1 Answer
- Newest
- Most votes
- Most comments
1
Hello.
Where is the AWS CLI running?
If you are running on a local PC etc., the IAM user who issued the access key may be different, so please check the IAM user using the command below.
aws sts get-caller-identity
Also, please share the detailed error message when you perform the operation and the AWS CLI command that makes the operation successful.
By the way, have you checked the CloudTrail event history?
By checking the event history, you may be able to check the IAM policies that are missing for the IAM user.
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html
Relevant content
- asked 9 months ago
- Accepted Answer
- asked 4 years ago
- asked 9 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 6 months ago
Hello, thank you for your response.
The AWS CLI is running in my local PC.
I sure the IAM key is same with AWS console.
The Detailed error message on AWS console is this.
When I try to add a rule in WebACL.
AccessDeniedException User: arn:aws:iam::(myAWSacountID):user/(myIAM) is not authorized to perform: wafv2:UpdateWebACL on resource: arn:aws:wafv2:(region):(other accountID):regional/rulegroup/(other account's Rule group name)/(other account's Rule group ID) because no resource-based policy allows the wafv2:UpdateWebACL action And this is what I try with my AWS CLI.
aws wafv2 get-web-acl --name () --id () --scope () --region () > edit_webacl.json vim edit_webacl.json // I modify json file and add a rule. aws wafv2 update-web-acl --scope () --region () --cli-input-json file://edit_webacl.json