Unable to launch a P3 instance

EC2FullAccess permission was granted to the IAM user, and it can launch any other type of EC2 instance except p3 instance. I increased limit of running on-demand all p instance and i am sure this new instance does not reach the limit. The error code is: You are not authorized to perform this operation. Encoded authorization failure message

What should i do to get the authorization?

Topics

Compute Security, Identity, & Compliance

Tags

Amazon EC2 IAM Policies

Language

English

rePost-User-3352625

asked a year ago356 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

Can you try to decode the authorization failure message so we can further troubleshoot? https://aws.amazon.com/premiumsupport/knowledge-center/ec2-not-auth-launch/

Jeremy_S

answered a year ago

Jeremy_S
a year ago
Have you checked for service control polices blocking you? Here is an example https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_ec2.html
rePost-User-3352625
a year ago
Of course, see the following message: "DecodedMessage": "{"allowed":false,"explicitDeny":true,"matchedStatements":{"items":[{"statementId":"","effect":"DENY","principals":{"items":[{"value":"xxx"}]},"principalGroups":{"items":[]},"actions":{"items":[{"value":"ec2:RunInstances"}]},"resources":{"items":[{"value":"arn:aws:ec2:::instance/"}]},"conditions":{"items":[{"key":"ec2:InstanceType","values":{"items":[{"value":".10xlarge"},{"value":".12xlarge"}]}},{"key":"ec2:InstanceType","values":{"items":[{"value":".??xlarge"},{"value":".???xlarge"},{"value":"p."},{"value":".metal"}]}}]}}]},"failures":{"items":[]},"context":{"principal":{"id":"xxx","name":"initial-admin-user-xxxxxxxxxxxx","arn":"arn:aws:iam::xxxxxxxxxxxx:user/initial-admin-user-xxxxxxxxxxxx"},"action":"ec2:RunInstances","resource":"arn:aws:ec2:ap-northeast-1:xxxxxxxxxxxx:instance/","conditions":{"items":[{"key":"ec2:MetadataHttpPutResponseHopLimit","values":{"items":[{"value":"1"}]}},{"key":"ec2:InstanceMarketType","values":{"items":[{"value":"on-demand"}]}},{"key":"aws:Resource","values":{"items":[{"value":"instance/"}]}},{"key":"aws:Account","values":{"items":[{"value":"xxxxxxxxxxx"}]}},{"key":"ec2:AvailabilityZone","values":{"items":[{"value":"ap-northeast-1c"}]}},{"key":"ec2:ebsOptimize

Relevant content

Unable to install GRID driver on P3 Windows instance
Mskaifa Tech
asked 9 months ago
Can I limit the type of instances that data scientists can launch for training jobs in SageMaker?
Accepted Answer
AWS-User-4645335
asked 4 years ago
ECS EC2 launch type and event was unable to place a task because no container instance met all of its requirements
Learning-AWS
asked 2 years ago
Nvidia Driver R515 does not work on P3 instance types
AWS-User-3162850
asked 2 years ago
How do I grant specified permissions to an IAM group and adds an existing IAM user to it?
AWS OFFICIALUpdated 9 months ago
How do I create an IAM policy to explicitly grant permissions to create and manage EC2 instances in a specified VPC that has tags?
AWS OFFICIALUpdated a month ago
Why can’t I launch an EC2 instance using a launch template?
AWS OFFICIALUpdated a year ago
Why do I have running EC2 instances that I didn't launch?
AWS OFFICIALUpdated a year ago
Keeping Unhealthy Auto Scaling (ASG) Instances (Detaching Unhealthy ASG Instance instead of Terminating)
SUPPORT ENGINEER
Tim
published 3 days ago
Announcement - Amazon GameLift launches support for AWS Graviton instances
EXPERT
Sachin
published 9 months ago