"You are not authorized to perform this operation"

0
votes

I am admin for our AWS environment, and wanted to use PowerShell, but I get these errors whenever I try to do anything

Get-EC2Region : You are not authorized to perform this operation.

or

Get-CSDomain : User: arn:aws:iam::123456789012:user/Jane.Doe is not authorized to perform: cloudsearch:DescribeDomains on resource: arn:aws:cloudsearch:eu-west-1:123456789012:domain/*

In my personal AWS account, everything works fine. We had a look at our policies, and us four admins can all do everything using the webconsole. I have regenerated my access keys just in case that might be it, but there was no change.

So I guess my questions is:Do we need to implement some CLI specific policies to allow access via PowerShell?

1
powershellamazon-web-services
You need to make sure the user you are using the correct AWS user credentials and the correct IAM policy to allow the cloudsearch:DescribeDomains operation. Can you double check and add that policy to your question?Rodrigo M
There are now PowerShell specific policies. Its a IAM permission issue for sure.Rodrigo M
There are no ...Rodrigo M

1 Answers

0
votes

You need to make sure the user you are using the correct AWS user credentials and the correct IAM policy to allow the given user to do the operation.

There are no CLI specific policies to PowerShell. The user simply has not been granted those permissions.

A good test would be to grant the user ec2:* and cloudsearch:* and confirm. then you can tighten down the permissions, having confirmed that the user can be successfully given a more permissive set of permissions.