I have created dashboard and rules. I am not able to find the option for removing the dashboard. Rules i have deleted. Can anyone put forth his thought on that?
recording- view
When i tried to delete the associated roles it says this iAM Roles associated
And the recording i cant stop.
And the dashboard is showing this,
dashboard-view
The problem is i cant delete completely dashboard unlike other aws services. Second, will there be any charges incurred for the opened dashboard?
Any thoughts on that, is appreciated!!!
As far as I know, there is no option to delete dashboard from management console currently. Please try to use aws command.
aws configservice delete-configuration-recorder --configuration-recorder-name YOUR_CONFIGURATION_RECODER_NAME
aws configservice delete-delivery-channel --delivery-channel-name YOUR_DELIVERY_CHANNEL_NAME
To check the YOUR_CONFIGURATION_RECODER_NAME and YOUR_DELIVERY_CHANNEL_NAME you can use the following commands:
aws configservice describe-configuration-recorders
aws configservice describe-delivery-channels
After deleting your delivery channel, you can delete IAM role (AWSServiceRoleForConfig). Please note the S3 bucket for AWS-config will still exist.
Please refer to https://docs.aws.amazon.com/cli/latest/reference/configservice/index.html
Related
I am getting this message when I try to create a crawler on AWS Glue:
{"service":"AWSGlue","statusCode":400,"errorCode":"AccessDeniedException","requestId":"RequestIDNumber","errorMessage":"Account <AccountID> is denied access.","type":"AwsServiceError"}
already attached all those policies below to the IAM
All my Policies here
Already setup permissions to the AWS lake formation for the role too
Already created a custom policy kms to it too
And I am stucked, I cannot create a crawler!
I am in the root account, actually there`s no other account just the root, It's a super new account I created in AWS so I don't know what to do to be able to create this simple crawler
My ideia its to use it with dynamodb as data source
The message says there is something wrong with my account permission not with a role
Someone has an idea?
Thank you so much
Not sure the reason, but loads of people have been having this issue. You can submit a ticket through AWS account support. I actually submitted two, including one through the unpaid support version and one through my paid account. They answered both tickets.
Basically, just tell them you need access to Glue and they should alter whatever it is to give you access. Sorry it's not a better answer, but I found no other useful information anywhere.
I propose to try using a separate user and attaching the policy you created to it.
I am trying to create a crawler in AWS Glue, but it gives error: {"service":"AWSGlue","statusCode":400,"errorCode":"AccessDeniedException","requestId":"<requestId>","errorMessage":"Account <accountId> is denied access.","type":"AwsServiceError"}.
This is what I've done so far:
Create a database in AWS Glue
Add tables in the database using a crawler
Name the crawler
Choose Amazon S3 as the data store and specified a path to a csv file inside a bucket in my account
Choose an existing IAM role I've created before
Choose a database I've created before
Press finish.
When I press finish, the above error is occurred.
I have grant AdministratorAccess both to IAM user and role used to create the crawler, so I assume there is no lack of permission issues. The bucket used is not encrypted and located in the same region as the AWS Glue.
I also have tried to create another database and specified a path to a different csv file but it is not solved the problem.
Any help would be very appreciated. Thanks.
I have contacted the owner (the root user) of this account and the owner asked for help to AWS Premium Support. The AWS Premium Support told us that all the required permissions to create AWS Glue Crawler are already provided and there is no SCPs attached to the account. After waiting around 7-working-day, finally I can create AWS Glue Crawler without any errors.
Unfortunately, I don't have any further information on how the AWS Premium Support solve the issue. For those of you who encounter similar errors like me, just try to contact the owner of the account, because most likely the issue is out of your control. Hope this helps in the future. Thanks.
I'm working with AWS. Specifically, I have an AWS Educate account with $ 100 free. When I go to the AWS Organizations service, I get a message saying: you don't have permission to access this resource. I've tried to add a full organization permission to the user, but I still have the same error.
Furthermore, I use the EMR cluster and the S3 bucket.
Anyone could help me?
AWS Organizations is one of the services that are not supported in AWS Educate Starter Accounts. Please refer to this document to learn about supported services.
If you want to use AWS Organizations, you can create a regular AWS account here. You can have as many accounts as you want (in fact, that’s something that AWS Organization helps you with: Multi-account management).
So we have this aws account with some permissions and it was working fine at first. We were able to deploy to aws using serverless framework. But then the client decided to setup an organization since they have other aws accounts also and to consolidate the billing under 1 account, they added the account they gave us to the organization. Now the problem is when we deployed using serverless again, serverless can no longer see the deployment bucket with an access denied error. But when the account was removed from the organization, serverless is able to locate the bucket. Is there some addition permissions or changes to the permissions that needs to be done when an account is linked to an organization? Can someone explain to me cause I can't seem to find any example of my scenario in a google search. I am new to AWS and this is the first time I experience organzations in AWS.
The only implication to permissions from joining an OU (organization unit) would be via the Service Contol Policy (SCP). Verify that the SCP attached to the organization does not block the actions you are attempting to execute.
We would love to get more information if possible, but I would maybe start looking in the following places in your consolidated account:
Trusted access for AWS services - https://console.aws.amazon.com/organizations/home?#/organization/settings
https://console.aws.amazon.com/organizations/home?#/policies
See if anything was changed there, if someone added a policy, or if the AWS Resource Access Manager is disabled.
I have created a development deployment for an application using kops, kubectl, and EC2.
When I set up this deployment, I created a Kops IAM user as specified in this guide. Everything has worked fine for me managing this deployment.
I am now leaving the project for another job and have to allow someone else
to take over this deployment. I tried having them use aws configure and enter the appropriate kops IAM user creds, but the kops user still does not show up for this person when they run aws iam list-users.
What is the best way to share this IAM user with this new developer?
I have stumbled upon this guide which states I can Delegate Access Across AWS Accounts Using IAM Roles, but I am not sure if this is the correct solution? Shouldn't the new developer just be able to enter the Kops IAM user cred info to access its resources?
Forgive me, for I am not very experienced with aws-cli and this deployment process. I just took on this responsibility on our team because no one else was confident they could do it.
Thanks!
I think the best way to handle this would be to enter the AWS Console as the Root. Go to IAM and select the kops user. In the Security credentials tab, create a new access key and share the credentials with the other developer by forwarding him/her the csv file. Once he/she downloads the csv have them try the aws configure and enter the new access credentials. Letme know if this works!