Cloud Functions Permissioning Issues - google-cloud-platform

I created a GCP cloud function in Go runtime 1.13. All resources are under the same project.
It's reading from a pub-sub topic A doing a transformation on the message writing to a different topic B.
I've had this working on the test project and that worked fine but I can't seem to reproduce it in our production environment.
I bound the function to a service account that is given the Pub/Sub Publisher and Viewer role.
But I seem to keep on getting this error:
rpc error: code = PermissionDenied desc = User not authorized to perform this action.
So summarize/clarify, reading from topic A gives no problems but writing to topic B makes the function crash.
What am I missing?

This turned out to be a user error. I'm sorry for wasting everyone's time and appreciate all the feedback. It seems like I was pointing to the wrong project and go figure I didn't have permissions.
Thank you all for the help.

Related

unable to see any logs after updating cloud function

Suddenly I am not getting any logs except deployment logs for google cloud functions
Till now it worked fine but, after updating the function I haven't seen any logs. So I have done some research and deleted the cloud functions logs file and also the cloud function and again I have created a new function. Even then I am not able to see any logs related to the project excepted audit logs (i.e whenever the function gets updated)
Any clues what's wrong? I am not able to understand what exact problem.
any help is appreciated
I have viewed the Issue Tracker issuetracker.google.com/issues/155215191 and have found that work is still being done to address the scenario.

Error when trying to access Lambda logs on CloudWatch?

I created some Lambda-Edge functions but I'm unable to set up the logs for it. When trying to access them I am seeing the error message:
There was an error loading Log Streams. Please try again by refreshing
this page.
I have gone to everything I could find on google, but as far as I can see my permissions are set up fine. I've created a custom role for them like this.
The role contains the following permissions:
I can't really figure out, what else could cause this error. It has been around 2h since setting up the functions and permissions.
For anyone experiencing the same problem. There is a weird quirk to LambdaEdge.
The logs will be stored in the AWS location closest to the user that executes it.
Even if you've deployed your functions in us-east-1, switch location to the destination that is closest to you.

Cannot have more than 0 builds in queue for the account

I'm newbie in AWS, with my free tier account I'm trying to build my nodeJS project with AWS CodeBuild but I get this error:
Build failed to start The build failed to start. The following error occured: Cannot have more than 0 builds in queue for the account
I followed the simple aws tutorial, leaving all default settings for let aws create all service, image etc for me.
Also I stored source code in a AwsCodeCommit repository.
Could anybody help me?
In my case, there was a security vulnerability in my account and AWS automatically raised a support ticket and suspended all resources that were linked to it. I had to fix it and then on chat with aws support they resumed my service.
I've seen a lot of answers around the web suggesting to call support, which is a great idea, but I was actually able to get around this on my own.
As the root user I went in and put in a current credit card. The one that was currently there was expired. I then deleted my CodeBuild project and create a new one. Now my builds work! It makes sense that AWS just needed a valid payment method before it allowed me to use premium services.
My solution may not work for you, but sure I hope it does!
My error was Project-level concurrent build limit cannot exceed the account-level concurrent build limit of 1 when I tried to increase the Concurrent build limit under checkbox Restrict number of concurrent builds this project can start in CodeBuild Project Configuration. I resolved it by writing to support to increase the limit. They increased it to 20 and it works now as expected. They increased it even though I'm on Basic plan on AWS if anyone's wondering.
My solution was to add new service role name and the concurrent build to 1. This worked
I think your issue is resolved at the moment. Any way I faced the same issue. In my case I had a "code build project" connecting to a GitHub repository. And then I added AWS Access Key and Secret hard coding the buildspec.yml file. With this AWS identified it as an unauthorized login. So they added security restrictions to the resources while opening a support issue. In such a case you can look for the emails from AWS in which they explain the reason for this behavior and the steps to get this corrected.

Google Cloud service stopped and never restarting

I have been using the Google Cloud speech recognition service for some time, through a python application.
Due to accidentally copying my Google Cloud json file to a GitHub shared location (I was doing a backup), I suddenly got a warning from Google Cloud that I was violating the rules as json is private. Then, I promptly removed the file, but nevertheless, I got an email saying that my resources for my project "santo1" were suspended, saying some reasons of "cryptocurrency mining" which I have no idea.
I applied to reactivate and my appeal was accepted promptly, saying that my resources about santo1 were reinstated.
Unfortunately, the speech recognition still didn't work.
Launching it from python, it records from the microphone but no answer from the service - and no error messages at all.
Then I attempted the following:
regenerate API
create a new json
create a new project with its own json under my same google account
as suggested by the Google Cloud chat operator, I manually clicked play to the VM resource that appeared stopped
create a new gmail account, with another new project, setup with billing and everything (also reconfigured through "gcloud init")
None of these attempts worked.
I need assistance on this, as the chat operator didn't seem capable of telling me more.
Thank you in advance
Best regards
I would recommend you to contact GCP support for this case as your cloud service could be still in suspended status regardless your access is OK
Apparently, the access key is stolen and used by hackers and they did crypto mining using your GCP account, hence your service account was banned
If it's your testing account/project, you should consider to create a new project rather than continue with it, the hacker could create some other services which you may not realize until too late
Worse case is it's your PROD service, then you'd better review the bill and transaction report thoroughly

Can't access to Machine Learning console in Gcloud

I am actually experimenting with the new Machine Learning API on Google cloud. All tutorials work great, Machine Learning API is activated, I can train models and access the status of the Jobs in the command line. But for some reason, I can't open the page https://console.cloud.google.com/ml/ to manage my models and jobs online.
Also, I don't have the Machine Learning button in the "Product and Services" column on the left from https://console.cloud.google.com/home/dashboard.
Even if I can do without, I wish I could have access to this console to make my work easier.
I found the same question here: Where is the Google Cloud ML Console UI? but the problem seems to be fixed since one of my colleague have access to it. Is there something to update?
I think the fix to enabling public access to all is in the process of rolling out. Sorry for the inconvenience and thanks for patience!
Is it possible that your colleague was a member of our alpha program, and was previously whitelisted to the console functonality?