AWS Encoded authorization failure

This is a detailed, encoded message provided by AWS for further diagnostics. It's intended for use by system administrators or AWS support to get more detailed information about the authorization failure.

Error: Error launching source instance: UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws:iam:********* is not authorized to perform: ec2:RunInstances on resource: arn:aws:ec2:*********:network-interface/* because no identity-based policy allows the ec2:RunInstances action. Encoded authorization failure message:
HHggA647-******************KLuiHH

decode

aws sts decode-authorization-message --encoded-message $msg --query DecodedMessage --output text | jq '.'

errors

An error occurred (InvalidAuthorizationMessageException) when calling the DecodeAuthorizationMessage operation: Message is not valid: \*********

Make sure your AWS region matches the region where you performed the operation that failed.

https://tolecnal.net/2021/09/howto-pretty-print-aws-encoded-authorization-failure-message/

interpretation (WIP)

Overall Permission Status

explicitDeny: Shows whether the denial was due to an explicit deny statement in the policies. In this case, it's false, indicating no explicit deny statements were matched.

Conditions

This part lists various conditions associated with the request. These conditions must be met for the action to be allowed.

AWS Encoded authorization failure

Table of contents

decode

errors

interpretation (WIP)