Today I'm facing an issue when want to share the transit gateway to a specific organization with error message below: Organization o-abcdefghq could not be found. (Service: AWSRAM; Status Code: 400; Error Code: UnknownResourceException; Request ID: 70749448-e9101-48c2-918d-c8b40eq1aa32; Proxy: null)
Is anyone able to help me, please? thank you
Transit gateway is able to share within organization
The issue is now solved with the following steps:
Login to your master AWS account as root user
Go to the Organizations console and click 'Settings'
'Disable Access' for AWS Resource Access Manager from the 'Trusted access for AWS services' tab
Go to the RAM console, and Click on Settings.
Select “Enable sharing within your AWS Organization”.
Create the resource share again, remember uncheck "Allow external accounts" option, put the account ID again-->Save.
Related
I am fairly new to AWS. I am trying to learn it by doing. I have a root user and an IAM user with admin rights and many other rights.
I deployed a example simple stack by CDK. I followed some online tutorials. The Deployment was successful by cdk.
I log in to the AWS console by the browser. I navigate to CloudFormation and clicked Stacks. I got this error:-
Your account is not a member of an organization. (Service: AWSOrganizationsV20161128; Status Code: 400; Error Code: AWSOrganizationsNotInUseException; Request ID: 129910c4-b89c-4318-b56f-7f753e76d475; Proxy: null)
I got the same error for both the root user and IAM user. How do I fix it?
Note that I don't have any AWS organization. I just signup for a fresh AWS account. Just to make sure, I checked the AWS organization, I don't have any organization exist.
After the cdk redeploy:-
StackSets are only available for AWS Organizations. They allow users to deploy CloudFormation stacks across multiple accounts in an organization. If you try to access StackSets in the AWS Console and you're not a member of an organization, you will get this error, which is expected.
Reference: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/what-is-cfnstacksets.html
I am trying to edit an existing CodeBuild project's source. I have added an Actor ID in the filter group. When I try to save, I receive:
The trusted principals don't belong to the service.
I have tried other changes as well - I always receive the same error. I am an admin with full access to the project. What am I missing?
I was seeing the same error, in my case unchecking the checkbox:
"Allow AWS CodeBuild to modify this service role so it can be used with this build project"
under "Service role permissions" allowed me to complete the edit from within the management console.
I ended up using the CLI. The command I used was aws codebuild update-webhook. It worked fine, don't know why it didn't using the console.
I selected "aws transfer for sftp" service from aws console.
However, I get the error as follows:
Unable to load content
Something went wrong, you may not have permissions to access these resources. Refresh to try again.
I created the IAM Policies and Role as mentioned in the following guide, however I still get the error:
https://docs.aws.amazon.com/transfer/latest/userguide/sftp.ug.pdf
I am assuming that you are administering your account with an IAM user rather than root (which is good). If so, you are going to need to create your own IAM Policy for the creation and maintenance of the AWS Transfer servers.
WARNING: THIS IS FOR SERVER MANAGEMENT, NOT FOR THE SFTP USERS
Steps
Sign into AWS Console
Navigate to IAM Roles
In the left menu, click "Policies"
Click Create Policy
Service: choose Transfer
Actions: check "All Transfer Actions" (transfer:*)
Resources: All resources
Click Review Policy
Give it a name like: AWSTransferFullAccess
Click Create policy
Navigate to your IAM user (or group if you have those)
Click Add Permissions
Click Attach existing policies directly
Filter your policies by "Transfer" and then yours should appear
Review
Add Permissions
Log out of console
Log back in and navigate to: https://console.aws.amazon.com/transfer
You should now be able to make a server and manage users and roles.
You might need various transfer:* permissions in one of the IAM policies that applies to you.
I've configured IAM roles for my different services on EC2 server.with the help of below link IAM Role Setup. According to AWS docs after setting IAM role we don't need any credentials to be stored in our application it takes the credential details from EC2 instance metadata.
However, I am getting error when I removed AWS key from my web.config."No RegionEndpoint or ServiceURL configured" After some time when I added region point entry to my Web.config entry then it started working.
<add key="AWSRegion" value="us-east-1" />
Please note in another application where I am accessing only AWS DynamoDB on the same server, it works without adding region point entry in config. Any kind of help is appreciated.Thank you in advance.
IAM role is only for fetching credentials from the metadata server, not for the region you are trying to connect to. So, you have to specify the region in the config file, not the credentials. Some services default to a region (like us-east-1) but many services expect the region to be configured or passed when creating a client object.
When I try to launch an Elastic Beanstalk environment from the command line, I get this error during the process:
Environment health has transitioned from Pending to Warning. Access
denied while accessing Auto Scaling and Elastic Load Balancing using
role "arn:aws:iam::XXXXXXXXXX:role/aws-elasticbeanstalk-service-role".
Verify the role policy.
When I launch it from the console, I do not get this warning. I have tried to replicate the same AWS console configuration from the CLI , but I still get this error.
Any clue what's going on?
If anyone is still getting a similar error and is still unsure how to solve it
Navigate to IAM in the AWS Console.
Navigate to the aws-elasticbeanstalk-service-role (under Access Management > Roles).
Attach the following policies:
AutoScalingFullAccess
ElasticLoadBalancingFullAccess
I then rebuilt the environment, no more errors!
The following article helped me understand this better: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts-roles-service.html
You can go to your IAM console. You will see the "aws-elasticbeanstalk-service-role", Under the permission tab, you can grant the specific you want to give the policy on your behalf. Refresh and you should have "Ok". Make sure the permission you grant the role can manage this " Auto Scaling and Elastic Load Balancing using role"
Elastic Beanstalk now uses a Service Role to call other AWS services on your behalf. The IAM role is created in your account and you give permissions to launch
Service role is optional but recommended for new environments.
Especially for enhanced health monitoring (which is what your using based on the error message), service role is mandatory. A misconfigured service role can lead to this error message.
The console experience makes it very easy for you to create/use the role with the correct permissions. This is because you just need to select the correct role from the dropdown (if the role already exists) when using the create environment wizard.
When using the CLI you need to pass the service role option setting. (namespace: aws:elasticbeanstalk:environment, option_name: ServiceRole). You can find the required permissions for a role configured in this documentation.
There are some more details about service role in my previous stack overflow answer here.
If anyone can not solve the error whit the previous actions what I had to do is:
Add to aws-elasticbeanstalk-service-role the following policies AutoScalingFullAccess | ElasticLoadBalancingFullAccess
Not re-start but build the environment again
(after a while it kept launching the error)
Then I added:
AdministratorAccess-AWSElasticBeanstalk (again to aws-elasticbeanstalk-service-role)
Re-build the environment again
It is working at the moment.