diff --git a/pages/iam/reference-content/permission-sets.mdx b/pages/iam/reference-content/permission-sets.mdx index f1882634ca..506c9adf91 100644 --- a/pages/iam/reference-content/permission-sets.mdx +++ b/pages/iam/reference-content/permission-sets.mdx @@ -65,7 +65,7 @@ Below is a list of the permission sets available at Scaleway. | FunctionsFullAccess | Full access to create, read, list, edit and delete Functions | | MessagingAndQueuingReadOnly | List and read access to Messaging | | MessagingAndQueuingFullAccess | Full access to create, read, list, edit and delete Messaging | -| ServerlessJobsFullAccess | Full access to create, read, list, edit and delete job definition/run | +| ServerlessJobsFullAccess | Full access to create, read, list, edit and delete job definition/run. To start a job, in some conditions, permissions for Registry and Secret Manager may be required. | | ServerlessJobsReadOnly | List and read access to job definition/run | | ServerlessSQLDatabaseReadOnly| List and read access to Serverless SQL Database | | ServerlessSQLDatabaseReadWrite| List, read and write access to Serverless SQL Database. Includes data and table structure edition. Does not include permissions to create databases or edit settings | diff --git a/pages/serverless-jobs/how-to/create-job.mdx b/pages/serverless-jobs/how-to/create-job.mdx index cd4a59258e..97efff9c86 100644 --- a/pages/serverless-jobs/how-to/create-job.mdx +++ b/pages/serverless-jobs/how-to/create-job.mdx @@ -49,13 +49,13 @@ Scaleway's Serverless Jobs allows you to create jobs from several container [reg 1. Declare [environment variables](/serverless-jobs/concepts/#environment-variables) you want to inject into your job. For each environment variable, click **+Add variable** and enter the key/value pair. - 2. Add [secrets references](/serverless-functions/concepts/#secrets) for your Job. Secret references are environment variables fetched from [Scaleway Secret Manager](/secret-manager/) that are injected into your job, but the values are not retained or displayed by Scaleway after initial validation. + 2. Add [secrets references](/serverless-functions/concepts/#secrets) for your Job. Secret references are environment variables fetched from [Scaleway Secret Manager](/secret-manager/) that are injected into your job, but the values are not retained or displayed by Scaleway after initial validation. Encode your environment variables and secrets to `base64` if they are too large, and contain carriage returns. - - Customize the ephemeral storage for your job according to your requirements. The data stored in your job is not retained once it is finished. + - Customize the ephemeral storage for your job according to your requirements. The data stored in your job is not retained once it is finished. 1. Add a **startup command** to your job. It will be executed every time your job is run. @@ -114,13 +114,13 @@ Private external container registries are currently not supported. 1. Declare [environment variables](/serverless-jobs/concepts/#environment-variables) you want to inject into your job. For each environment variable, click **+Add variable** and enter the key/value pair. - 2. Add [secrets references](/serverless-functions/concepts/#secrets) for your Job. Secret references are environment variables fetched from [Scaleway Secret Manager](/secret-manager/) that are injected into your job, but the values are not retained or displayed by Scaleway after initial validation. + 2. Add [secrets references](/serverless-functions/concepts/#secrets) for your Job. Secret references are environment variables fetched from [Scaleway Secret Manager](/secret-manager/) that are injected into your job, but the values are not retained or displayed by Scaleway after initial validation. Encode your environment variables and secrets to `base64` if they are too large, and contain carriage returns. - - Customize the ephemeral storage for your job according to your requirements. The data stored in your job is not retained once it is finished. + - Customize the ephemeral storage for your job according to your requirements. The data stored in your job is not retained once it is finished. 1. Add a **startup command** to your job. It will be executed every time your job is run. diff --git a/pages/serverless-jobs/how-to/run-job.mdx b/pages/serverless-jobs/how-to/run-job.mdx index 77bdeb0abe..0166b1f152 100644 --- a/pages/serverless-jobs/how-to/run-job.mdx +++ b/pages/serverless-jobs/how-to/run-job.mdx @@ -49,8 +49,18 @@ The **Job runs** section contains basic monitoring information for your jobs: - A start date and an end date - The duration of the job execution +## Permissions and product dependencies + +Depending on various settings, Serverless Jobs can have dependencies on other products, for example: +- **Secret Manager**: to securly inject data into Jobs +- **Container Registry**: to store images of Jobs + +Starting a Job Definition with product dependencies using IAM policies can fail if some permissions are not definied properly. + +If the Job Definition uses an image from **Container Registry**, add `ContainerRegistryReadOnly` permission. + +If the Job Definition consumes data from **Secret Manager**; add `SecretManagerSecretAccess` permission. + Use [Cockpit](/cockpit/quickstart/) for in-depth monitoring of the activity of your serverless jobs. - - diff --git a/pages/serverless-jobs/troubleshooting/job-in-error-state.mdx b/pages/serverless-jobs/troubleshooting/job-in-error-state.mdx index ab7f5569f2..fb495d8da2 100644 --- a/pages/serverless-jobs/troubleshooting/job-in-error-state.mdx +++ b/pages/serverless-jobs/troubleshooting/job-in-error-state.mdx @@ -15,4 +15,6 @@ My job run is in an error state. - Make sure that you have built your image for an `amd64` architecture, as `arm64` is not supported. See the [Architecture](/serverless-jobs/reference-content/jobs-limitations/#architecture) documentation for more information. -- Make sure that your deployment does not exceed the limitations of [Serverless Jobs](/serverless-jobs/reference-content/jobs-limitations/). \ No newline at end of file +- Make sure that your deployment does not exceed the limitations of [Serverless Jobs](/serverless-jobs/reference-content/jobs-limitations/). + +- Make sure to use the correct permissions when other products are involved - see the [permissions and product dependencies documentation](/serverless-jobs/how-to/run-job/#permissions-and-product-dependencies).