IAM Access denied Issue

0

Getting error in user groups, user and any action performed shows "Action denied, contact AWS administrator". Can you please help me on this. Please find one of the error message

You don't have permission to iam:ListUsers. To request access, copy the following text and send it to your AWS administrator. Learn more about troubleshooting access denied errors.

User: arn:aws:iam::{ID}:user/{USERIAMNAME} Service: iam Action: ListUsers On resource(s): arn:aws:iam::{ID}:user/ Context: no identity-based policy allows the iam:ListUsers action

<<update: Moderator note: updated the question to remove ID

mounika
asked 9 months ago1240 views
2 Answers
2

<<First of all remove account id from your question at earliest>>

All you need to do is, log in with user/role, that has Admin/elevated privileges. Add iam:ListUsers action in one of the policy attached to your user/group policy. Once you would have added this permission and there are no denies at SCP/permission boundary level, you should be able to pass this error.

Or

You can add an policy to your user/group by following the below mentioned steps:

  1. Go to IAM Console
  2. Click on Users
  3. Click on your username(mounikaande)
  4. Add permissions
  5. Create inline policy
  6. Click on JSON at right side
  7. Add following json policy there: { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "iam:ListUsers", "Resource": "*" } ] }

If this user belongs to a. group, then you need to do the same thing for the group not to specific user, if this group is ok to have this permission.

Once you add this policy, to your user or to the group, which this user belongs to, you should pass this error.

Hope this helps.

Comment here if you have additional questions, happy to help.

Abhishek

profile pictureAWS
EXPERT
answered 9 months ago
profile picture
EXPERT
reviewed 9 months ago
  • Do you have any additional questions, happy to help?

0

I can't add or see my username in users section and below is the screenshot. Can you please suggest where to add permissions. Enter image description here

mounika
answered 9 months ago
  • Like I mentioned in my answer, you would need to login with user with elevated privileges first or ask some who has permissions to do so. It's evident that you can't list users so you would't be able to do this. You'll need to ask someone who can grant you these permissions.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions