Reputation: 51
Error creating VPC: UnauthorizedOperation
I am trying to create VPC by using terraform, I am using IAM user's secrate and access key for authentication. But when trying to create VPC it is throwing "Error creating VPC: UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message: <encode_message>" When I decode this message then I got it's don't have permission to ec2:createVpc. But I have assign Administrator Access, ec2 full access and vpc full access to this user. I am able to create any other resources by using this credentials.
Really appreciate your help. Thanks in advance.
Upvotes: 5
Views: 13680
Answers (3)
Reputation: 3569
These can be 1 possible cause:
- After making sure its not
~/.aws/credentialsone possible cause is check if you have a MFA policy set which can be the blocker as well.
For me , I temporarily removed the permission related to MFA and worked.
I figure out the issue by decoding the error message from the response with following command and knew it was MFA:
aws sts decode-authorization-message --encoded-message <code-here>
Now you get to see the cause of the problem
Upvotes: 0
Reputation: 1218
Your user may not have the necessary permissions to perform the action.
Try adding something like the following to your permissions:
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "ec2:DescribeVpcs",
"Resource": "*"
},
{
"Sid": "foo",
"Effect": "Allow",
"Action": [
"ec2:CreateVpc",
"ec2:DeleteVpc"
],
"Resource": "*"
}
Upvotes: 0
Reputation: 301
First, make sure that you have properly setup your AWS credential on your local development environment either with environment variables like AWS_* or the shared credential file ~/.aws/credentials (I am assuming that you're on Linux).
If not, see the official documentation from AWS: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
(I assume you have aws-cli installed, if not then see: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html)
Then, to check if your credential is properly configured, you can try with this command:
aws sts get-caller-identity
You should see something like:
{
"UserId": "<REDACTED>",
"Account": "<REDACTED>",
"Arn": "arn:aws:iam::<REDACTED>:<REDACTED>"
}
Remember not to share the output above!
Upvotes: 1
Related Questions
- VPCIdNotSpecified: No default VPC for this user error when doing terraform apply
- AWS Security Group not in VPC error with Terraform
- An argument named "vpc_id" is not expected here
- vpc_id argument is not expected here
- How to fix "No default VPC for this user, status code: 400" in Terraform?
- Inappropriate value for attribute "vpc_id": string required
- Error: "network_interface": conflicts with vpc_security_group_ids
- How to work through Terraform resource error UnauthorizedOperation: This operation does not support shared VPCs
- Error applying terraform plan to create VPC endpoint in AWS
- Terraform throws "groupName cannot be used with the parameter subnet" or "VPC security groups may not be used for a non-VPC launch"