| 17 Aug 2021 |
 baloo | I don't have the distribution-id | 17:38:47 |
 @grahamc:nixos.org | I can get you that... uh | 17:39:25 |
| @grahamc:nixos.org | should be arn:aws:cloudfront::223448837225:distribution/E2JKFLGW8FADQD | 17:40:42 |
| baloo | E2JKFLGW8FADQD then | 17:40:50 |
| baloo | so you want a single invalidation for all the jobs? or one per upload.sh? | 17:42:24 |
| @grahamc:nixos.org | one per upload.sh | 17:42:37 |
| @grahamc:nixos.org | and only files that would change (ie: the files never change, just the user-facing report root) | 17:43:00 |
| @grahamc:nixos.org | * and only files that would change (ie: the diffoscope files never change, just the user-facing report root) | 17:43:07 |
| baloo | https://github.com/grahamc/r13y.com/pull/33 | 17:45:27 |
| @grahamc:nixos.org | dang | 17:45:41 |
| baloo | 1sec | 17:45:57 |
| @grahamc:nixos.org | I didn't expect it to be so fast :P | 17:46:09 |
| * @grahamc:nixos.org goes to update the vault policy | 17:46:21 |
| baloo | https://github.com/grahamc/r13y.com/pull/33/files | 17:47:16 |
| baloo | better that way | 17:47:20 |
| baloo | well, it's easy with the documentation :D | 17:48:12 |
| @grahamc:nixos.org | hrm, can an IAM policy not restrict which buckets you can create invalidation for? | 17:52:15 |
| @grahamc:nixos.org | * hrm, can an IAM policy not restrict which buckets you can create invalidations for? | 17:52:17 |
| baloo | I believe you can restrict with the URN | 17:52:45 |
| baloo | arn:aws:cloudfront::223448837225:distribution/E2JKFLGW8FADQD | 17:52:50 |
| baloo | that | 17:52:51 |
| baloo | something like: https://gist.github.com/baloo/8435c1dd0a1c510848f0dd85c619eef7 | 17:56:23 |
| @grahamc:nixos.org | https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazoncloudfront.html "If the column includes a resource type, then you can specify an ARN of that type in a statement with that action." | 17:58:32 |
| @grahamc:nixos.org | so no subpaths but yes ARN | 17:58:35 |
| @grahamc:nixos.org | baloo: merged & applied the changes w/ terraform to grant the privileges to do that | 18:01:14 |
| baloo | ha right | 18:04:03 |
|  bryan changed their display name from bryan to chreekat. | 19:59:06 |
| 18 Aug 2021 |
| baloo | An error occurred (AccessDenied) when calling the CreateInvalidation operation: User: arn:aws:iam::223448837225:user/vault-token-r13y-publish-1629245456-7999 is not authorized to perform: cloudfront:CreateInvalidation on resource: arn:aws:cloudfront::223448837225:distribution/E2JKFLGW8FADQD | 03:58:14 |
| baloo | oh | 03:58:15 |
| baloo | https://buildkite.com/grahamc/r13y-dot-com/builds/855#54ff268f-62e5-4ec6-9f80-e8273655eeae/51-60 | 03:58:38 |
