Hi,
we updated our cloudfront distributions lately that access our schema repo on s3. However, it seems that enrichment cannot find the repo anymore.
The new cloudfront urls do not have access to buckets. We changed recently from OAI to OAC and probably that configuration is not 100% correct yet.
Hoewever, we were wondering why the data is still passing both enrichment and the rdbloader and is loaded into redshift if the resolver is not resolving the schema uri properly and basically not working effectively? Any ideas?
enrichments -
{
"error": "ResolutionError",
"lookupHistory": [
{
"repository": "Iglu Client Embedded",
"errors": [
{
"error": "NotFound"
}
],
"attempts": 1,
"lastAttempt": "2023-04-05T08:02:50.227Z"
},
{
"repository": "S3-schemas-registry",
"errors": [
{
"error": "NotFound"
}
],
"attempts": 1,
"lastAttempt": "2023-04-05T08:02:51.438Z"
}
]
}
[pool-1-thread-2] ERROR com.snowplowanalytics.snowplow.enrich.common.fs2.Run - CLI arguments
The bucket policy of our schemas repo looks currently like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity [OLD CLOUDFRONT ORIGIN]"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::snowplow-schemas-repo/*"
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "cloudfront.amazonaws.com"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::snowplow-schemas-repo/*",
"Condition": {
"ForAnyValue:StringEquals": {
"aws:SourceArn": "[NEW CLOUDFRONT ORIGIN]"
}
}
}
]
}