How do I grant DescribeAvailabilityZones permission to an Admin?

Hello,

As I understand it you are having difficulty following the the Apache Superset reference deployment found here https://aws.amazon.com/quickstart/architecture/apache-superset/ You say you are getting the AccessDenied error. User doesn't have permission to call ec2:DescribeAvailabilityZones. error when attempting to deploy to CloudFormation.

I tried recreating your situation by creating a user in a user group with AdministratorAccess permissions. I went through the apache-superset guide you linked and did not run into the ec2:DescribeAvailabilityZones accessed denied error.

1. Could you confirm that you are logged in on a user whose user group has AdministratorAccess permissions. You can use the command 'aws sts get-caller-identity' to get details on your IAM User or Role.
2. Could you confirm what step of the apache-superset guide you are experiencing this error?
3. Could you check if your AWS account is under AWS Organizations. If this is the case, there could be a Service Control Policy (SCP) that is preventing you access to ec2:DescribeAvailabilityZones. You can read more about SCPs here https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html

You can read more about IAM permission access here https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-iam-permission-errors/

Also, it is recommended that you include any command outputs in a support ticket instead of here to keep your information secure. re:Post is a public platform and it is best to keep any information that could expose the architecture of your account in a more private setting like a support ticket.

I hope I could help, if you are still having problems you may need to open a support ticket.