Hi recently(today) I joined the Amazon Web Services platform, to host my database in the cloud, however after creating an account(free tier), when I navigated to the create database(RDS), I noticed this error:
The AWS Access Key Id needs a subscription for the service (Service: AmazonRDS; Status Code: 403; Error Code: OptInRequired; Request ID: a27f4e40-5687-43b3-8bba-ccf419cf7e8f)
How do I go about fixing this?
According to the documentation
If you're using an account that was created in or after 2011, then update your account status.
Related
Today I'm facing an issue when want to share the transit gateway to a specific organization with error message below: Organization o-abcdefghq could not be found. (Service: AWSRAM; Status Code: 400; Error Code: UnknownResourceException; Request ID: 70749448-e9101-48c2-918d-c8b40eq1aa32; Proxy: null)
Is anyone able to help me, please? thank you
Transit gateway is able to share within organization
The issue is now solved with the following steps:
Login to your master AWS account as root user
Go to the Organizations console and click 'Settings'
'Disable Access' for AWS Resource Access Manager from the 'Trusted access for AWS services' tab
Go to the RAM console, and Click on Settings.
Select “Enable sharing within your AWS Organization”.
Create the resource share again, remember uncheck "Allow external accounts" option, put the account ID again-->Save.
I would like to know how to search details when error is vague in AWS. In below example I would like to know which permission is missing or which operation was performed.
Terminated with errors
Service role bundle-release-import-AWSDataPipelineRole has insufficient EC2 permissions.
EC2 Message: AmazonEC2Exception: You are not authorized to perform this operation.
(Service: AmazonEC2; Status Code: 403; Error Code: UnauthorizedOperation;
Request ID: e2614d7b-ef8f-467d-81cf-14ee9c4671c8; Proxy: null)
You can use:
Option 1: Use Athena queries to troubleshoot IAM permission API call failures by searching AWS CloudTrail logs
Option 2: Use the AWS CLI to troubleshoot IAM permission API call failures
for more details on how to implement each option you can refer to the article below
https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-iam-permission-errors/
I am using an aws educate account provided by my college instructor to learn about serverless application development in aws. I am trying to use CloudFront for Content Delivery Network services but I get the following error. How can this be resolved.
com.amazonaws.services.cloudfront.model.AccessDeniedException: User: arn:aws:sts::127746452845:assumed-role/vocstartsoft/user616202=riwaj.chalise#deerwalk.edu.np is not authorized to perform: cloudfront:ListDistributions with an explicit deny (Service: AmazonCloudFront; Status Code: 403; Error Code: AccessDenied; Request ID: 50ae6438-3196-452a-bcf9-80aaa5cf5e7c; Proxy: null)
How can I resolve this issue? Can my educator provide me the access to this service(cloudfront)?
This is because your user doesn't have privilege to access AWS cloudfront. You can ask your educator for the same.
There is something called AWS Identity and Access Management (IAM) which helps to create users and manage access for each users or group of users to AWS services and resources securely.
I am unable to delete a RDS instance in my account.
The error message shows:
IAM Database Authentication is enabled in the DB Instance but it is not supported for the new configuration from the request. (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 332fe09b-d6a0-47c8-84bc-d1f6881f34d2)
Have you tried disabling IAM Authentication before deleting the instance?
I am running into a strange issue with aws's dynamoDB.
Regularly the dynamoDB aws UI and API calls return the following error:
The AWS Access Key Id needs a subscription for the service
I have a feeling that it's an aws related issue since it happens in the UI and only about 1 in 10 api calls fail with the message. Any suggested solutions would be appreciated.
API Error:
An uncaught Exception was encountered
Type: Aws\DynamoDb\Exception\DynamoDbException
Message: Error executing "PutItem" on "https://dynamodb.us-west-2.amazonaws.com"; AWS HTTP error: Client error: `POST https://dynamodb.us-west-2.amazonaws.com` resulted in a `400 Bad Request` response: {"__type":"com.amazon.coral.service#SubscriptionRequiredException","message":"The AWS Access Key Id needs a subscription (truncated...) SubscriptionRequiredException (client): The AWS Access Key Id needs a subscription for the service - {"__type":"com.amazon.coral.service#SubscriptionRequiredException","message":"The AWS Access Key Id needs a subscription for the service"}
UI error:
The AWS Access Key Id needs a subscription for the service (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: SubscriptionRequiredException; Request ID: ...
After some research, I believe the "The AWS Access Key Id needs a subscription for the service" error is caused by old accounts created when you had to opt in to each individual service.
See this forum post, forums.aws.amazon.com/message.jspa?messageID=609804, for more info.
After creating a completely new AWS account I haven't received the error once, still waiting to see if it can be resolved in my older account.