So i am getting UnauthorizedOperation: You are not authorized to perform this operation error. I am aware this is happening due to some restrictive policy, but i have checked and i have all the required policies access as per Packer documentation. Can someone point out the problem for me please. I am providing the entire script, error as well as the decoded error message. Your quick help in this regard will be highly appreciated.
Packer script
{
"variables": {
"instance_size": "t2.micro",
"ami_name": "ami_auto_gold_ami_poc",
"ssh_username": "ubuntu",
"vpc_id": "",
"subnet_id": "",
"security_group": "",
"ssh_keypair": "",
"AWS_ACCESS_KEY_ID": "******************",
"AWS_SECRET_ACCESS_KEY": "**********************"
},
"builders": [
{
"type": "amazon-ebs",
"region": "eu-west-1",
"profile": "default",
"access_key": "{{user `AWS_ACCESS_KEY_ID`}}",
"secret_key": "{{user `AWS_SECRET_ACCESS_KEY`}}",
"instance_type": "{{user `instance_size`}}",
"ssh_username": "{{user `ssh_username`}}",
"ssh_timeout": "20m",
"ami_name": "{{user `ami_name`}}",
"ami_groups": "all",
"ssh_pty": "true",
"vpc_id": "{{user `vpc_id`}}",
"subnet_id": "{{user `subnet_id`}}",
"security_group_id": "{{user `security_group`}}",
"ssh_keypair_name": "{{user `ssh_keypair`}}",
"ssh_private_key_file": "abc.pem",
"source_ami": "ami-0f630a3f40b1eb0b8",
"run_tags": {
"Name": "Packer_POC",
"Author": "Vikas Arora",
"Service": "Packer_AMI",
"Environment": "dev"
},
"tags": {
"Name": "Packer_POC",
"Author": "Vikas Arora",
"Service": "Packer_AMI",
"Environment": "dev"
},
"ami_block_device_mappings": [
{
"device_name": "/dev/sda1",
"volume_type": "gp2",
"volume_size": 30,
"iops": 150,
"delete_on_termination": "true"
}
]
}
]
}
Packer Build Command
sudo packer build -var âvpc_id=â -var 'subnet_id=subnet-â -var 'security_group=sg-â -var 'ssh_keypair=***â packer.json
Error
==> amazon-ebs: Prevalidating AMI Name⌠amazon-ebs: Found Image ID: ami-0f630a3f40b1eb0b8==> amazon-ebs: Using existing SSH private key==> amazon-ebs: Launching a source AWS instanceâŚ==> amazon-ebs: Error launching source instance: UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message: hgkhgj6776gfgjhgkhgfhjfj909809nvhghg
==> amazon-ebs: status code: 403, request id: 5d4cef6e-ce1f-4d19-b8d1-b686ee8ecc7b
==> amazon-ebs: No volumes to clean up, skipping
Build âamazon-ebsâ errored: Error launching source instance: UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message: ghfgfstgkkn+y6868767756769jmb-mnbm
status code: 403, request id: 8768r46ghgjsgdcguy9869879
Decoded authorization failure message
{
âallowedâ: false,
âexplicitDenyâ: true,
âmatchedStatementsâ: {
âitemsâ: [
{
âstatementIdâ: âAPRequireNameTagâ,
âeffectâ: âDENYâ,
âprincipalsâ: {
âitemsâ: [
{
âvalueâ: âAIDAJY32CKVY4QWZNV63Uâ
}
]
},
âprincipalGroupsâ: {
âitemsâ:
},
âactionsâ: {
âitemsâ: [
{
âvalueâ: âec2:RunInstancesâ
}
]
},
âresourcesâ: {
âitemsâ: [
{
âvalueâ: âarn:aws:ec2:::instance/"
}
]
},
âconditionsâ: {
âitemsâ: [
{
âkeyâ: âaws:RequestTag/Nameâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: âtrueâ
}
]
}
}
]
}
},
{
âstatementIdâ: âAPRequireAuthorTagâ,
âeffectâ: âDENYâ,
âprincipalsâ: {
âitemsâ: [
{
âvalueâ: âAIDAJY32CKVY4QWZNV63Uâ
}
]
},
âprincipalGroupsâ: {
âitemsâ: []
},
âactionsâ: {
âitemsâ: [
{
âvalueâ: âec2:RunInstancesâ
}
]
},
âresourcesâ: {
âitemsâ: [
{
