Why I cannot see EC2 instances created under same organization?

Question

I've recently joined an organisation which has EC2 Instances, S3 buckets and Elastic Beanstalk applications. Everything looks empty to me while previous developer has all the access to those services. I've checked we are working on same region and also when we checked SCP, both of us has the same FullAWSAccess. He is able see and manage everything and I can't work on previously created any services. What do I need to do, where we are doing wrong?

Joseph Gruber
1 年前
So are you saying that via the AWS Console you're seeing different resources? Can you confirm that you're working in the same region that the other developer is? You can find that in the top-right corner of the AWS console.

Answer

This might sound ridiculously basic, but verify that you are accessing the same account. You can verify that in the 'profile' dropdown in the top right corner.
You can be in the same region but separate accounts and since you stated you joined an organization, you could be in a completely different account with no resources in that region.
The Service Control Policy of 'FullAWSAccess' doesn't actually grant permissions. What the SCP does is allow IAM permission up to that level of full access. So it is also possible that the permissions (role, user, IC Permission Set) that you are using do not have any list permissions to see those resources that exist in the account if you are in fact in the same account and same region.
I hope that helps. Without being able to see your console there isn't much less I can offer.

Why I cannot see EC2 instances created under same organization?

相关内容