AuthFailure when trying to assign ElasticIP

Question

Hello,

I am trying to assign Elastic IP to a Network loadbalancer, but it always ends with AuthFailure :

$ aws ec2 associate-address --allocation-id "eipalloc-067f4b180718a6197" --network-interface-id "eni-0203fa6d581db8869" --region "eu-central-1"

An error occurred (AuthFailure) when calling the AssociateAddress operation: You do not have permission to access the specified resource.

Can you help please? I tried to add this below to my user and aws-elasticbeanstalk-ec2-role, but without any result

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:AssociateAddress",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DescribeSubnets",
                "ec2:AllocateAddress",
                "ec2:DescribeAddresses"
            ],
            "Resource": "*"
        }
    ]
}

Thanks for help

Leo K · Accepted Answer

The reason you can't associate an elastic IP with an existing NLB's ENI is because you can only specify the IP address attributes when you create the NLB or when you're telling the NLB to attach to a new subnet with a new ENI.

After each ENI of the NLB is created, it's owned by the AWS account where the Elastic Load Balancing team runs the load balancing infrastructure, and your account won't have the permission to modify their ENIs directly. You have to make modifications through the APIs of the Elastic Load Balancing v2 service, which only allows specifying the EIPs in the situations I mentioned.

The procedure for associating EIPs with your NLB is explained in more detail in this support article: https://repost.aws/knowledge-center/elb-attach-elastic-ip-to-public-nlb

In short, you'll need to recreate your NLB and specify the elastic IPs at creation time.

AuthFailure when trying to assign ElasticIP

Ajoutez votre réponse

Contenus pertinents