Scalr - decode AWS error messages
I'm currently evaluating Scalr and received the following message after starting a scalr farm:
Cannot launch server on 'ec2' platform: AWS Error. Request RunInstances failed. You are not authorized to perform this operation. Encoded authorization failure message: OZX...KyuI
The IAM Policy was according to the documentation and the message itself doesn't share light on the actual issue.
If you have AWS CLI installed you can easily decode the attached authorization failure message:
aws sts decode-authorization-message --encoded-message "OZX...KyuI"
This will output something like:
{
"DecodedMessage": "{\"allowed\":false,\"explicitDeny\":false,\"matchedStatements\":{\"items\":[]},\"failures\":{\"items\":[]},\"context\":{\"principal\":{\"id\":\"abcdefg\",\"name\":\"scalr\",\"arn\":\"arn:aws:iam::123456:user/scalr\"},\"action\":\"iam:PassRole\",\"resource\":\"arn:aws:iam::123456:role/foo-bar-ec2-role\",\"conditions\":{\"items\":[]}}}"
}
In this case "iam:PassRole" wasn't specified in the policy.
Written by Enrico Stahn
Related protips
Have a fresh tip? Share with Coderwall community!
Post
Post a tip
Sponsored by #native_company# — Learn More
#native_title#
#native_desc#