CODEWITHSUNDEEP
amazon-web-services
Mehran
Mehran

Reputation: 16881

I'm not authorized to perform: mobilehub:GetProject while I've got the AdministratorAccess permission

I'm trying to setup a Mobile Hub project and according to this page, my user on AWS needs to have AdministratorAccess permission before it can create a project on Mobile Hub. Now, when I run the following command:

$ awsmobile init XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

It prompts an error:

failed to link to backend awsmobile project with id = XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

{ UnauthorizedException: Sorry, but you do not have permission for this operation. For help, see http://docs.aws.amazon.com/mobile-hub/latest/developerguide/managed-policies.html. Details = User: arn:aws:iam::XXXXXXXXXXXX:user/XXXXXX is not authorized to perform: mobilehub:GetProject on resource: arn:aws:mobilehub:us-east-1:XXXXXXXXXXXX:project/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX with an explicit deny
    at Object.extractError (/usr/lib/node_modules/awsmobile-cli/node_modules/aws-sdk/lib/protocol/json.js:48:27)
    at Request.extractError (/usr/lib/node_modules/awsmobile-cli/node_modules/aws-sdk/lib/protocol/rest_json.js:52:8)
    at Request.callListeners (/usr/lib/node_modules/awsmobile-cli/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
    at Request.emit (/usr/lib/node_modules/awsmobile-cli/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
    at Request.emit (/usr/lib/node_modules/awsmobile-cli/node_modules/aws-sdk/lib/request.js:683:14)
    at Request.transition (/usr/lib/node_modules/awsmobile-cli/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/usr/lib/node_modules/awsmobile-cli/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /usr/lib/node_modules/awsmobile-cli/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/usr/lib/node_modules/awsmobile-cli/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/usr/lib/node_modules/awsmobile-cli/node_modules/aws-sdk/lib/request.js:685:12)
  message: 'Sorry, but you do not have permission for this operation. For help, see http://docs.aws.amazon.com/mobile-hub/latest/developerguide/managed-policies.html. Details = User: arn:aws:iam::XXXXXXXXXXXX:user/XXXXXX is not authorized to perform: mobilehub:GetProject on resource: arn:aws:mobilehub:us-east-1:XXXXXXXXXXXX:project/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX with an explicit deny',
  code: 'UnauthorizedException',
  time: 2018-04-19T17:39:47.179Z,
  requestId: 'a737c3c5-43f8-11e8-ad18-c3e47c13a2c2',
  statusCode: 401,
  retryable: false,
  retryDelay: 75.21814774329248 }

You must enable Mobile Hub service role before using the awsmobile cli
https://console.aws.amazon.com/mobilehub/home?#/activaterole/

The problem is that my user has got AdministratorAccess permission. Yet I'm unable to initialize a Mobile Hub project.

One other thing, when I go to my user's Access Advisor page, I can see the AWSMobileHub_FullAccess policy for the service AWS Mobile Hub in the list.

Upvotes: 0

Views: 565

Answers (1)

krishna_mee2004
krishna_mee2004

Reputation: 7366

Based on the error message, it looks like there is a Deny statement in your user's permission. When you go to the IAM user console and select your user, you will find a list of policies or groups that are attached to your user. Please check if any of them has a Deny statement.

Upvotes: 2

Related Questions