jralmaraz
commented
5 years ago I was able to create the following policy and assign to my user/group, but still receive "UnauthorizedOperation: You are not authorized to perform this operation." when adding a node template.
I tried 2 different roles:
1) Trustee to my user; 2) Trustee to ec2 assume role
Both of them failed.
Policy detail:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:Describe", "ec2:ImportKeyPair", "ec2:CreateKeyPair", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DeleteKeyPair" ], "Resource": "" }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "iam:PassRole", "ec2:RunInstances" ], "Resource": [ "arn:aws:ec2:ap-southeast-2::image/ami-", "arn:aws:ec2:ap-southeast-2:MY_ID:instance/", "arn:aws:ec2:ap-southeast-2:MY_ID:placement-group/", "arn:aws:ec2:ap-southeast-2:MY_ID:volume/", "arn:aws:ec2:ap-southeast-2:MY_ID:subnet/", "arn:aws:ec2:ap-southeast-2:MY_ID:key-pair/", "arn:aws:ec2:ap-southeast-2:MY_ID:network-interface/", "arn:aws:ec2:ap-southeast-2:MY_ID:security-group/", "arn:aws:iam::MY_ID:role/RancherRole" ] }, { "Sid": "VisualEditor2", "Effect": "Allow", "Action": [ "ec2:RebootInstances", "ec2:TerminateInstances", "ec2:StartInstances", "ec2:StopInstances" ], "Resource": "arn:aws:ec2:ap-southeast-2:MY_ID:instance/*" } ] }
Hi,
I am trying to configure a new cluster with Rancher on AWS, by clicking "Add Node Template" I got " UnauthorizedOperation: You are not authorized to perform this operation."
I reviewed the documentation per-requisites and tried to create the IAM policy according to the examples at:
https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/ec2/#example-iam-policy-with-passrole
AWS' IAM policy fails to be created with:
"An error occurred Your request has a problem. Please see the following details. The policy failed legacy parsing "
Thanks in advance for any feedback.
Cheers.
Jose