-
Notifications
You must be signed in to change notification settings - Fork 371
AWSCloud9 Permissions Issue #191
Comments
Hey @narayandreamer! What error are you seeing when you're using Cloud9? |
Above is first of series. When i give above then others come, like that I have to give 1 by 1 as per error |
I'm unsure how this issue is related to this sample. As this is an entirely serverless application, it doesn't launch any EC2 instance, thus you don't need to perform any |
Ah, I understand now. It looks like you don't have permissions to make API calls from AWS Cloud9. This sample assumes that you're deploying this with a broad set of permissions. Ideally, you would deploy this in a development/playground account for experimentation - where people usually have admin permissions (or close to that). I cannot help you on this since this is not related to this sample directly. I encourage you to look at https://docs.aws.amazon.com/cloud9/latest/user-guide/credentials.html and/or contact AWS support to help you troubleshoot your Cloud9 environment. Also, please note you might still encounter issues with Cloud9. There's currently an issue (see #158) as this uses an API Gateway WebSockets API for integration testing, but it doesn't support IP address restrictions - which Cloud9 enforces if you use managed credentials. |
Ok got it. According to you which is the best setup that will work for both dev (I use macOS) and prod? As i need to make it running first then change various services and add/remove |
Personally, I use my Mac directly to make changes to this project, then deploy into a dev AWS account (where I have full admin permissions). Then to deploy to production, I use a CI/CD pipeline that has the right permissions. That said, while there is a sample pipeline in this project, it's still overly broad (see https://github.com/aws-samples/aws-serverless-ecommerce-platform/blob/main/pipeline/resources/service-pipeline-environment.yaml#L30), but scoped down to a single region. |
Ok I will give it a try from macOS then |
AWSCloud9 User created via IAM console gives numerous permission issues of not authorized.
Better to add a required permissions policy JSON for all resources to be used as template
The text was updated successfully, but these errors were encountered: