By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CreateQuantumTask operation: Account ... is not permitted to access AWS Braket resources.

0

Hey! I have personal AWS account and try to play around with AWS Braket, but always get this error:

An error occurred (AccessDeniedException) when calling the CreateQuantumTask operation: 
    Account 123123123123 is not permitted to access AWS Braket resources.

Can someone help me get the access :)

What did I try:

  1. Open AWS console in browser (using root account), go through Welcome wizard accepting everything and creating notebook. As soon as code in the notebook tries to run something on simulator or on QPU, I get the error.
  2. I've created a small python script. It works with LocalSimulator, but fails with the error above as soon as I try to use real device.
  3. I've can successfully execute cli command to get device data: aws --profile quantum braket get-device --device-arn arn:aws:braket:::device/quantum-simulator/amazon/sv1, but aws --profile quantum braket create-quantum-task --action '' --device-arn 'arn:aws:braket:::device/quantum-simulator/amazon/sv1' --output-s3-bucket 'asd' --output-s3-key-prefix 'test' --shots 1 fails instantly with the error above.
  4. I verified that Braket service role was created and tried to remove and recreate it - no change
  5. I didn't notice any additional info in CloudTrail
  6. I can see that there are some logs from Braket in CloudWatch, but nothing about access

For CLI and local python code I have dedicated IAM user with AmazonBraketFullAccess policy attached

  • Mao Lin
    2 months ago

    Hi Aleksei,

    I wasn't able to reproduce the error message yet, and don't have a definite solution for your issue. I assume that you have followed the instruction in another post https://repost.aws/questions/QU0qmw0roYT4iZYZ-pAscEfA/authorize-account-to-use-braket. I would suggest you try and check the following

    1. Please make sure the notebook you are running is created with the (default) role AmazonBraketServiceSageMakerNotebookRole, which makes sure that the notebook has the AmazonBraketFullAccess policy

    2. Please make sure the S3-bucket 'asd' and the folder 'test' exist when create the quantum task.

    If you have tried these and the issue still persists, we may need a bit more information to help you further. In that case, would you be able to send us an email at braket-feedback [at] amazon.com so we can help troubleshoot?

Topics
Quantum TechnologiesSecurity, Identity, & Compliance
Tags
Amazon BraketAWS Identity and Access ManagementIAM Policies
Language
English
Aleksei
asked 2 months ago138 views
3 Answers
2

If you're encountering an AccessDeniedException when trying to access AWS Braket resources, here are some steps you can take to troubleshoot and potentially resolve the issue:

Verify IAM Permissions: Ensure that the IAM user you're using to access Braket resources has the necessary permissions. The AmazonBraketFullAccess policy should provide sufficient permissions, but you may want to double-check that the policy is correctly attached to the IAM user or role.

Check Service Quotas: Verify that your AWS account has access to AWS Braket resources by checking service quotas. It's possible that there may be account-level restrictions or quotas preventing access.

Review Braket Service Role: Confirm that the Braket service role was created successfully and has the necessary permissions to interact with Braket resources. You can review and edit the permissions of the service role in the IAM console.

Check for Resource-Level Permissions: Ensure that there are no explicit Deny policies or resource-level permissions that may be blocking access to Braket resources. These permissions could be attached to IAM users, roles, or resource policies.

Review CloudTrail Logs: Although you mentioned that you didn't notice any additional info in CloudTrail, it's still worth reviewing the logs to see if there are any relevant events or errors logged related to the AccessDeniedException.

profile picture
EXPERT
Giovanni Lauria
answered 2 months ago
0

Hi Aleksei,

AWS Braket has a way to verify some of this for you. In the AWS Console, go to Amazon Braket, and in the left-navigation window you should see a section called "Permissions and settings". When you click on this, there will be two tabs "General" and "Execution roles". Follow the instructions given, and it should allow you to verify and create your account setup to run on QPUs.

Hope that helps!

Milan
answered a month ago
0

Hey All,

If you are still experiencing this permissions issue, the following three steps will help you create a ticket to our support team. They will be able to get this resolved for you.

  1. Login to your AWS Management Console
  2. Once logged in, create a case by visiting the Support Center (https://support.console.aws.amazon.com/support/home)
  3. When prompted for the details, use the following routing path Enter image description here
profile picture
Zia Mohammad
answered 24 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content