Hi, I'm running into issues during the activation of the sidecar, I'm running Laravel Vapor.
Any help would be appreciated.
Here's an example of my GH action of vapor.yaml
Error:
==> Running Command: php artisan sidecar:deploy
[Sidecar] Deploying Wnx\SidecarBrowsershot\Functions\BrowsershotFunction to Lambda as `sc-rs-qa-1741652285-browsershot`.
↳ Environment: qa-1741652285
↳ Architecture: x86_64
↳ Package Type: Zip
↳ Runtime: nodejs20.x
↳ Creating new lambda function.
↳ Packaging files for deployment.
↳ Package unchanged. Reusing s3://sidecar-bucket-eu1/sidecar/001-b73c584759b4e912afd6837624598c2c.zip.
...
Deployment Failed
Deployment hook failed.
Hook: sidecar:activate
[Sidecar] Activating function Wnx\SidecarBrowsershot\Functions\BrowsershotFunction.
↳ Environment variables not managed by Sidecar. Skipping.
In WrappedHttpHandler.php line 196:
Error executing "ListVersionsByFunction" on "https://lambda.eu-west-1.amazo
naws.com/2015-03-31/functions/sc-rs-qa-1741652285-browsershot/versions?MaxI
tems=50"; AWS HTTP error: Client error: `GET https://lambda.eu-west-1.amazo
naws.com/2015-03-31/functions/sc-rs-qa-1741652285-browsershot/versions?MaxI
tems=50` resulted in a `403 Forbidden` response:
{"Message":"User: arn:aws:sts::******:assumed-role/laravel-vapor-role
/vapor-rs-qa-1741652285-cli is not (truncated...)
AccessDeniedException (client): User: arn:aws:sts::******:assumed-ro
le/laravel-vapor-role/vapor-rs-qa-1741652285-cli is not authoriz
ed to perform: lambda:ListVersionsByFunction on resource: arn:aws:lambda:eu
-west-1:******:function:sc-rs-qa-1741652285-browsershot because no id
entity-based policy allows the lambda:ListVersionsByFunction action - {"Mes
sage":"User: arn:aws:sts::******:assumed-role/laravel-vapor-role/vapo
r-rs-qa-1741652285-cli is not authorized to perform: lambda:List
VersionsByFunction on resource: arn:aws:lambda:eu-west-1:******:funct
ion:sc-rs-qa-1741652285-browsershot because no identity-based policy allows
the lambda:ListVersionsByFunction action"}
In RequestException.php line 111:
Client error: `GET https://lambda.eu-west-1.amazonaws.com/2015-03-31/functi
ons/sc-rs-qa-1741652285-browsershot/versions?MaxItems=50` resulted in a `40
3 Forbidden` response:
{"Message":"User: arn:aws:sts::******:assumed-role/laravel-vapor-role
/vapor-rs-qa-1741652285-cli is not (truncated...)
vapor.yml
build:
...
- 'php artisan sidecar:deploy'
deploy:
...
- 'php artisan sidecar:activate'
GH Action
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_GITHUB_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_GITHUB_SECRET_ACCESS_KEY }}
aws-region: eu-west-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
...
- name: Deploy Vapor
id: vapor_deploy
run: |
VAPOR_ENV="${{ needs.run-vars.outputs.qa_env }}"
export VAPOR_ENV="$VAPOR_ENV"
export SIDECAR_ENV="$VAPOR_ENV"
vapor deploy $VAPOR_ENV \
--commit="${{ fromJSON(needs.run-vars.outputs.gh_info).head_sha }}" \
--message=${{ toJSON(fromJSON(needs.run-vars.outputs.gh_info).commit_title) }}
env:
COMPOSER_MIRROR_PATH_REPOS: 1
VAPOR_API_TOKEN: ${{ secrets.VAPOR_API_TOKEN }}
SIDECAR_ACCESS_KEY_ID: ${{ secrets.SIDECAR_ACCESS_KEY_ID }}
SIDECAR_SECRET_ACCESS_KEY: ${{ secrets.SIDECAR_SECRET_ACCESS_KEY }}
SIDECAR_EXECUTION_ROLE: 'arn:aws:iam::******:role/sidecar-execution-role'
Hi, I'm running into issues during the activation of the sidecar, I'm running Laravel Vapor.
Any help would be appreciated.
Here's an example of my GH action of vapor.yaml
Error:
vapor.yml
GH Action