Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Cross Account Authorization Error - AccessDeniedException
See original GitHub issueHi,
I deployed the aws-sharr-deploy.template in “Main” account and also deployed the CISPermissions.template in the “member” account. I made sure to provide the correct account number of the main account when deploying to member account.
I’m getting the following error when running a cross account remediation and I really can’t figure out why. I checked the cross-account roles and the permissions seems to be correct.
ERROR "An error occurred (AccessDeniedException) when calling the StartAutomationExecution operation: User: arn:aws:sts::111111111111:assumed-role/SO0111_CIS4142_memberRole_us-west-2/sechub_master is not authorized to perform: ssm:StartAutomationExecution on resource: arn:aws:ssm:us-west-2::automation-definition/AWS-DisablePublicAccessForSecurityGroup:1"
Issue Analytics
- State:
- Created 2 years ago
- Reactions:1
- Comments:7 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I got the same error after installing the solution today (v1.2.0). I resolved it by manually replacing the account id by a wildcard in the automation-definition resource in the inline policy of the
SO0111-SHARR-Remediation-AFSBP-EC2.2_us-east-1role. The statement looks as follows:Update your stack (remove and replace) to v1.2.0, which was released recently. I haven’t seen this issue before, but best to get on the latest release first. Retry after the update and let us know if it’s working.