- Mais recentes
- Mais votos
- Mais comentários
Temporary solution: add additional policy with Allow
iam:CreateServiceLinkedRole
on resource arn:aws:iam::*:role/aws-service-role/apprunner.amazonaws.com/AWSServiceRoleForAppRunner
.
Long term - to be fixed by AWS :)
I'm using CDK and I added the allow the statement to both cdk-qualifier-cfn-exec-role-*****-region
and cdk-qualifier-deploy-role-*****-region
yet it still fail. When deploying with CDK which role should contain this policy statement?
Resource handler returned message: "AccessDenied. Couldn't create a service-linked role for App Runner. When creating the first vpc connector in the account, caller must have the 'iam:CreateServiceLinkedRole' permission. Use the 'AWSAppRunnerFullAccess' managed user policy to ensure users have all required permissions.
Temporary solution: add additional policy with Allow iam:CreateServiceLinkedRole on resource arn:aws:iam::*:role/aws-service-role/apprunner.amazonaws.com/AWSServiceRoleForAppRunner. Long term - to be fixed by AWS :)