Terraform - provision EC2

Hello
I am to create my 1st EC2 instance using Terraform and getting the error at the very bottom of this post.

I have tries granting both Full EC3 and Full Admin privs to the user as a start I also created a policy below (for the PassRole issue I have seen in my search) and I added the policy directly to the user.

Any help greatly appreciated

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "iam:PassRole",
            "Resource": "arn:aws:iam::999999999:role/*",
            "Effect": "Allow"
        }
    ]
}
Error: Error launching source instance: UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message: migT_6YJeEpnNhmyG_5Nkpm5tTJEW5PYiLmoR0-yriqMyasEQY4nk6GqpQa8UZn3dvi9fxRb77dqSl4-zDs3x_AdtVR4rofZkCoflnVnjfDWwi0KDZPQpgul2wgSH8IS3vgF7rBFlRJDw1c7Nf5PCQDL9kSnXeonCkRHFoInUgyIN4CY77SblKcYIrLkwsXItOWdHPgy6iTlNZLQOM_UqwS8eX_vXtxE9tSgeqVtRpXWM6p4n9JwblSGjM4xTMBv37aTOVKqvwfL8_HVL7ySc-V0zP9E0dSpnp8181ENeB4hjlZE8gGxsSHKkCYakDoZefwbCwZZLo_aTI9udZxwoVok1WyZ5yQ23SZ0a-xaynrLTDZn_SLTYG17w_0gXE3DGU37loyg6aYzoMf7PRilmLuzj2j3S9WKQOKeuQ5o_IffxfFS1SgJJsvOHz3xatuWJMZ_v7bcplyzeyC_iXJg38o4i_6ylDoRWQCoQ9fhCPko4W1A2ifRTuCf8f5JsE23N9ria3gPE_Ph3rd25aX53kLCOe01h21hFSBmpaLDj5ydg-foEWMLmfpEDiwOB0tXythWMjAe6EbzdDvXlvQ5eUSBQiELr4ei4q8lueTMMsQA6tm6KkCkKCc5w_3wmtu3U32kmtuLBe9GAkzLRj_5ldwgYoOoOU55Gq_YIaAmbnwPtQhZ9FW1BPEYy04GQffPjJWvAjKOTOOM1bVBK6PpX4yLMR2mYZx75qaEKKHnKLLo6XDvIvNFccjWoyhZFx8NWvdtMw3ym57TVbdUDSPNEWCbKTozDeUAFdT9SMZ9X8L0wDz8m1etnoPfMa7MrT50UNdIRSBm4YnFcTJpAVvuIuih_qg1zl07SBHre1bb9R20y2MzylhuHwXVlxOuLMWiAGu6CFMdyFrkpUbEnvJsS6vKtEsJ6KrNOv-ltFX42GtvQ3dKSs9ZYJJLURp0ACk5u2BzbZ0XTsiaP5tpA97feC3n92AZNlRTZ-TpYP3UZoTGjd17VMBJQuh1QOkIT1KUUCMWeg

Hi @shangtechnology,

I’m not sure what all is happening here, but one hint I can share is that when you get an “encoded authorization failure message” like this you can use the AWS CLI command aws sts decode-authorization-message to reveal the data packed into that long, opaque string in the error message.

If you pass it to the --encoded-message argument it should print out something you can read to learn more about what failed.

thanks @apparentlymart yes I did that but it did not help

Hello,

It could be the IAM user does not have progromatic access. This would cause your issue.