Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Amazon Genomics CLI error

0

When I run the following command: agc account activate

In order to be able to use the amazon genomics cli I get the following error:

2023-06-01T11:51:11Z 𝒊  Activating AGC with bucket '' and VPC ''
Bootstrapping CDK... [---o] 1m49s
Activating account... [---o] 32s                                                                                                                 2023-06-01T11:53:31Z ✘  [WARNING] aws-cdk-lib.aws_ssm.StringParameterProps#type is deprecated.
2023-06-01T11:53:31Z ✘    - type will always be 'String'
2023-06-01T11:53:31Z ✘    This API will be removed in the next major release.
2023-06-01T11:53:31Z ✘  [WARNING] aws-cdk-lib.aws_ssm.ParameterType is deprecated.
2023-06-01T11:53:31Z ✘    these types are no longer used
2023-06-01T11:53:31Z ✘    This API will be removed in the next major release.
2023-06-01T11:53:31Z ✘  [WARNING] aws-cdk-lib.aws_ssm.ParameterType#STRING is deprecated.
2023-06-01T11:53:31Z ✘
2023-06-01T11:53:31Z ✘    This API will be removed in the next major release.
2023-06-01T11:53:31Z ✘  current credentials could not be used to assume 'arn:aws:iam::820518495555:role/cdk-agc-lookup-role-820518495555-us-east-1', but are for the right account. Proceeding anyway.
2023-06-01T11:53:31Z ✘  [WARNING] aws-cdk-lib.aws_ssm.StringParameterProps#type is deprecated.
2023-06-01T11:53:31Z ✘    - type will always be 'String'
2023-06-01T11:53:31Z ✘    This API will be removed in the next major release.
2023-06-01T11:53:31Z ✘  [WARNING] aws-cdk-lib.aws_ssm.ParameterType is deprecated.
2023-06-01T11:53:31Z ✘    these types are no longer used
2023-06-01T11:53:31Z ✘    This API will be removed in the next major release.
2023-06-01T11:53:31Z ✘  [WARNING] aws-cdk-lib.aws_ssm.ParameterType#STRING is deprecated.
2023-06-01T11:53:31Z ✘
2023-06-01T11:53:31Z ✘    This API will be removed in the next major release.
2023-06-01T11:53:31Z ✘  [Error at /Agc-Core] You are not authorized to perform this operation.
2023-06-01T11:53:31Z ✘
2023-06-01T11:53:31Z ✘  Found errors
2023-06-01T11:53:31Z ✘   error="exit status 1"
Error: an error occurred invoking 'account activate'
with variables: {bucketName: vpcId: publicSubnets:false customTags:map[] subnets:[] amiId:}
caused by: exit status 1

In the IAM I have given the following permissions:

IAMFullAccess AmazonSSMManagedInstanceCore AmazonSSMFullAccess AmazonS3FullAccess AmazonElasticContainerRegistryPublicPowerUser AmazonElasticContainerRegistryPublicFullAccess AmazonEC2ContainerRegistryFullAccess AWSCloudFormationFullAccess

What am I missing?

Argomenti
Genomica
Tag
Genomica
Lingua
English
rePost-User-7446958
posta un anno fa368 visualizzazioni
3 Risposte
1

From document[1] , agc account active creates vpc when you not specified --vpc option So you may have to add permission about creating VPC like AmazonVPCFullAccess

[1] agc account activate

profile picture
ESPERTO
Hiroki Takahashi
con risposta un anno fa
profile picture
ESPERTO
Sedat Salman
verificato un anno fa
0

Thanks _takahash. This indeed helps. But now I get:

Failed resources:
2023-06-01T16:31:27Z ✘  Agc-Core | 4:28:40 PM | CREATE_FAILED        | AWS::EC2::InternetGateway             | Vpc/IGW (VpcIGWD7BA715C) 1 validation error detected: Value 'You are not authorized to perform this operation. Encoded authorization failure message

2023-06-01T16:31:27Z ✘  Agc-Core | 4:28:40 PM | CREATE_FAILED        | AWS::EC2::VPC                         | Vpc (Vpc8378EB38) 1 validation error detected: Value 'You are not authorized to perform this operation. Encoded authorization failure message

2023-06-01T16:31:27Z ✘   ❌  Agc-Core failed: Error: The stack named Agc-Core failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: 1 validation error detected: Value 'You are not authorized to perform this operation.

2023-06-01T16:31:27Z ✘   ❌ Deployment failed: Error: Stack Deployments Failed: Error: The stack named Agc-Core failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: 1 validation error detected: Value 'You are not authorized to perform this operation.
rePost-User-7446958
con risposta un anno fa
0

Ensure the IAM role you're using with AGC has the necessary permissions to create resources in AWS. In this case, it appears that your IAM role might lack the ec2:CreateVpc and ec2:CreateInternetGateway permissions, which are required to create a VPC and an Internet Gateway in AWS. If your AWS account has restrictions, or if you're using an organizational account with Service Control Policies (SCPs), ensure that these restrictions or policies don't prevent you from creating VPCs and Internet Gateways.

profile picture
ESPERTO
Sedat Salman
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente