Most of the project requires IAM permission .How can you guys restrict IAM role creation .To work on a AWs three tier project I need to create IAM and ssm role to an instance but I could create on cuz of the restriction.Change that thing most of the hands on prectice and service require Iam dont you guys know that?
Hi @krishna005.kr ,
Can you please give us more detail on what you try to do and which kind of error you’re facing on. I just try to create role and it’s work fine
Regard
I tried to create the below role and attached it to the ec2 .while creating the ec2 it showed permission errors .it was a week pefore . i can barely remember iam permission denied
.
- AmazonSSMManagedInstanceCore
- AmazonS3ReadOnlyAccess
Please be sure that the EC2 instance meet the requirements
Specially the disk type should be gp2
Regard
Hi
- Failed to describe instance information
User: arn:aws:iam::733166649296:user/odl_user_1004496 is not authorized to perform: ssm:DescribeInstanceInformation on resource: arn:aws:ssm:us-east-1:733166649296:* with an explicit deny in a service control policy
I got the below error when i tried to connet to the instance
Hi @krishna005.kr,
This error doesn’t block you if you want to connect on your instance you can connect using ssh from you computer or using EC2 instance connect
Actually the tutorial says to connect using session manager.Have you looked into it .Go through application tier creation.Also I don’t want to cretate bastion host.The instace is in private subnet .I need to use SSM for the lab.
Hi @krishna005.kr,
Session Manager is not authorized for now on playground, you can use bastion to connect to your server.
Actually anything related to SSM, even the Parameter Store, is forbidden.
I couldn’t even run my AWS CDK Bootstrap in the playground.