search

kislyuk / aegea

Amazon Web Services Operator Interface
Apache License 2.0
68 stars 17 forks source link

launch: allow launch with PowerUser and iam:PassRole only #69

Closed kislyuk closed 2 years ago

kislyuk commented 2 years ago 
Traceback (most recent call last):
  File "/usr/local/bin/aegea", line 23, in <module>
    aegea.main()
  File "/Users/andrey.kislyuk/projects/aegea/aegea/__init__.py", line 86, in main
    result = parsed_args.entry_point(parsed_args)
  File "/Users/andrey.kislyuk/projects/aegea/aegea/launch.py", line 190, in launch
    umbrella_policy = compose_managed_policies(args.iam_policies)
  File "/Users/andrey.kislyuk/projects/aegea/aegea/util/aws/iam.py", line 147, in compose_managed_policies
    doc = resources.iam.Policy(arn="arn:aws:iam::aws:policy/" + policy_name).default_version.document
  File "/usr/local/lib/python3.9/site-packages/boto3/resources/factory.py", line 431, in get_reference
    self.load()
  File "/usr/local/lib/python3.9/site-packages/boto3/resources/factory.py", line 505, in do_action
    response = action(self, *args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/boto3/resources/action.py", line 83, in __call__
    response = getattr(parent.meta.client, operation_name)(*args, **params)
  File "/usr/local/lib/python3.9/site-packages/botocore/client.py", line 386, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/usr/local/lib/python3.9/site-packages/botocore/client.py", line 705, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the GetPolicy operation: User: arn:aws:sts::1234567890123:assumed-role/ROLE is not authorized to perform: iam:GetPolicy on resource: policy arn:aws:iam::aws:policy/IAMReadOnlyAccess
kislyuk commented 2 years ago

In 5f6bc7c3ba4c643a77db33542e038a7be3a05d37