search

peterkimzz / aws-ssm-send-command

Github Actions for using AWS SSM Send-Command
MIT License
63 stars 32 forks source link

AccessDeniedException #13

Closed surajmandalcell closed 3 years ago

surajmandalcell commented 3 years ago 
/home/runner/work/_actions/peterkimzz/aws-ssm-send-command/master/node_modules/aws-sdk/lib/request.js:31
            throw err;
            ^

AccessDeniedException: User: arn:aws:iam::_____________ is not authorized to perform: ssm:SendCommand on resource: arn:aws:ec2:________________________
    at Request.extractError (/home/runner/work/_actions/peterkimzz/aws-ssm-send-command/master/node_modules/aws-sdk/lib/protocol/json.js:52:27)
    at Request.callListeners (/home/runner/work/_actions/peterkimzz/aws-ssm-send-command/master/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
    at Request.emit (/home/runner/work/_actions/peterkimzz/aws-ssm-send-command/master/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/home/runner/work/_actions/peterkimzz/aws-ssm-send-command/master/node_modules/aws-sdk/lib/request.js:688:14)
    at Request.transition (/home/runner/work/_actions/peterkimzz/aws-ssm-send-command/master/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/home/runner/work/_actions/peterkimzz/aws-ssm-send-command/master/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /home/runner/work/_actions/peterkimzz/aws-ssm-send-command/master/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/home/runner/work/_actions/peterkimzz/aws-ssm-send-command/master/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/home/runner/work/_actions/peterkimzz/aws-ssm-send-command/master/node_modules/aws-sdk/lib/request.js:690:12)
    at Request.callListeners (/home/runner/work/_actions/peterkimzz/aws-ssm-send-command/master/node_modules/aws-sdk/lib/sequential_executor.js:116:18) {
  message: 'User: arn:aws:iam::______________________ is not authorized to perform: ssm:SendCommand on resource: arn:aws:ec2:___________________________',
  code: 'AccessDeniedException',
  time: 2021-03-07T18:24:01.387Z,
  requestId: 'f4ab12fb-b54b-4aab-9bf1-0ad63cbcff74',
  statusCode: 400,
  retryable: false,
  retryDelay: 94.15675078953925
}

What permissions does my I am user needs for this?

peterkimzz commented 3 years ago

Hi surajmandalcell,

To use this action, you have to set AWS IAM Role AmazonSSMFullAccess to your IAM user, and your EC2 Instance must have IAM Role including AmazonSSMFullAccess.

I think it might be an issue of User IAM, not an instance. Your error said User: arn:aws:iam::_____________ is not authorized to perform:.

Please check your aws-access-key-id and aws-secret-access-key.

surajmandalcell commented 3 years ago

Thank you for helping, it is fixed now.