aws-service-catalog-terraform-reference-architecture icon indicating copy to clipboard operation
aws-service-catalog-terraform-reference-architecture copied to clipboard

Published 20 hours ago verified publisher icon aws-samples

Default IAM Roles have insufficient permissions

Open smithhannahm opened this issue 5 years ago • 1 comments

The TerraformResourceCreationRole created by the Terraform Spoke Principals stack is missing at least one permission to create the sample S3 Website stack.

Encountered error during fulfillment script execution - ClientError: An error occurred (AccessDeniedException) when calling the CreateGroup operation: User: arn:aws:sts::xxxx:assumed-role/TerraformResourceCreationRole/TerraformAssumeRoleSession-52905d76-bacb-430a-88e8-c5ab453cb834 is not authorized to perform: resource-groups:Tag on resource: arn:aws:resource-groups:us-east-2:xxxx:group/SC-275098837840-pp-lyk6a4tkd67no-MyTerraformStack-970a9f351a871af3fc62f31dd71dcd98875e5056416ef3ab78818ba78188b26c

I added the "resource-groups:Tag" permission manually, and was able to get it to get further along.

I was working off the master branch at commit fa01af1f0684681bb1d7f1559b0d374afdb03faf

smithhannahm avatar Aug 29 '19 19:08 smithhannahm

Just comment out the group creating code then it will be fine

kattavenkata avatar Sep 26 '19 13:09 kattavenkata