How to do find out what IAM permissions are needed for a request that failed with a 403

2
votes

I am using Terraform and I am trying to limit the access as much as possible, but I want to know what those limits are.

Terraform provides me a request ID for the request that had failed, but I am not sure where in the AWS console to go to put in that request ID and see what it was trying to do and what IAM policy it failed on.

In Given a failed AWS API request, how can I debug what permissions I need? they are looking for something more specific to S3, but I am doing a broader one with Terraform and I'm dealing with IAM resources and EC2 creation.

1
amazon-web-servicesterraform
Possible duplicate of Given a failed AWS API Reuqest, how can I debug what permissions I need?Archimedes Trajano
Do you have an example? Most Terraform permission errors with AWS show what API call they were trying to make when it failed and most IAM permissions map reasonably cleanly to those API calls.ydaetskcoR

1 Answers

1
votes

To check the request that was made and all detailed information, just use Cloudtrail, which let you check all the requests made to your account.

Go to https://console.aws.amazon.com/cloudtrail/home?region=us-east-1#/events

In the filter dropdown of Event choose "Event ID" and next type in the ID given from Terraform.