I've spent hours and I found no solution.
I got the latest Debian marketplace image running and try to use the "aws" tools from command line.
I created an IAM user and gave the user every single permission available, including poweruser, ec2 full access, administrator.
aws ec2 describe-addresses
A client error (AuthFailure) occurred when calling the DescribeAddresses operation: AWS was not able to validate the provided access credentials
However I can use all non EC2 parts.
I can do any "aws iam" command, no issues at all.
I could create a user and give it any accessrights but I may not list instances!
This is not an authentication error ..
Date is NTP synced, however as "aws iam" commands all work perfectly it's not an API issue.
I am at the end of my wits. There i no permission left I could give that user.
I tried different access keys, same situation.
I tried waiting for an hour, no luck.
Here the EC2 Full access role the user has:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "elasticloadbalancing:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "cloudwatch:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "autoscaling:*",
"Resource": "*"
}
]
}
Manager using the web console of AWS.
I think you were hitting your EIP limit. I was updating a Cloudformation stack yesterday and was getting the error..
AccessDenied. User doesn't have permission to call ec2:DescribeAddresses
..even though I was running with full admin rights. Turned out the error was a red-herring and the problem was I was hitting my EIP limit. Requested an EIP limit increase and that fixed it.
Related
I get this error when trying to "restart all dynos" through python heroku3 library (app.restart())
{
"id": "forbidden",
"message": "Restarts are currently disabled. Please try again later."
}
am trying to integrate terraform with aws, aws cli configured and I do have admin, completeEC2 access, configured terraform/aws plugins.
I can create a ec2/vpc from console or from aws cli but when am trying to invoke through terraform, am getting authorization error like below
I tried decoding the error message and adding debug log but no luck.Any help would be great! thanks
action=DescribeAccountAttributes&AttributeName.1=supported-platforms&Version=2016-11-15
-----------------------------------------------------: timestamp=2022-05-05T17:49:28.788-0500
2022-05-05T17:49:29.160-0500 [DEBUG] provider.terraform-provider-aws_v4.12.1_x5: [aws-sdk-go] DEBUG: Response ec2/DescribeAccountAttributes Details:
---[ RESPONSE ]--------------------------------------
HTTP/1.1 403 Forbidden
Transfer-Encoding: chunked
022-05-05T17:49:29.160-0500 [DEBUG] provider.terraform-provider-aws_v4.12.1_x5: [aws-sdk-go] <?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>UnauthorizedOperation</Code><Message>You are not authorized to perform this operation.</Message></Error></Errors><RequestID>e****</RequestID></Response>: timestamp=2022-05-05T17:49:29.160-0500
2022-05-05T17:49:29.160-0500 [DEBUG] provider.terraform-provider-aws_v4.12.1_x5: [aws-sdk-go] DEBUG: Validate Response ec2/DescribeAccountAttributes failed, attempt 0/25, error UnauthorizedOperation: You are not authorized to perform this operation.
status code: 403, request id: ea***: timestamp=2022-05-05T17:49:29.160-0500
2022-05-05T17:49:29.160-0500 [WARN] provider.terraform-provider-aws_v4.12.1_x5: Unable to get supported EC2 platforms: UnauthorizedOperation: You are not authorized to perform this operation.
You have to create a programmatic access user for the terraform
Among others (e.g. scoped-ec2) need to add the following statement to your user IAM policy:
{
"Sid": "AllowDescribeEC2Params",
"Action": [ "ec2:DescribeAccountAttributes" ],
"Effect": "Allow",
"Resource": [ "*" ]
}
I am working on a project which downloads files using the google drive api. I am using a service account that has all the drive permissions (https://www.googleapis.com/auth/drive).
I am able to download some files without any problems, but sometimes I get the following error:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientFilePermissions",
"message": "The user does not have sufficient permissions for this file."
}
],
"code": 403,
"message": "The user does not have sufficient permissions for this file."
}
}
When I attempt to download a file I impersonate the owner of the file. The owner of the file will definitely have access to the file so I am not sure why I am getting this error.
Is anyone able to explain how I could possibly be getting this error?
The problem was that the user I was trying to impersonate was suspended.
I have a K8 cluster on GCP running elasticsearch. Now I need to create a backup.
I've installed the GCS-plugin on my pods in stateful-set and tried setting it up with the following documentation:
https://github.com/elastic/elasticsearch/blob/master/docs/plugins/repository-gcs.asciidoc
When I try to configure a repository to use credentials stored in keystore I get the following response back:
{
"error": {
"root_cause": [
{
"type": "repository_exception",
"reason": "[my_backup] repository type [gcs] does not exist"
}
],
"type": "repository_exception",
"reason": "[my_backup] repository type [gcs] does not exist"
},
"status": 500
}
Any lead would be helpful, thanks!
I think the problem is that I can't install the plugin on the nodes, so I’ve installed it on the pods instead. And that the installation is not persistent after I restart the pods. So to make the installation persist on K8 I needed to build a custom image that installs the plugin. A bit tricky, but the plugin seems to be intended for GCE. So I decided to move from K8 to a managed instance group on GCE instead.
I successfully deployed a business network to hlfv1 beta and am now trying to issue an identity for a participant but receive the following error:
composer identity issue -p hlfv1 -n 'manumachines-network'
-i Org1PeerAdmin -s DJY27pEnl16d -u dxid1 -a "org.acme.manumachinesnetwork.Designer#designer-X#email.
com"
Error: fabric-ca request register failed with errors [[{"code":400,"message":"Authorization failure"}]
]
Command failed.
Using LoopBack, I know that the participant is on the Blockchain:
[
{
"$class": "org.acme.manumachinesnetwork.Designer",
"email": "designer-X#email.com"
},
{
"$class": "org.acme.manumachinesnetwork.Designer",
"email": "designer-Y#email.com"
},
{
"$class": "org.acme.manumachinesnetwork.Designer",
"email": "designer-Z#email.com"
}
]
I figured it out - in the issue identity cli command you must use the id and password of the CA which is found in the:
fabric-tools/fabric-scripts/hlfv1/composer/crypto-config/docker-compose.yml file which is admin and adminpw.
I was erroneously trying to use the admin identity that I had registered as the prerequisite for deploying the network definition.