英文:
An error occurred (UnauthorizedOperation) when calling the DescribeLaunchTemplates operation?
问题
I was trying to deploy launch template in my AWS autoscaling group using ansible!
Here was my script
-
name: base64 conversion
command: base64 -w 0 roles/inspect/tasks/user_data_cs.sh
register: userdata -
debug:
var: userdata.stdout
#To deploy the user data in lauch template
- name: User data deployment
ec2_launch_template:
name: "{{ LT_name }}"
image_id: "ami-##########"
key_name: "aws-dev"
block_device_mappings:- device_name: "/dev/sdb"
ebs:
volume_size: 20
encrypted: true - device_name: "/dev/xvda"
ebs:
volume_size: 10
volume_type: gp2
delete_on_termination: yes
encrypted: true
default_version: 1
ebs_optimized: no
iam_instance_profile: "aws-ec2-role"
network_interfaces: - device_index : 0
delete_on_termination: yes
associate_public_ip_address: no
groups: ["sg-##########"]
instance_type: t3.small
user_data: "{{ userdata.stdout }}"
when: name_env == "dev"
- device_name: "/dev/sdb"
It was showing error
TASK [inspect : User data deployment]
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (UnauthorizedOperation) when calling the DescribeLaunchTemplates operation: You are not authorized to perform this operation.
[WARNING]: The value 1 (type int) in a string field was converted to '1' (type
string). If this does not look like what you expect, quote the entire value to
ensure it does not change.
fatal: [127.0.0.1]: FAILED! => {"boto3_version": "1.24.38", "botocore_version": "1.27.38", "changed": false, "error": {"code": "UnauthorizedOperation", "message": "You are not authorized to perform this operation."}, "msg": "Could not check existing launch templates. This may be an IAM permission problem.: An error occurred (UnauthorizedOperation) when calling the DescribeLaunchTemplates operation: You are not authorized to perform this operation.", "response_metadata": {"http_headers": {"cache-control": "no-cache, no-store", "content-type": "text/xml;charset=UTF-8", "date": "Thu, 05 Jan 2023 13:17:02 GMT", "server": "AmazonEC2", "strict-transport-security": "max-age=31536000; includeSubDomains", "transfer-encoding": "chunked", "vary": "accept-encoding", "x-amzn-requestid": "c0cd0411-c88e-4569-bd91-21dd46708224"}, "http_status_code": 403, "request_id": "c0cd0411-c88e-4569-bd91-21dd46708224", "retry_attempts": 0}
Here was my IAM permssions!
There seems to be no action as "DescribeLaunchTemplate"
I tried with autoscaling:DescribeLaunchTemplate elasticloadbalancing:DescribeLaunchTemplate
application-autoscaling:DescribeLaunchTemplate
also only
DescribeLaunchTemplate
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"elasticloadbalancing:DescribeLoadBalancers",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:CreateOrUpdateTags"
],
"Resource": "*"
}
]
}
and
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"application-autoscaling:RegisterScalableTarget",
"application-autoscaling:DeleteScheduledAction",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DeleteScalingPolicy",
"elasticloadbalancing:DescribeLoadBalancers",
"autoscaling:DescribeAutoScalingGroups",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:PutScalingPolicy",
"elasticloadbalancing:DescribeTargetGroups",
"autoscaling:DescribeLoadBalancerTargetGroups",
"application-autoscaling:DescribeScheduledActions",
"application-autoscaling:PutScheduledAction",
"application-autoscaling:DeregisterScalableTarget"
],
"Resource": "*"
}
]
}
I also tried adding "DescribeLaunchTemplates" but there seems to be no action on IAM like that checked with asg and everything.
英文:
I was trying to deploy launch template in my AWS autoscaling group using ansible!
Here was my script
- name: base64 conversion
command: base64 -w 0 roles/inspect/tasks/user_data_cs.sh
register: userdata
- debug:
var: userdata.stdout
#To deploy the user data in lauch template
- name: User data deployment
ec2_launch_template:
name: "{{ LT_name }}"
image_id: "ami-##########"
key_name: "aws-dev"
block_device_mappings:
- device_name: "/dev/sdb"
ebs:
volume_size: 20
encrypted: true
- device_name: "/dev/xvda"
ebs:
volume_size: 10
volume_type: gp2
delete_on_termination: yes
encrypted: true
default_version: 1
ebs_optimized: no
iam_instance_profile: "aws-ec2-role"
network_interfaces:
- device_index : 0
delete_on_termination: yes
associate_public_ip_address: no
groups: ["sg-##########"]
instance_type: t3.small
user_data: "{{ userdata.stdout }}"
when: name_env == "dev"
It was showing error
TASK [inspect : User data deployment] ******************************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: botocore.exceptions.ClientError: An error occurred (UnauthorizedOperation) when calling the DescribeLaunchTemplates operation: You are not authorized to perform this operation.
[WARNING]: The value 1 (type int) in a string field was converted to '1' (type
string). If this does not look like what you expect, quote the entire value to
ensure it does not change.
fatal: [127.0.0.1]: FAILED! => {"boto3_version": "1.24.38", "botocore_version": "1.27.38", "changed": false, "error": {"code": "UnauthorizedOperation", "message": "You are not authorized to perform this operation."}, "msg": "Could not check existing launch templates. This may be an IAM permission problem.: An error occurred (UnauthorizedOperation) when calling the DescribeLaunchTemplates operation: You are not authorized to perform this operation.", "response_metadata": {"http_headers": {"cache-control": "no-cache, no-store", "content-type": "text/xml;charset=UTF-8", "date": "Thu, 05 Jan 2023 13:17:02 GMT", "server": "AmazonEC2", "strict-transport-security": "max-age=31536000; includeSubDomains", "transfer-encoding": "chunked", "vary": "accept-encoding", "x-amzn-requestid": "c0cd0411-c88e-4569-bd91-21dd46708224"}, "http_status_code": 403, "request_id": "c0cd0411-c88e-4569-bd91-21dd46708224", "retry_attempts": 0}}
Here was my IAM permssions!
There seems to be no action as "DescribeLaunchTemplate"
I tried with autoscaling:DescribeLaunchTemplate elasticloadbalancing:DescribeLaunchTemplate
application-autoscaling:DescribeLaunchTemplate
also only
DescribeLaunchTemplate
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"elasticloadbalancing:DescribeLoadBalancers",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:CreateOrUpdateTags"
],
"Resource": "*"
}
]
}
and
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"application-autoscaling:RegisterScalableTarget",
"application-autoscaling:DeleteScheduledAction",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DeleteScalingPolicy",
"elasticloadbalancing:DescribeLoadBalancers",
"autoscaling:DescribeAutoScalingGroups",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:PutScalingPolicy",
"elasticloadbalancing:DescribeTargetGroups",
"autoscaling:DescribeLoadBalancerTargetGroups",
"application-autoscaling:DescribeScheduledActions",
"application-autoscaling:PutScheduledAction",
"application-autoscaling:DeregisterScalableTarget"
],
"Resource": "*"
}
]
}
I also tried adding "DescribeLaunchTemplates" but there seems to be no action on IAM like that checked with asg and everything.
答案1
得分: 1
"ec2:DescribeLaunchTemplates" 和 "ec2:DescribeLaunchTemplateVersions" 已解决此问题。
英文:
Adding
"ec2:DescribeLaunchTemplates",
"ec2:DescribeLaunchTemplateVersions"
Resolved this issue
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论