Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Can't create Lifecycle Rule, due to error: "Credential should be scoped to a valid region"

1

I'm trying to create a Lifeycle policy in eu-central-1 for ec2 instances from that region. I'm selecting an ec2 instance by it's name and I'm giving the policy a name. My schedule is daily every 24 hours on 3:00 UTC. I'm retaining 3 snapshots.

I have everything else on default, including the IAM role.

After reviewing the policy and clicking on 'create', I just get the error 'Credential should be scoped to a valid region. '.

When I look in the browser console, the request calls to "https://eu-central-1.console.aws.amazon.com/ec2/alma/iamadmin-proxy?module=storage&call=CreateServiceRol" and returns a 400 Error "Bad Request" with response body "{"__type":"com.amazon.coral.service#InvalidSignatureException","message":"Credential should be scoped to a valid region. "}"

The error happens both for an EBS Snapshot Policy as well as an EBS-backed AMI policy. It occurs whether or not I use the root user and whether or not I use a Chromium or Firefox browser.

I therefore am unable to create a Lifecycle rule at this moment.

Themen
KalkulationSicherheit, Identität & Konformität
Tags
Amazon EC2IAM-RichtlinienAmazon Data Lifecycle Manager
Sprache
English
TechnicalQuestions
gefragt vor 7 Monaten485 Aufrufe
2 Antworten
0

Could you clarify if you are creating this within the EC2 section of AWS Console or somewhere else? https://console.aws.amazon.com/ec2/home#Lifecycle:

The error message is described here https://docs.aws.amazon.com/IAM/latest/UserGuide/signature-v4-troubleshooting.html#signature-v4-troubleshooting-credential-scope

Depending on the method you are using, is it possible to explicitly set the region with something like --region eu-central-1 ? I am thinking that as IAM is a global service which defaults to us-east-1, perhaps that region is implicit unless overridden.

profile picture
EXPERTE
Steve_M
beantwortet vor 7 Monaten
  • seargex
    vor 7 Monaten

    i also had the same issue. and yes it i create it on ec2 section of the AWS web console. it says "Credential should be scoped to a valid region." it's on ap-southeast-3 region. i also use root account, it's not a permission issue

0

Hello.

Is it possible to create it using the AWS CLI instead of from the management console?
It can be created using the "create-lifecycle-policy" command.
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/dlm/create-lifecycle-policy.html

profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor 7 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt