By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Permission denied on AWS Device Farm

0

Hi, I tried to run ./gradlew deviceFarmUpload but it failed because I am not authorized to perform: devicefarm:ListProjects with an explicit deny in an identity-based policy. I checked with my admin and he stated that I am in a user group which has the AWSDeviceFarmFullAccess policy attached to the group.

arn:aws:iam::aws:policy/AWSDeviceFarmFullAccess { "Version": "2012-10-17", "Statement": [ { "Action": [ "devicefarm:" ], "Effect": "Allow", "Resource": "" } ] }

Can I get help with this issue? Thank you so much.

Topics
Front-End Web & MobileSecurity, Identity, & ComplianceManagement & Governance
Tags
AWS Device FarmAWS Identity and Access ManagementAWS Management ConsoleAWS Command Line Interface
Language
English
rePost-User-1061543
asked 2 years ago642 views
2 Answers
0

The issue is that an explicit deny in any relevant policy will override any allow that you have (like the policy you included).

You will likely need to ask your admin about what other policies are applied to your user/group/role, as it looks like some other policy is denying the action(s) you want.

profile picture
rowanu
answered 2 years ago
0

Hi,

Thanks for reaching out. I just want to echo rowanu's answer here, as mentioned, it's most likely due to another policy attached which has an explicit deny. Please see here for the policy evaluation logic -> https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow

Please feel free to raise a support case with us if you are unable to find the root cause of this issue. We will be happy to help you.

AWS
SUPPORT ENGINEER
Ryan_A
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content