- Newest
- Most votes
- Most comments
Hi,
I would suggest you to do what you're trying to do via CLI instead of console to have full control on what's happening.
Your first thing should be to run aws sts get-caller-identity
to ensure that you really execute command under an userid that has admin privileges. See https://docs.aws.amazon.com/cli/latest/reference/sts/get-caller-identity.html
Then, when you're sure that you are admin, you should succeed with aws iam list-account-aliases
. See https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/list-account-aliases.html for all details
Best,
Didier
Hi,
As described in [1] 4, there's an issue with "Identity-based Policies". I would suggest you to open CloudShell from the top right of the management console and execute the following command
aws iam list-account-aliases
A similar error should occur, but at that time, the iam:listAccountAliases action is recorded in CloudTrail's event history [2](replace region). There is user information that was actually used for the action in "userIdentity", and specific error information are also described.
[1] https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow [2] https://ap-northeast-1.console.aws.amazon.com/cloudtrailv2/home?region=<YOUR_REGION>#/events?eventname=ListAccountAlases
Relevant content
- Accepted Answerasked 10 months ago
- asked 3 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 13 days ago