By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Can't create Lifecycle Rule, due to error: "Credential should be scoped to a valid region"

1

I'm trying to create a Lifeycle policy in eu-central-1 for ec2 instances from that region. I'm selecting an ec2 instance by it's name and I'm giving the policy a name. My schedule is daily every 24 hours on 3:00 UTC. I'm retaining 3 snapshots.

I have everything else on default, including the IAM role.

After reviewing the policy and clicking on 'create', I just get the error 'Credential should be scoped to a valid region. '.

When I look in the browser console, the request calls to "https://eu-central-1.console.aws.amazon.com/ec2/alma/iamadmin-proxy?module=storage&call=CreateServiceRol" and returns a 400 Error "Bad Request" with response body "{"__type":"com.amazon.coral.service#InvalidSignatureException","message":"Credential should be scoped to a valid region. "}"

The error happens both for an EBS Snapshot Policy as well as an EBS-backed AMI policy. It occurs whether or not I use the root user and whether or not I use a Chromium or Firefox browser.

I therefore am unable to create a Lifecycle rule at this moment.

Topics
ComputeSecurity, Identity, & Compliance
Tags
Amazon EC2IAM PoliciesAmazon Data Lifecycle Manager
Language
English
TechnicalQuestions
asked 6 months ago470 views
2 Answers
0

Could you clarify if you are creating this within the EC2 section of AWS Console or somewhere else? https://console.aws.amazon.com/ec2/home#Lifecycle:

The error message is described here https://docs.aws.amazon.com/IAM/latest/UserGuide/signature-v4-troubleshooting.html#signature-v4-troubleshooting-credential-scope

Depending on the method you are using, is it possible to explicitly set the region with something like --region eu-central-1 ? I am thinking that as IAM is a global service which defaults to us-east-1, perhaps that region is implicit unless overridden.

profile picture
EXPERT
Steve_M
answered 6 months ago
  • seargex
    6 months ago

    i also had the same issue. and yes it i create it on ec2 section of the AWS web console. it says "Credential should be scoped to a valid region." it's on ap-southeast-3 region. i also use root account, it's not a permission issue

0

Hello.

Is it possible to create it using the AWS CLI instead of from the management console?
It can be created using the "create-lifecycle-policy" command.
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/dlm/create-lifecycle-policy.html

profile picture
EXPERT
Riku_Kobayashi
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content