GetMember operation and GetMember on resource - is not authorized to perform

0

Dear Community,

I have created Network and Members in the Hyperledger Fabric Private Network (Amazon Managed Blockchain) and when I run this on Linux Terminal:

aws managedblockchain get-member \

I get this error

An error occurred (AccessDeniedException) when calling the GetMember operation: User: arn:aws:iam::939957818945:user/xxxxxxxxxx is not authorized to perform: managedblockchain:GetMember on resource: arn:aws:managedblockchain:us-east-1:939957818945:members/xxxxxxxxxxxxxxxxxxxxxxxxxxxx

Note: I did try to search for the above solution and I found this --> AWS IAM Identity Center (successor to AWS Single Sign-On)

However, it requires me to open permission to other Users? But I don't know any other "Users". Do you have a list of Users using AWS Amazon Managed Blockchain)? Or do I have the alternative to Skip this?

Please advise and guide, thank you.

*Edit: Removed IAM user details -- Roxy M.

2 Answers
0
Accepted Answer

Hello!

After you create an IAM user, you can attach a policy to it (in order to give the user permissions). For the sake of development, I suggest that you attach the managed policy called "AdministratorAccess".

As a recommendation, I suggest that you give "least-privileged" permissions to IAM users in your production workloads.

After you create the IAM user and attach the policy, you have to create a pair of "Access keys". You can find this in the AWS Management Console under the "Security Credentials" tab of the IAM user. These credentials are required for authentication (with the Signature Version 4 signing process).

After creating your access and secret keys, you will have to install the AWS CLI (if you have not installed it previously).

You can then run the command aws configure to set your Access and Secret keys. I have attached a screenshot that depicts running this command.

Once you have set your credentials, you should have the proper authorization required to interact with the resources you have created.

I hope this helps to fix the error you were receiving.

Please let me know if you have any other questions! Have a great rest of your day.

AWS Configure Command

profile pictureAWS
EXPERT
answered 7 months ago
0

Hello.
From the ARN displayed in the error, it appears that the "managedblockchain:GetMember" policy is not set for the IAM user you are using.
Presumably you are not logging into AWS using the AWS IAM Identity Center.
So, you need to attach the necessary policies to the IAM user.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html

Attach the policy to the user "our_new87" by following the steps described in this document.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html

profile picture
EXPERT
answered 7 months ago
profile pictureAWS
EXPERT
reviewed 7 months ago
  • Agreed with Riku. It is not the wide problem that you describe but something much simpler: the user our_new87 is just not allowed to use GetMember operation until you update his credentials.

  • Hi Riku and Didier,

    Thanks so much for your reply I followed the steps from the link provided, and run again.

    An error occurred (UnrecognizedClientException) when calling the GetMember operation: The security token included in the request is invalid.

    Question - I have checked and found is under --> "Using temporary credentials with AWS resources" and it can be set for the EC2 but they don't show the guides except for SDK and CLI only. Which means I can use it on my EC2 Linux Terminal to do it?

    Or if is not the Link, kindly guide me on which is the correct link to solve the "Security Token"?

    Please advise, thank you.

  • Thanks for the reply. Have you followed the instructions in this document to attach a policy to an IAM user? https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html#users_change_permissions-add-console

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions