By using AWS re:Post, you agree to the Terms of Use
AWS re:Postre:Post

AWS CLI Denied Permission Due to IAM Policy - Policy has all permissions correct. Previously worked fine.

0

I had to update my CLI on a few devices, and I am now unable to access anything pertaining to gamelift's API via an explicit denial. I double checked the permission policy that I assigned to the IAM user, and while it is set to allow full access to resources, it will not work.

Any suggestions or recommendations? I have also tried re-creating the policy via JSON and the visual GUI. I even tried creating a new user to use, and nothing works. I even ended up uninstalling the CLI tool and deleting the configuration and credential files multiple times trying to see if that would fix the issue.

Policy below:

{ "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": "gamelift:", "Resource": "" } }

Topics
Security, Identity, & ComplianceManagement & GovernanceGame Tech
Tags
Security, Identity, & ComplianceAWS Command Line InterfaceAmazon GameLiftIAM Policies
Language
English
rePost-User-1475035
asked a month ago34 views
1 Answer
0
Accepted Answer

You mentioned "explicit denial", and you don't have Deny statements in your IAM principal's policies, right? Then there must be a Deny statement elsewhere. See https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html - it could be in an Organization SCP, Resource policy (though I don't think Gamelift has these) or a Permissions Boundary.

EXPERT
skinsman
answered a month ago
  • rePost-User-1475035 a month ago

    It looks like the culprit was a group policy that I created which forces the user to authenticate with MFA; otherwise, they do not have access to anything. I'm assuming there is a way to add MFA within the local AWS CLI? --EDIT-- Solved. Just had to grab the session token.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content