Insufficient IAM privileges. Unable to determine if instance profile 'aws-elasticbeanstalk-ec2-role' exists
Question
every time i try to create an environment from my cli it pop up this error ERROR Unable to assign role. Please verify that you have permission to pass this role: aws-elasticbeanstalk-service-role. ERROR Unable to assign role. Please verify that you have permission to pass this role: aws-elasticbeanstalk-service-role. and give me failed to launch environment even though i setup the aws access key and secret access key and give the user the permissions of administrator
1 answers
solution1
0 2022-07-19 11:31:00
AWS has a strictly defined policy evaluation logic .
- Deny evaluation – By default, all requests are denied. This is called an implicit deny. The AWS enforcement code evaluates all policies within the account that apply to the request. These include AWS Organizations SCPs, resource-based policies, identity-based policies, IAM permissions boundaries, and session policies. In all those policies, the enforcement code looks for a Deny statement that applies to the request. This is called an explicit deny. If the code finds even one explicit deny that applies, the code returns a final decision of Deny. If there is no explicit deny, the code continues.
As you can see, the first step checks for an explicit deny in all policies within the account that apply to the request. Although you have the admin permissions there could be Organizations SCPs, resource-based policies, IAM permissions boundaries, or another IAM policy attached to your IAM account or group that explicitly deny passing a role. If you have access just check them one by one. Or ask your administrator to do that.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.