If you do not use the Deadline Spot Event Plugin or the AWS Portal, you can stop reading now.
Issue:
Customers using the Deadline Spot Event Plugin or AWS Portal with the AWSThinkboxDeadlineResourceTrackerAdminPolicy Managed Policy may encounter the following error when the plugin attempts to create or update the Deadline Resource Tracker CloudFormation stack:
The following unhandled exception occurred when creating the Deadline AWS Resource Tracker Stack: "TemplateURL must reference a valid S3 object to which you have access.". Please contact Thinkbox support.
Workaround:
If you have encountered this error, please add the following inline policy to the IAM User used by the Spot Event Plugin alongside the existing managed policy AWSThinkboxDeadlineResourceTrackerAdminPolicy.
To do so, first go to the AWS Console. Then click on Services at the top of the AWS Console, and find the IAM section under Security, Identity and Compliance. Select Users. Then choose the IAM User configured for the Spot Event Plugin. From here choose ‘Add permissions’, and ‘Create inline policy’. You can then select the ‘JSON’ tab and paste in the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSThinkboxDeadlineResourceTrackerS3",
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::*/deadline_aws_resource_tracker*.zip",
"arn:aws:s3:::*/DeadlineAWSResourceTrackerTemplate*.yaml"
]
}
]
}
Then click Next and give the policy a name like “AllowDeadlineResourceTrackerS3Access” and choose Create policy.
With this done you should see the policy in the list. This should resolve the errors in creating or updating the Deadline Resource Tracker Stack.