ennio1991
commented
2 months ago This error indicates an issue while exchanging the token from the Identity Provider with IAM Identity Center application. Some sources of error:
- User is not assigned to the customer managed application. You can either assign the users / groups to the customer managed application created or toggle the "Do not require assignments" option.
- The IAM role of the web application is not listed in the Application Credentials of the customer managed application in IAM Identity Center
sirfan123
Getting
AccessDeniedException: An error occurred (AccessDeniedException) when calling the CreateTokenWithIAM operation: 2024-07-26 12:34:03.872 Uncaught app exception Traceback (most recent call last): File "C:\directory\script_runner.py", line 600, in _run_script exec(code, module.dict) File "C:directory\app.py", line 48, in
st.session_state["idc_jwt_token"] = utils.get_iam_oidc_token(st.session_state.token["id_token"])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\directory\utils.py", line 102, in get_iam_oidc_token
response = client.create_token_with_iam(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\directory\client.py", line 565, in _api_call
return self._make_api_call(operation_name, kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\directory\client.py", line 1021, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.errorfactory.AccessDeniedException: An error occurred (AccessDeniedException) when calling the CreateTokenWithIAM operation:
Trying to run this locally, do not require assignments is enabled. Perhaps something to do with my cli creds being used when I run locally?