1 Answer
- Newest
- Most votes
- Most comments
0
Can you try to decode the authorization failure message so we can further troubleshoot? https://aws.amazon.com/premiumsupport/knowledge-center/ec2-not-auth-launch/
answered a year ago
Relevant content
- asked 9 months ago
- Accepted Answerasked 4 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Have you checked for service control polices blocking you? Here is an example https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_ec2.html
Of course, see the following message: "DecodedMessage": "{"allowed":false,"explicitDeny":true,"matchedStatements":{"items":[{"statementId":"","effect":"DENY","principals":{"items":[{"value":"xxx"}]},"principalGroups":{"items":[]},"actions":{"items":[{"value":"ec2:RunInstances"}]},"resources":{"items":[{"value":"arn:aws:ec2:::instance/"}]},"conditions":{"items":[{"key":"ec2:InstanceType","values":{"items":[{"value":".10xlarge"},{"value":".12xlarge"}]}},{"key":"ec2:InstanceType","values":{"items":[{"value":".??xlarge"},{"value":".???xlarge"},{"value":"p."},{"value":".metal"}]}}]}}]},"failures":{"items":[]},"context":{"principal":{"id":"xxx","name":"initial-admin-user-xxxxxxxxxxxx","arn":"arn:aws:iam::xxxxxxxxxxxx:user/initial-admin-user-xxxxxxxxxxxx"},"action":"ec2:RunInstances","resource":"arn:aws:ec2:ap-northeast-1:xxxxxxxxxxxx:instance/","conditions":{"items":[{"key":"ec2:MetadataHttpPutResponseHopLimit","values":{"items":[{"value":"1"}]}},{"key":"ec2:InstanceMarketType","values":{"items":[{"value":"on-demand"}]}},{"key":"aws:Resource","values":{"items":[{"value":"instance/"}]}},{"key":"aws:Account","values":{"items":[{"value":"xxxxxxxxxxx"}]}},{"key":"ec2:AvailabilityZone","values":{"items":[{"value":"ap-northeast-1c"}]}},{"key":"ec2:ebsOptimize