You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the current setup, a new repo onboarding to Nova will need to be added explicitly into the trust policy, i.e. D64996473, and the list will continue to grow over time. The limit can be raised to 4096 chars, but it's not a long term solution. So, we need to explore better alternatives:
Grant the permission to all PyTorch repos by default, i.e. repo:pytorch/*:environment:pytorchbot-env (is this a valid syntax?)
Split the role into multiple smaller ones, i.e. arn:aws:iam::749337293305:role/gha_workflow_nightly_build_wheels_000, arn:aws:iam::749337293305:role/gha_workflow_nightly_build_wheels_001, and try them out one by one in the workflow
Ask AWS for a really high limit that we are sure we are not going to hit it ever
I learn today that AWS limits the trust policy in a OIDC role to 2048 chars https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#autoapproved, and we are going to hit that limit sooner or later in Nova upload binaries https://github.com/pytorch/test-infra/blob/main/.github/workflows/_binary_upload.yml#L82
In the current setup, a new repo onboarding to Nova will need to be added explicitly into the trust policy, i.e. D64996473, and the list will continue to grow over time. The limit can be raised to 4096 chars, but it's not a long term solution. So, we need to explore better alternatives:
repo:pytorch/*:environment:pytorchbot-env(is this a valid syntax?)arn:aws:iam::749337293305:role/gha_workflow_nightly_build_wheels_000,arn:aws:iam::749337293305:role/gha_workflow_nightly_build_wheels_001, and try them out one by one in the workflowcc @atalman @malfet @seemethere @ZainRizvi
The text was updated successfully, but these errors were encountered: