Error launching source instance: UnauthorizedOperation: You are not authorized to perform this operation

1
votes

I am trying to lunch EC2 instance by using Terraform and I am getting the following error:

Error launching source instance: UnauthorizedOperation: You are not authorized to perform this operation.

I have applied AdministratorAccess policy to my IAM account so I guess there should not be IAM restriction issue.

Also I have MFA enabled for my account, but I am using STS token and the API calls are being accepted from Amazon so this should not be the issue as well.

The Terraform code that I am using is so simple:

provider "aws"{
    region="us-east-1"
}
resource "aws_instance" "web" {
  ami           = "ami-00d4e9ff62bc40e03"
  instance_type = "t2.micro"
  tags = {
    Name = "HelloWorld"
  }
}

Please could you assist me as I tired so many things, but I didn't manage to solve the issue. Thanks ahead in time!

5
amazon-web-servicesterraformterraform-provider-aws
Are you sure you're using the correct credentials? What happens if you output the returned values from the terraform.io/docs/providers/aws/d/caller_identity.html data source?ydaetskcoR
The credentials (ACCESS_KEY, SECRET_ACCESS + TOKEN) are correct as I am seeing the same error into the CloudTrailPetar Dimitrov

5 Answers

2
votes

You can try to enable debugging when running the template so you can get a better idea in which permission piece is missing

TF_LOG=DEBUG terraform apply
1
votes

Please use the STS service to decode the authorization token that you get with your response. It will state the exact action you don't have permission to perform.

This is only the first step, you can read more on this from this documentation:

https://aws.amazon.com/premiumsupport/knowledge-center/ec2-not-auth-launch/

1
votes

You're got this error too, I fixed the same by recreating the user in AWS IAM console and then access/secret key. Why that happened is mistakenly I uploaded the tfvars file having access key and secret key to my github repo which was identified by AWS and then it restricted access over that particular IAM user. hats of to AWS for this micro level monitoring and security standard following.

0
votes

Maybe the reason is:

  • This is a new AWS account and the activation process haven't finished yet.
  • Your AWS keys don't have enough permissions to launch EC2 instances.
0
votes

Goto the user you have created for terraform from iamadmin then check the Policies . I have found that "AWSCompromisedKeyQuarantineV2" policy was Attached directly . The description of the policy is :

Policy ARN arn:aws:iam::aws:policy/AWSCompromisedKeyQuarantineV2 Description Denies access to certain actions, applied by the AWS team in the event that an IAM user's credentials have been compromised or exposed publicly. Do NOT remove this policy. Instead, please follow the instructions specified in the support case created for you regarding this event.

Check open issues in aws notification, It will show you Risk IAM quarantine

Your AWS Account may be compromised! We have opened a Support Case with more details. Please visit the AWS Support Center https://aws.amazon.com/support to review the case we've opened for you and take action immediately.