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::222:role/adf/organizations/adf-organizations-readonly
`
Expected Behavior
get_accounts.py should ends properly and return the list of target account IDs
Current Behavior
Terraform apply stage fails with the following error
`
[Container] 2024/07/08 21:29:23.374503 Running command python adf-build/helpers/terraform/get_accounts.py
34 | INFO:main:Management Account ID: 222
35 | Traceback (most recent call last):
36 | File "adf-build/helpers/terraform/get_accounts.py", line 190, in
37 | main()
38 | File "adf-build/helpers/terraform/get_accounts.py", line 31, in main
39 | accounts = get_accounts()
40 | File "adf-build/helpers/terraform/get_accounts.py", line 70, in get_accounts
41 | organizations = get_boto3_client(
42 | File "adf-build/helpers/terraform/get_accounts.py", line 145, in get_boto3_client
43 | role = sts.assume_role(
44 | File "/root/.pyenv/versions/3.8.17/lib/python3.8/site-packages/botocore/client.py", line 565, in _api_call
45 | return self._make_api_call(operation_name, kwargs)
46 | File "/root/.pyenv/versions/3.8.17/lib/python3.8/site-packages/botocore/client.py", line 1021, in _make_api_call
47 | raise error_class(parsed_response, operation_name)
48 | botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:aws:sts::111:assumed-role/adf-codebuild-role/AWSCodeBuild-83a8ffad-f4fc-4d89-83a6-9d32d4d83dd2 is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::222:role/adf/organizations/adf-organizations-readonly
`
Steps To Reproduce
Run a terraform pipeline
Possible Solution
No response
Additional Information/Context
No response
ADF Version
4.0.0
Contributing a fix?
- Yes, I am working on a fix to resolve this issue