AWS CloudFront Distribution Access Denied Error

0

Hi AWS, I am using AWS CDK Stack Builder Tool to deploy an application using this GitHub sample repo https://github.com/aws-samples/aws-cdk-stack-builder-tool. While I am running the CDK CLI command npx cdk deploy, I am getting the access error denied i.e.

****9:37:55 AM | CREATE_FAILED | AWS::CloudFront::Distribution | WebsiteDistirbutio...stributionE1110367 Resource handler returned message: "Access denied for operation 'AWS::CloudFront::Distribution: Your account must be verified before you can add new CloudFront resources. To verify your ac count, please contact AWS Support (https://console.aws.amazon.com/support/home#/) and include this error message. (Service: CloudFront, Status Code: 403, Request ID: 57518ca1-40f0-4d9d-9f6 5-9b3fa0b66b46)'." (RequestToken: ce0bb642-a60a-1dd2-0ceb-6bf842f62354, HandlerErrorCode: AccessDenied)

❌ cdk-builder failed: Error: The stack named cdk-builder failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: Resource handler returned message: "Access denied for operation 'AWS::CloudFront::Distribution: Your account must be verified before you can add new CloudFront resources. To verify your account, please contact AWS Support (https://console.aws.amazon.com/support/home#/) and include this error message. (Service: CloudFront, Status Code: 403, Request ID: 57518ca1-40f0-4d9d-9f65-9b3fa0b66b46)'." (RequestToken: ce0bb642-a60a-1dd2-0ceb-6bf842f62354, HandlerErrorCode: AccessDenied) at FullCloudFormationDeployment.monitorDeployment (/home/ec2-user/aws-cdk-stack-builder-tool/node_modules/aws-cdk/lib/index.js:440:10568) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async Object.deployStack2 [as deployStack] (/home/ec2-user/aws-cdk-stack-builder-tool/node_modules/aws-cdk/lib/index.js:443:199515) at async /home/ec2-user/aws-cdk-stack-builder-tool/node_modules/aws-cdk/lib/index.js:443:181237

❌ Deployment failed: Error: The stack named cdk-builder failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: Resource handler returned message: "Access denied for operation 'AWS::CloudFront::Distribution: Your account must be verified before you can add new CloudFront resources. To verify your account, please contact AWS Support (https://console.aws.amazon.com/support/home#/) and include this error message. (Service: CloudFront, Status Code: 403, Request ID: 57518ca1-40f0-4d9d-9f65-9b3fa0b66b46)'." (RequestToken: ce0bb642-a60a-1dd2-0ceb-6bf842f62354, HandlerErrorCode: AccessDenied) at FullCloudFormationDeployment.monitorDeployment (/home/ec2-user/aws-cdk-stack-builder-tool/node_modules/aws-cdk/lib/index.js:440:10568) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async Object.deployStack2 [as deployStack] (/home/ec2-user/aws-cdk-stack-builder-tool/node_modules/aws-cdk/lib/index.js:443:199515) at async /home/ec2-user/aws-cdk-stack-builder-tool/node_modules/aws-cdk/lib/index.js:443:181237

The stack named cdk-builder failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: Resource handler returned message: "Access denied for operation 'AWS::CloudFront::Distribution: Your account must be verified before you can add new CloudFront resources. To verify your account, please contact AWS Support (https://console.aws.amazon.com/support/home#/) and include this error message. (Service: CloudFront, Status Code: 403, Request ID: 57518ca1-40f0-4d9d-9f65-9b3fa0b66b46)'." (RequestToken: ce0bb642-a60a-1dd2-0ceb-6bf842f62354, HandlerErrorCode: AccessDenied)****

This is weird as the IAM user is having AdministratorAccess policy attached and the user is configured on the EC2 server where I am running the CDK CLI commands. Please help.

3 Answers
4

Hello,

1. Verify Your AWS Account: This error usually happens if your AWS account needs to be verified before creating CloudFront distributions. Contact AWS Support through the AWS Support Center and include the error message and Request ID (57518ca1-40f0-4d9d-9f65-9b3fa0b66b46) in your support case. Once verified, try deploying your CDK stack again.

2.Check Your Payment Method: This issue can also occur if your payment method, such as a credit card, hasn't been verified. Check your billing information in the AWS Management Console to ensure your payment method is verified. If it's not, follow the prompts to verify it, then try deploying your CDK stack again.

this are the possibilities check it once.

profile picture
EXPERT
answered 5 months ago
1

Hi Arjun,

Sometimes it is having problem with permissions and verification also.

The error message indicates that your AWS account needs to be verified before you can create CloudFront resources. Even though your IAM user has AdministratorAccess policy, new accounts may require verification.

To resolve this issue, follow these steps:

Contact AWS Support: Reach out to AWS Support through the provided link in the error message and inform them about the verification requirement. ( https://support.console.aws.amazon.com/support/home ).

Account Verification: AWS Support will guide you through the account verification process.

profile picture
EXPERT
answered 5 months ago
0

This usualy happens if you havent verified your payment method such as a credit card.

I would check in billing if its asking you to verify payment

profile picture
EXPERT
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions