AWS Encoded authorization failure
Table of contents
This is a detailed, encoded message provided by AWS for further diagnostics. It's intended for use by system administrators or AWS support to get more detailed information about the authorization failure.
Error: Error launching source instance: UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws:iam:********* is not authorized to perform: ec2:RunInstances on resource: arn:aws:ec2:*********:network-interface/* because no identity-based policy allows the ec2:RunInstances action. Encoded authorization failure message:
HHggA647-******************KLuiHH
decode
aws sts decode-authorization-message --encoded-message $msg --query DecodedMessage --output text | jq '.'
errors
An error occurred (InvalidAuthorizationMessageException) when calling the DecodeAuthorizationMessage operation: Message is not valid: \*********
Make sure your AWS region matches the region where you performed the operation that failed.
https://tolecnal.net/2021/09/howto-pretty-print-aws-encoded-authorization-failure-message/
interpretation (WIP)
Overall Permission Status
explicitDeny: Shows whether the denial was due to an explicit deny statement in the policies. In this case, it's false, indicating no explicit deny statements were matched.
Conditions
This part lists various conditions associated with the request. These conditions must be met for the action to be allowed.