âvalueâ: "arn:aws:ec2:::instance/"
}
]
},
âconditionsâ: {
âitemsâ: [
{
âkeyâ: âaws:RequestTag/Authorâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: âtrueâ
}
]
}
}
]
}
},
{
âstatementIdâ: âAPRequireServiceTagâ,
âeffectâ: âDENYâ,
âprincipalsâ: {
âitemsâ: [
{
âvalueâ: âAIDAJY32CKVY4QWZNV63Uâ
}
]
},
âprincipalGroupsâ: {
âitemsâ: []
},
âactionsâ: {
âitemsâ: [
{
âvalueâ: âec2:RunInstancesâ
}
]
},
âresourcesâ: {
âitemsâ: [
{
âvalueâ: "arn:aws:ec2:::instance/"
}
]
},
âconditionsâ: {
âitemsâ: [
{
âkeyâ: âaws:RequestTag/Serviceâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: âtrueâ
}
]
}
}
]
}
},
{
âstatementIdâ: âAPRequireEnvironmentTagâ,
âeffectâ: âDENYâ,
âprincipalsâ: {
âitemsâ: [
{
âvalueâ: âAIDAJY32CKVY4QWZNV63Uâ
}
]
},
âprincipalGroupsâ: {
âitemsâ: []
},
âactionsâ: {
âitemsâ: [
{
âvalueâ: âec2:RunInstancesâ
}
]
},
âresourcesâ: {
âitemsâ: [
{
âvalueâ: "arn:aws:ec2:::instance/"
}
]
},
âconditionsâ: {
âitemsâ: [
{
âkeyâ: âaws:RequestTag/Environmentâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: âtrueâ
}
]
}
}
]
}
},
{
âstatementIdâ: âAPRequireEnvironmnetTagOptionâ,
âeffectâ: âDENYâ,
âprincipalsâ: {
âitemsâ: [
{
âvalueâ: âAIDAJY32CKVY4QWZNV63Uâ
}
]
},
âprincipalGroupsâ: {
âitemsâ: []
},
âactionsâ: {
âitemsâ: [
{
âvalueâ: âec2:RunInstancesâ
}
]
},
âresourcesâ: {
âitemsâ: [
{
âvalueâ: "arn:aws:ec2::*********:instance/"
}
]
},
âconditionsâ: {
âitemsâ: [
{
âkeyâ: âaws:RequestTag/Environmentâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: âprodâ
},
{
âvalueâ: âqaâ
},
{
âvalueâ: âuatâ
},
{
âvalueâ: âdevâ
}
]
}
}
]
}
}
]
},
âfailuresâ: {
âitemsâ: []
},
âcontextâ: {
âprincipalâ: {
âidâ: âAIDAJY32CKVY4QWZNV63Uâ,
ânameâ: âterraform-aroravâ,
âarnâ: "arn:aws:iam:::user/terraform-arorav"
},
âactionâ: âec2:RunInstancesâ,
âresourceâ: "arn:aws:ec2:eu-west-1::instance/",
âconditionsâ: {
âitemsâ: [
{
âkeyâ: âec2:InstanceMarketTypeâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: âon-demandâ
}
]
}
},
{
âkeyâ: âaws:Resourceâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: "instance/"
}
]
}
},
{
âkeyâ: âaws:Accountâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: ""
}
]
}
},
{
âkeyâ: âec2:AvailabilityZoneâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: âeu-west-1bâ
}
]
}
},
{
âkeyâ: âec2:ebsOptimizedâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: âfalseâ
}
]
}
},
{
âkeyâ: âec2:IsLaunchTemplateResourceâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: âfalseâ
}
]
}
},
{
âkeyâ: âec2:InstanceTypeâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: ât2.microâ
}
]
}
},
{
âkeyâ: âec2:RootDeviceTypeâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: âebsâ
}
]
}
},
{
âkeyâ: âaws:Regionâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: âeu-west-1â
}
]
}
},
{
âkeyâ: âaws:Serviceâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: âec2â
}
]
}
},
{
âkeyâ: âec2:InstanceIDâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: ""
}
]
}
},
{
âkeyâ: âaws:Typeâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: âinstanceâ
}
]
}
},
{
âkeyâ: âec2:Tenancyâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: âdefaultâ
}
]
}
},
{
âkeyâ: âec2:Regionâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: âeu-west-1â
}
]
}
},
{
âkeyâ: âaws:ARNâ,
âvaluesâ: {
âitemsâ: [
{
âvalueâ: "arn:aws:ec2:eu-west-1:***:instance/â
}
]
}
}
]
}
}
}