stackoom
  简体   繁体   中英

AWS EC2 import-image: ClientError: Disk validation failed [We do not have access to the given resource. Reason 403 Forbidden

 原文  2020-09-17 07:59:31       amazon-web-services/ amazon-s3/ amazon-ec2

Question

I have an S3 bucket which contains my ova file. The file name does not contain space, etc. The S3 bucket is in my default region. I have created the role and trusting policy as described in https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html#import-image-prereqs

Command used:

I call the following command to start the import:

aws ec2 import-image --description "IBM QRadar CE 733" --license-type BYOL --disk-containers file://containers.json

{
    "Description": "IBM QRadar CE 733",
    "ImportTaskId": "import-ami-xxxxxxxxxxxx",
    "LicenseType": "BYOL",
    "Progress": "1",
    "SnapshotDetails": [
        {
            "Description": "QRadarCE733",
            "DiskImageSize": 0.0,
            "Format": "OVA",
            "UserBucket": {
                "S3Bucket": "ibmqradarce733",
                "S3Key": "QRadarCE733GA_v1_0.ova"
            }
        }
    ],
    "Status": "active",
    "StatusMessage": "pending"
}

container.json contains: 

[{
    "Description": "QRadarCE733",
    "Format": "OVA",
    "UserBucket": {
        "S3Bucket": "ibmqradarce733",
        "S3Key": "QRadarCE733GA_v1_0.ova"
    }
}]

Progress check

Please note: I have added xxx to the ImportTaskId. Already after a few seconds in the "Validation"-Phase I receive the error:

ClientError: Disk validation failed [We do not have access to the given resource. Reason 403 Forbidden]

Here is the full response: (Please note: I have added xxx to the ImportTaskId)

aws ec2 describe-import-image-tasks --import-task-ids import-ami-0a09ee6b0e35d8ca0
{
    "ImportImageTasks": [
        {
            "Description": "IBM QRadar CE 733",
            "ImportTaskId": "import-ami-xxxxxxxxxxxxx",
            "LicenseType": "BYOL",
            "SnapshotDetails": [],
            "Status": "deleting",
            "StatusMessage": "ClientError: Disk validation failed [We do not have access to the given resource. Reason 403 Forbidden]",
            "Tags": []
        }
    ]
}

1 answers

solution1
 2 ACCPTED  2020-09-22 10:12:20

Make sure the vmimport policy attached to vmimport role allows access to the S3 bucket containing your .ova files.

If you copied the policy from the documentation verbatim, you will need to edit it to explicitly grant access to your S3 buckets.

This section:

"Resource": [
            "arn:aws:s3:::disk-image-file-bucket",
            "arn:aws:s3:::disk-image-file-bucket/*"
         ]

Should become:

"Resource": [
            "arn:aws:s3:::ibmqradarce733",
            "arn:aws:s3:::ibmqradarce733/*"
         ]

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why am I geting “Disk validation failed [Invalid S3 source location]” while doing “aws ec2 import-image”? aws ec2 import-image fails with error “ClientError: Unknown OS / Missing OS files.” aws ec2 import-image error "ClientError: GRUB doesn't exist in /etc/default Example for 'aws ec2 import-image' AWS EC2 import-image Windows Server license type aws ec2 import-image via Terraform AWS Elastic Bean Stalk, Error 403 Forbidden “You don't have permission to access this resource.” Django - Apache - AWS --- 403 Forbidden : You don't have permission to access this resource. error 403 Forbidden access of phpmyadmin at AWS EC2 instance AWS CLI: 'import-image'
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM