Getting an error of "message": "User: arn:aws:iam::*****:user/**** is not authorized to perform: serverlessrepo:CreateCloudFormationTemplate on resource: #####.dkr.ecr.us-east-1.amazonaws.com/

0

I am getting an error when attempting to use SAM BUILD to add code into a CloudFormation Template. Here is the message log from Cloud Trail. I verified that the user has AdministratorAccess as a permission set. Any help would be appreciated.

{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "######", "arn": "arn:aws:iam::#####:user/", "accountId": "#####", "accessKeyId": "######", "userName": "**" }, "eventTime": "2023-03-22T17:26:19Z", "eventSource": "serverlessrepo.amazonaws.com", "eventName": "CreateCloudFormationTemplate", "awsRegion": "us-east-1", "sourceIPAddress": "######", "userAgent": "Boto3/1.26.95 Python/3.8.8 Windows/10 Botocore/1.29.95", "errorCode": "AccessDenied", "requestParameters": { "semanticVersion": "latest", "applicationId": "#######.dkr.ecr.us-east-1.amazonaws.com%2FBATCHJOB" }, "responseElements": { "Access-Control-Expose-Headers": ",Amz-Sdk-Invocation-Id,Amz-Sdk-Request,Authorization,Content-Length,Content-Type,Date,Host,x-amz-content-sha256,X-Amz-Date,X-Amz-Security-Token,X-Amz-Target,x-amz-user-agent,x-amzn-platform-id,x-amzn-trace-id", "message": "User: arn:aws:iam::######:user/***** is not authorized to perform: serverlessrepo:CreateCloudFormationTemplate on resource: ######.dkr.ecr.us-east-1.amazonaws.com/BATCHJOB" }, "requestID": "98fb4cc7-1907-4472-a161-67fc75492d81", "eventID": "f3688202-a889-42d1-ab56-82dfc7002cd4", "readOnly": false, "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "######", "eventCategory": "Management" }

1 Answer
0

Have you checked your IAM User's permissions? You need a policy that allows serverlessrepo:CreateCloudFormationTemplate.

See policy examples here - https://docs.aws.amazon.com/serverlessrepo/latest/devguide/security_iam_id-based-policy-examples.html

EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content