Have you ever tried to perform a change from the aws command-line and all you got was an error like
"An error occurred (UnauthorizedOperation) when calling the XXXXXX operation: You are not authorized to perform this operation. Encoded authorization failure message"
and an encrypted string afterwards? Well, don't panic. It's just a "normal" error, but in this case the output is encrypted for security; aws api does so becasue it throws some sensible information and they don't want anyone else but you to get it.
How to decrypt that info? Easy; you need an allow policy on STS for the action DecodeAuthorizationMessage. If you already got permission, you don't need to create the policy, but if you need to just copy and paste it
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "sts:DecodeAuthorizationMessage",
"Resource": "*"
}
]
}
Once the policy has been applied, you can decrypt the error with
> aws sts decode-authorization-message --encoded-message Error_Message_Encrypted_String --output table
where Error_Message_Encrypted_String would be the message you got.
Hope that helps!
No hay comentarios:
Publicar un comentario