Reputation: 7491
Why the method describeSubnets in AmazonEC2ClientWrapper results in the AuthFailure?
Probably, the problem is in VPC/security groups/policies, what should I pay attention to?
The stack is as follows:
com.veracode.security.logging.SecureExceptionWrapper: AWS was not able to validate the provided access credentials (Service: AmazonEC2; Status Code: 401; Error Code: AuthFailure; Request ID: 6777ec95-8167-4311-b46e-e40ce7043034)
com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1640)
com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1304)
com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1058)
com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:743)
com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:717)
com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
com.amazonaws.services.ec2.AmazonEC2Client.doInvoke(AmazonEC2Client.java:13611)
com.amazonaws.services.ec2.AmazonEC2Client.invoke(AmazonEC2Client.java:13587)
com.amazonaws.services.ec2.AmazonEC2Client.executeDescribeSubnets(AmazonEC2Client.java:8308)
com.amazonaws.services.ec2.AmazonEC2Client.describeSubnets(AmazonEC2Client.java:8284)
com.company.was.jobservice.utils.ec2.AmazonEC2ClientWrapper.describeSubnets(AmazonEC2ClientWrapper.java:112)
Also I check the policies, one of the policies is : { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2:Describe*", "ec2:CreateTags" ], "Resource": "*" } ] }
Will this policy cover describeSubnets?
Upvotes: 0
Views: 154
Answers (1)
Reputation: 7407
The problem doesn't seem to be linked to VPC or security groups.
You need to (1) correctly configure your credentials and (2) have the correct IAM policy to call describeSubnets, something like:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
You might want to be more restrictive on the Resource field to narrow it to specific subnets.
Upvotes: 0
Related Questions
- Amazon SP-API authentication
- An error occurred (InvalidClientTokenId) when calling the AssumeRole operation: The security token included in the request is invalid
- AmazonEC2Client describeInstances() returns zero Reservations in Java
- Unable to connect to AWS SDK AmazonEC2Client through C#
- AmazonApiGatewayManagementApiClient throws Credential should be scoped to a valid region, not 'us-east-1'
- AWS Network ACL - How does subnet association works?
- Why does this give me an error "must be valid ipv4 cidr"?
- AWS Authentication
- How to override AssociatePublicIpAddress for an EC2 instance
- A client error (UnknownParameter) occurred when calling the AuthorizeSecurityGroupEgress operation: The parameter CidrIp is not recognized