I am unable to delete a RDS instance in my account.
The error message shows:
IAM Database Authentication is enabled in the DB Instance but it is not supported for the new configuration from the request. (Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterCombination; Request ID: 332fe09b-d6a0-47c8-84bc-d1f6881f34d2)
Have you tried disabling IAM Authentication before deleting the instance?
Related
I have a spring java app that runs fine locally, but after uploading the jar file to elastic beanstalk, I'm unable to access the end point and the app health shows as severe.
in the logs it says the following:
User:
arn:aws:sts::487484241999:assumed-role/aws-elasticbeanstalk-ec2-role/i-0e95c4754f49ff217
is not authorized to perform: rds:DescribeDBInstances on resource:
arn:aws:rds:eu-west-2:487484241999:db:[redacted] because no
identity-based policy allows the rds:DescribeDBInstances action
(Service: AmazonRDS; Status Code: 403; Error Code: AccessDenied;
Request ID: 37290a99-f52c-4553-a614-90ffe980da97; Proxy: null)
I have set the correct permissions to the user, I think the issue has something to do with permissions/trust policies surrounding assumed-role
I would like to know how to search details when error is vague in AWS. In below example I would like to know which permission is missing or which operation was performed.
Terminated with errors
Service role bundle-release-import-AWSDataPipelineRole has insufficient EC2 permissions.
EC2 Message: AmazonEC2Exception: You are not authorized to perform this operation.
(Service: AmazonEC2; Status Code: 403; Error Code: UnauthorizedOperation;
Request ID: e2614d7b-ef8f-467d-81cf-14ee9c4671c8; Proxy: null)
You can use:
Option 1: Use Athena queries to troubleshoot IAM permission API call failures by searching AWS CloudTrail logs
Option 2: Use the AWS CLI to troubleshoot IAM permission API call failures
for more details on how to implement each option you can refer to the article below
https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-iam-permission-errors/
Hi recently(today) I joined the Amazon Web Services platform, to host my database in the cloud, however after creating an account(free tier), when I navigated to the create database(RDS), I noticed this error:
The AWS Access Key Id needs a subscription for the service (Service: AmazonRDS; Status Code: 403; Error Code: OptInRequired; Request ID: a27f4e40-5687-43b3-8bba-ccf419cf7e8f)
How do I go about fixing this?
According to the documentation
If you're using an account that was created in or after 2011, then update your account status.
I am creating an Aws Emr cluster with AWS Java SDK. Below is the code snippet.
JobFlowInstancesConfig jobFlowInstanceConfig = new JobFlowInstancesConfig()
.withEc2SubnetId(config.getEc2SubnetId())
.withEc2KeyName(config.getEc2KeyName())
.withInstanceCount(config.getInstanceCount())
.withKeepJobFlowAliveWhenNoSteps(true)
.withMasterInstanceType(config.getMasterInstanceType())
.withSlaveInstanceType(config.getSlaveInstanceType());
RunJobFlowRequest request = new RunJobFlowRequest()
.withName(clusterName)
.withReleaseLabel(config.getReleaseLabel())
.withApplications(applications)
.withLogUri(config.getLogUri())
.withServiceRole(config.getServiceRole())
.withJobFlowRole(config.getJobFlowRole())
.withInstances(jobFlowInstanceConfig);
RunJobFlowResult runJobFlowResult = emrClient.runJobFlow(request);
As you can see I am setting "JobFlowRole" using .withJobFlowRole(config.getJobFlowRole()), but it is taking default values which does not have permission to create cluster.
I am getting following error:
com.amazonaws.services.elasticmapreduce.model.AmazonElasticMapReduceException: User: arn:aws:sts::6...0:assumed-role/default-role/i-0...4 is not authorized to perform: iam:PassRole on resource: arn:aws:iam::6...0:role/EMR_DefaultRole (Service: AmazonElasticMapReduce; Status Code: 400; Error Code: AccessDeniedException; Request ID: a...f)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1701)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1356)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1102)
Help please.
The JobFlowRole is the role of EMR service and this is not the role for creation EMR. See documentation.
You should have the right permission to create an EMR where you used to get the AWS credentials. The iam:PassRole is missing for your credentials.
The AWS Access Key Id needs a subscription for the service (Service: AmazonAccountsService; Status Code: 400; Error Code: SubscriptionRequiredException)
This output I get for my java code when I try to create Linked account programmatically.
Is their any policy or permission requires? and How can I subscribe for AmazonAccountsService?