By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Amazon Genomics CLI error

0

When I run the following command: agc account activate

In order to be able to use the amazon genomics cli I get the following error:

2023-06-01T11:51:11Z 𝒊  Activating AGC with bucket '' and VPC ''
Bootstrapping CDK... [---o] 1m49s
Activating account... [---o] 32s                                                                                                                 2023-06-01T11:53:31Z ✘  [WARNING] aws-cdk-lib.aws_ssm.StringParameterProps#type is deprecated.
2023-06-01T11:53:31Z ✘    - type will always be 'String'
2023-06-01T11:53:31Z ✘    This API will be removed in the next major release.
2023-06-01T11:53:31Z ✘  [WARNING] aws-cdk-lib.aws_ssm.ParameterType is deprecated.
2023-06-01T11:53:31Z ✘    these types are no longer used
2023-06-01T11:53:31Z ✘    This API will be removed in the next major release.
2023-06-01T11:53:31Z ✘  [WARNING] aws-cdk-lib.aws_ssm.ParameterType#STRING is deprecated.
2023-06-01T11:53:31Z ✘
2023-06-01T11:53:31Z ✘    This API will be removed in the next major release.
2023-06-01T11:53:31Z ✘  current credentials could not be used to assume 'arn:aws:iam::820518495555:role/cdk-agc-lookup-role-820518495555-us-east-1', but are for the right account. Proceeding anyway.
2023-06-01T11:53:31Z ✘  [WARNING] aws-cdk-lib.aws_ssm.StringParameterProps#type is deprecated.
2023-06-01T11:53:31Z ✘    - type will always be 'String'
2023-06-01T11:53:31Z ✘    This API will be removed in the next major release.
2023-06-01T11:53:31Z ✘  [WARNING] aws-cdk-lib.aws_ssm.ParameterType is deprecated.
2023-06-01T11:53:31Z ✘    these types are no longer used
2023-06-01T11:53:31Z ✘    This API will be removed in the next major release.
2023-06-01T11:53:31Z ✘  [WARNING] aws-cdk-lib.aws_ssm.ParameterType#STRING is deprecated.
2023-06-01T11:53:31Z ✘
2023-06-01T11:53:31Z ✘    This API will be removed in the next major release.
2023-06-01T11:53:31Z ✘  [Error at /Agc-Core] You are not authorized to perform this operation.
2023-06-01T11:53:31Z ✘
2023-06-01T11:53:31Z ✘  Found errors
2023-06-01T11:53:31Z ✘   error="exit status 1"
Error: an error occurred invoking 'account activate'
with variables: {bucketName: vpcId: publicSubnets:false customTags:map[] subnets:[] amiId:}
caused by: exit status 1

In the IAM I have given the following permissions:

IAMFullAccess AmazonSSMManagedInstanceCore AmazonSSMFullAccess AmazonS3FullAccess AmazonElasticContainerRegistryPublicPowerUser AmazonElasticContainerRegistryPublicFullAccess AmazonEC2ContainerRegistryFullAccess AWSCloudFormationFullAccess

What am I missing?

Topics
Genomics
Tags
Genomics
Language
English
rePost-User-7446958
asked a year ago354 views
3 Answers
1

From document[1] , agc account active creates vpc when you not specified --vpc option So you may have to add permission about creating VPC like AmazonVPCFullAccess

[1] agc account activate

profile picture
EXPERT
Hiroki Takahashi
answered a year ago
profile picture
EXPERT
Sedat Salman
reviewed a year ago
0

Thanks _takahash. This indeed helps. But now I get:

Failed resources:
2023-06-01T16:31:27Z ✘  Agc-Core | 4:28:40 PM | CREATE_FAILED        | AWS::EC2::InternetGateway             | Vpc/IGW (VpcIGWD7BA715C) 1 validation error detected: Value 'You are not authorized to perform this operation. Encoded authorization failure message

2023-06-01T16:31:27Z ✘  Agc-Core | 4:28:40 PM | CREATE_FAILED        | AWS::EC2::VPC                         | Vpc (Vpc8378EB38) 1 validation error detected: Value 'You are not authorized to perform this operation. Encoded authorization failure message

2023-06-01T16:31:27Z ✘   ❌  Agc-Core failed: Error: The stack named Agc-Core failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: 1 validation error detected: Value 'You are not authorized to perform this operation.

2023-06-01T16:31:27Z ✘   ❌ Deployment failed: Error: Stack Deployments Failed: Error: The stack named Agc-Core failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: 1 validation error detected: Value 'You are not authorized to perform this operation.
rePost-User-7446958
answered a year ago
0

Ensure the IAM role you're using with AGC has the necessary permissions to create resources in AWS. In this case, it appears that your IAM role might lack the ec2:CreateVpc and ec2:CreateInternetGateway permissions, which are required to create a VPC and an Internet Gateway in AWS. If your AWS account has restrictions, or if you're using an organizational account with Service Control Policies (SCPs), ensure that these restrictions or policies don't prevent you from creating VPCs and Internet Gateways.

profile picture
EXPERT
Sedat Salman
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content