Cloudformation DataZone: Unable to create Environment Profile

0

I am trying to create a datazone environment profile through Cloudformation template, I was able to create datazone domain, project successfully through CFT. I have done Environment Blueprint Configuration(DefaultDataLake). But I'm getting this error while creating the stack:

"Resource handler returned message: "User is not permitted to perform operation: CreateEnvironmentProfile (Service: DataZone, Status Code: 403, Request ID: b3c2a490-e597-4c51-939c-d5daa3bc74be)" (RequestToken: 4f4051fa-21e8-d5be-5252-fc1fb1c9cc76, HandlerErrorCode: AccessDenied)"

This is the template I'm using for creating the resource. Kindly suggest changes needed:

AdviceClientEnvironmentProfile: DependsOn: AdviceClientBlueprintConfig Type: AWS::DataZone::EnvironmentProfile Properties: AwsAccountId: !Ref AWS::AccountId AwsAccountRegion: us-east-1 DomainIdentifier: !Ref AdviceDomain EnvironmentBlueprintIdentifier: DefaultDataLake Name: advice_environmentprofile ProjectIdentifier: advice_client

1 Answer
0

Hello,

The error message you are seeing, "User is not permitted to perform operation: CreateEnvironmentProfile (Service: DataZone, Status Code: 403)," indicates that the IAM role or user executing the CloudFormation stack does not have the necessary permissions to perform the CreateEnvironmentProfile operation.

To resolve this issue, you need to ensure that the IAM role or user running the CloudFormation stack has the necessary permissions, attach the IAM policy to the IAM role or user executing the CloudFormation stack.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "datazone:CreateEnvironmentProfile",
        "datazone:GetEnvironmentProfile",
        "datazone:UpdateEnvironmentProfile",
        "datazone:DeleteEnvironmentProfile",
        "datazone:ListEnvironmentProfiles"
      ],
      "Resource": "*"
    }
  ]
}

profile picture
EXPERT
answered 4 months ago
  • Hi Sivaraman, I added this permission to my user as I'm running the stack, but it still gives me the same error.

    Resource handler returned message: "User is not permitted to perform operation: CreateEnvironmentProfile (Service: DataZone, Status Code: 403, Request ID: ab96d5d3-0835-4812-9c19-88aef843706b)" (RequestToken: 579e83e8-bef1-3eb1-7bb5-b5e84974361f, HandlerErrorCode: AccessDenied)

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions