amazon ec2 - AWS EC2 instance create fails for user via Ansible

Question

I'm trying to create an ec2 instance and running into the following problem:

msg: Instance creation failed => UnauthorizedOperation: 
You are not authorized to perform this operation. 
Encoded authorization failure message: ....very long encoded message.

Update: This only happens when using the secret and access key for a specific user on my account. If I use the access keys for root then it works. But that's not what I want to do. I guess I'm missing something about how users authorize with ec2.

My ansible yml is using aws access and secret key in that order.

---
- hosts: localhost
  connection: local
  gather_facts: no
  vars_files:
  - test_vars.yml
  tasks:
  - name: Spin up Ubuntu Server 14.04 LTS (PV) instance
    local_action:
      module: ec2
      region: 'us-west-1'
      aws_access_key: "{{ aws_access_key }}"
      aws_secret_key: "{{ aws_secret_key }}"
      instance_type: 't1.micro'
      image: ami-f1fdfeb4
      wait: yes
      count: 1

    register: ec2

Answer 1

You need to go into the AWS IAM console ( https://console.aws.amazon.com/iam ) and give that user (related to the Access Key in your script) and give it permissions (a policy) to create EC2 instances.

It sounds like your 'root' user account in AWS already has those permissions if that helps any for comparing the two users to figure out what policy you need to add - you could just create an EC2 group with the right policy from the policy generator and add that user to that EC2 group.

Answer 2

It looks like a permission issue with AWS. Root user have full permission so it will definitely work with that. Check if your AWS specific user has permissions to launch an instance.