centralized-logging-with-opensearch
centralized-logging-with-opensearch copied to clipboard
Pipeline: Unable to create a pipeline due to a lack of "iam:TagRole" permission.
Describe the bug
When you creating a pipeline, the console may display a failed status for the pipeline. Clicking on the failure will provide the following error message:
Encountered a permissions error performing a tagging operation, please add required tag permissions. Retrying request without including tags. See https://repost.aws/knowledge-center/cloudformation-tagging-permission-error for how to resolve. Resource handler returned message: "User: arn:aws:sts::123456789012:assumed-role/clo-APICfnFlowCfnHelperServiceRole-111CLC116XCRH/clo-APICfnFlowCfnHelper-zH6Arx7iEUMY is not authorized to perform: iam:TagRole on resource: arn:aws:iam::123456789012:role/CL-SvcPipe-05044865-InitStackLogProcessorFnServiceR-9LvXu because no identity-based policy allows the iam:TagRole action (Service: Iam, Status Code: 403, Request ID: 45ea390f-2cc9-45e9-9539-5a5fea931e65)"
Expected Behavior
The status of the pipeline is shown as "Success".
Current Behavior
The status of the pipeline is shown as "Failed".
Reproduction Steps
This issue may occur in some accounts but is not necessarily encountered in all accounts.
Steps:
- Login the console
- Choose Log Analytics Pipelines -> AWS Service Logs / Application Logs
- Choose Create a Pipeline
- Enter the required parameters
- Choose Create
Possible Solution
No response
Additional Information/Context
No response
Solution Version
v2.1.2
AWS Region. e.g., us-east-1
us-east-1
Other information
No response