- Newest
- Most votes
- Most comments
Thankfully it was a simple solution, and oversight on my part.
I hadn't explcitly set my AWS_PROFILE to "appstream_machine_role" as the credential profile.
Hello,
Greetings from AWS Premium Support ! Thank you for contacting us.
I understand that when your AppStream instance runs Cognito operation then it fails with explicit deny error, even though you have already attached "AmazonCognitoPowerUser" permission to the IAM role. Please feel free to correct me in case I have misunderstood your concern.
Explicit deny indicates that there is one or more policy statement(s) attached to the role which explicitly denies the Cognito operations. Even if you attach AmazonCognitoPowerUser policy, as there is one/more policy statement(s) which denies Cognito service access, hence you are getting this error. As a general troubleshooting guide you may refer to this document [1].
That said, to troubleshoot the issue we require details that are non-public information. Please open a support case with AWS using the following link [2]. For opening support case with technical support team, you need to have one of these support plans [3]. With "Basic" plan you can only open ticket with Customer Support. As this issue requires technical assistance specific to your account's resource, which can not be discussed publicly in the re:Post forum due to confidentiality, hence please reach out to our technical support team. We will be more than happy to assist you.
Wish you an AWeSome day ahead and stay safe ! 🙂
--References--
[1] https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_access-denied.html
[2] https://console.aws.amazon.com/support/home#/case/create
Relevant content
- asked 2 years ago
- Accepted Answerasked a year ago
- Accepted Answerasked 2 years ago
AWS OFFICIALUpdated 7 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
