Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot connect to AWS: AccessDeniedException #88

Open
yasharne opened this issue Feb 13, 2023 · 1 comment
Open

Cannot connect to AWS: AccessDeniedException #88

yasharne opened this issue Feb 13, 2023 · 1 comment

Comments

@yasharne
Copy link

Hi
I have an IAM policy with permission to some ECS clusters:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ecs:DescribeCapacityProviders",
                "ecs:ListTagsForResource",
                "ecs:ListTasks",
                "ecs:DescribeServices",
                "ecs:DescribeTaskSets",
                "ecs:DescribeContainerInstances",
                "ecs:DescribeTasks",
                "ecs:DescribeClusters"
            ],
            "Resource": [
                "arn:aws:ecs:ap-southeast-1:111:cluster/aaa",
                "arn:aws:ecs:ap-southeast-1:111:cluster/bbb"
            ]
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "ecs:ListAccountSettings",
                "ecs:DescribeTaskDefinition",
                "ecs:ListClusters"
            ],
            "Resource": "*"
        }
    ]
}

I have exported the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY and AWS_REGION, but when I run the binary, I get these errors:

2023/02/13 09:58:58 Error listing tasks of cluster arn:aws:ecs:ap-southeast-1:111:cluster/ccc: operation error ECS: ListTasks, https response error StatusCode: 400, RequestID: abc, api error AccessDeniedException: User: arn:aws:sts::111:assumed-role/monitoring/i-0abc is not authorized to perform: ecs:ListTasks on resource: * because no identity-based policy allows the ecs:ListTasks action
2023/02/13 09:58:58 failed to call service: ECS, operation: ListTasks, error: https response error StatusCode: 400, RequestID: abc, api error AccessDeniedException: User: arn:aws:sts::111:assumed-role/monitoring/i-0abc is not authorized to perform: ecs:ListTasks on resource: * because no identity-based policy allows the ecs:ListTasks action
2023/02/13 09:58:58 Error listing tasks of cluster arn:aws:ecs:ap-southeast-1:111:cluster/aaa: operation error ECS: ListTasks, https response error StatusCode: 400, RequestID: abc, api error AccessDeniedException: User: arn:aws:sts::111:assumed-role/monitoring/i-0abc is not authorized to perform: ecs:ListTasks on resource: * because no identity-based policy allows the ecs:ListTasks action
2023/02/13 09:58:58 Error listing tasks of cluster arn:aws:ecs:ap-southeast-1:111:cluster/ddd: operation error ECS: ListTasks, https response error StatusCode: 400, RequestID: abc, api error AccessDeniedException: User: arn:aws:sts::111:assumed-role/monitoring/i-0abc is not authorized to perform: ecs:ListTasks on resource: * because no identity-based policy allows the ecs:ListTasks action
2023/02/13 09:58:58 Error listing tasks of cluster arn:aws:ecs:ap-southeast-1:111:cluster/eee: operation error ECS: ListTasks, https response error StatusCode: 400, RequestID: abc, api error AccessDeniedException: User: arn:aws:sts::111:assumed-role/monitoring/i-0abc is not authorized to perform: ecs:ListTasks on resource: * because no identity-based policy allows the ecs:ListTasks action
2023/02/13 09:58:58 Error listing tasks of cluster arn:aws:ecs:ap-southeast-1:111:cluster/fff: operation error ECS: ListTasks, https response error StatusCode: 400, RequestID: abc, api error AccessDeniedException: User: arn:aws:sts::111:assumed-role/monitoring/i-0abc is not authorized to perform: ecs:ListTasks on resource: * because no identity-based policy allows the ecs:ListTasks action
2023/02/13 09:58:58 Error listing tasks of cluster arn:aws:ecs:ap-southeast-1:111:cluster/bbb: operation error ECS: ListTasks, https response error StatusCode: 400, RequestID: abc, api error AccessDeniedException: User: arn:aws:sts::111:assumed-role/monitoring/i-0abc is not authorized to perform: ecs:ListTasks on resource: * because no identity-based policy allows the ecs:ListTasks action
2023/02/13 09:58:58 Error listing tasks of cluster arn:aws:ecs:ap-southeast-1:111:cluster/ggg: operation error ECS: ListTasks, https response error StatusCode: 400, RequestID: abc, api error AccessDeniedException: User: arn:aws:sts::111:assumed-role/monitoring/i-0abc is not authorized to perform: ecs:ListTasks on resource: * because no identity-based policy allows the ecs:ListTasks action
@Rudd-O
Copy link
Contributor

Rudd-O commented Mar 7, 2023

2023/02/13 09:58:58 Error listing tasks of cluster arn:aws:ecs:ap-southeast-1:111:cluster/ccc: operation error ECS: ListTasks, https response error StatusCode: 400, RequestID: abc, api error AccessDeniedException: User: arn:aws:sts::111:assumed-role/monitoring/i-0abc is not authorized to perform: ecs:ListTasks on resource: * because no identity-based policy allows the ecs:ListTasks action

This is not a support forum.

That said, the software is telling you right there what IAM permission your key is missing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants