By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Access denied by aws

1

I did my hands on of remove group and then to fix by attaching policy in my aws account and it denied now everything my name admin group everything it is denied Access denied You don't have permission to iam:ListGroups. To request access, copy the following text and send it to your AWS administrator. Learn more about troubleshooting access denied errors. User: arn:aws:iam::033071476259:user/sagarika Service: iam Action: ListGroups On resource(s): arn:aws:iam::033071476259:group/ Context: no identity-based policy allows the iam:ListGroups action

this is what it is showing i treid a lot of thing but it is not fixing please help me out

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access ManagementIAM Policies
Language
English
rePost-User-3218389
asked a year ago487 views
2 Answers
1

Hi,

It looks like user sagarika doesn't have enough permissions to list groups and perform some actions on IAM. To fix that, log in as a user with enough privileges, go to the IAM console and configure sagarika properly (according to what sagarika needs, making sure sagarika has the correct permissions, including ListGroups). You can use root for that. It is not a best practice to use root for daily operations, so try to avoid using root for daily operation, but you can use root to recover other users' access or perform specific tasks. In the link below, you'll see the second point is "Restore IAM user permissions." Tasks that require root user credentials: https://docs.aws.amazon.com/accounts/latest/reference/root-user-tasks.html

In other words... using root or other user with enough privileges, you have to make sure sagarika has an IAM policy that covers all actions sagarika has to perform, including ListGroups. I'd recommend to review all tasks that sagarika should do, not only ListGroups. I also recommend to use an AWS Managed Policy (those already created, pre-built) instead of creating a new one. In the link below you'll see there are some for IAM (IAMAccessAdvisorReadOnly, IAMAccessAnalyzerFullAccess, IAMAccessAnalyzerReadOnlyAccess, IAMFullAccess, IAMReadOnlyAccess, IAMSelfManageServiceSpecificCredentials, IAMUserChangePassword, IAMUserSSHKeys.) Take a look at them and select the best one for sagarika. AWS managed policies: https://docs.aws.amazon.com/aws-managed-policy/latest/reference/policy-list.html.

Have a great day!!!

AWS
SergioA
answered a year ago
  • rePost-User-3218389
    a year ago

    i am not getting you the things are not going right every access is denied i tried to troubleshoot but the things i need to trouble shoot are not available even please help me

  • SergioA
    a year ago

    Hi, please, the first step is to get sagarika access back. For that, follow the instructions provided in the previous post. Use root or a user with admin privileges and change the policies assigned to sagarika

0

Hi, please, the first step is to get sagarika access back. For that, follow the instructions provided in the previous post. Use root or a user with admin privileges and change the policies assigned to sagarika

AWS
SergioA
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content