Reputation: 93
AWS iam:ListRolePolicies permissions error on all IAM service
I have a problem. I'm using an AWS educate account, and when I try to follow tutorials (Lambda one in this case), I can't create/modify roles.
So, I go in the IAM dedicated page, and in this page, i can't create, edit or delete Users / roles / Groups etc..
When I create a role, this role is always as default and I can't modify it.
It's always about : iam:ListRolePolicies
Exemples :
Try to delete a Kinesis Role = User: arn:aws:sts::11111111:federated-user/myID is not authorized to perform: iam:ListRolePolicies on resource: role Kinesis-Data-Generator-Cog-UnauthenticatedUserRole-1T1HLD2QUMZ8T
Trying to modify the lambda role I just created = User: arn:aws:sts::11111111:federated-user/myID is not authorized to perform: iam:ListRolePolicies on resource: role lambda_dynamodb_execution
Is this a bug ? Can you help me ? Thanks in advance !
Upvotes: 1
Views: 1514
Answers (1)
Reputation: 93
So, I have the answer from AWS, that say :
Hello,
I apologize for the trouble you've had while attempting to use these services. The IAM service is unavailable to Educate Starter Accounts which is why you're running into these issues.
If you don't believe the Starter account will meet your needs, we can convert your AWS Educate benefits to the other option - credit for a normal AWS account. In order to take advantage of this option, you will need your own AWS account, which requires phone verification and a valid credit card to activate. If you have not already done so, you can visit https://aws.amazon.com to create a normal AWS account.
Once you have an active AWS account, you can request conversion of your AWS Educate benefits by logging in to your AWS account and creating a case from the Support Center at the URL below.
So it seems normal that you can't do the educate tutorials with an educate account.. That quite strange..
Tutorial exemple :
In the Create function window, configure the following:
- Name: Create-Thumbnail
- Runtime: Python 3.6
- Existing role: lambda-execution-role
All IAM roles have :
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:*"
}
]
}
Hope this will be usefull for someone else.
Upvotes: 2
Related Questions
- aws iam role succesfully created but unvailable
- AWS - IAM User Role Permissions are not Propagating to User
- AWS IAM is failing with missing permissions that are unrecognized by AWS
- AWS IAM policy permissions clash issue
- "ListAccounts" access denied in AWS IAM policy
- AWS IAM Role permission issue
- IAM role fails to give permission to an EC2 instance
- Failed to retrieve list of IAM roles and policies. (Loading Roles Error)
- IAM Roles Assume Role Permission
- Adding permission to IAM role