How do I grant DescribeAvailabilityZones permission to an Admin?

1

I am new to AWS and I am the sole admin in my subscription. I am a member of the Admins group, and have the AdministratorAccess policy.

Yet, when I try to use the Apache Superset reference deployment (https://aws.amazon.com/quickstart/architecture/apache-superset/), I am getting the following error:

AccessDenied. User doesn't have permission to call ec2:DescribeAvailabilityZones.

I have tried to create a new Policy with specific EC2 permissions, but it has not helped.

Please help!

Chris
asked 7 months ago85 views
1 Answer
0

Hello,

As I understand it you are having difficulty following the the Apache Superset reference deployment found here https://aws.amazon.com/quickstart/architecture/apache-superset/ You say you are getting the AccessDenied error. User doesn't have permission to call ec2:DescribeAvailabilityZones. error when attempting to deploy to CloudFormation.

I tried recreating your situation by creating a user in a user group with AdministratorAccess permissions. I went through the apache-superset guide you linked and did not run into the ec2:DescribeAvailabilityZones accessed denied error.

  1. Could you confirm that you are logged in on a user whose user group has AdministratorAccess permissions. You can use the command 'aws sts get-caller-identity' to get details on your IAM User or Role.
  2. Could you confirm what step of the apache-superset guide you are experiencing this error?
  3. Could you check if your AWS account is under AWS Organizations. If this is the case, there could be a Service Control Policy (SCP) that is preventing you access to ec2:DescribeAvailabilityZones. You can read more about SCPs here https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html

You can read more about IAM permission access here https://aws.amazon.com/premiumsupport/knowledge-center/troubleshoot-iam-permission-errors/

Also, it is recommended that you include any command outputs in a support ticket instead of here to keep your information secure. re:Post is a public platform and it is best to keep any information that could expose the architecture of your account in a more private setting like a support ticket.

I hope I could help, if you are still having problems you may need to open a support ticket.

Zach_F
answered 4 months ago
SUPPORT ENGINEER
reviewed 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions