Home > Software design >  AWS AccessDenied when calling the UploadServerCertificate
AWS AccessDenied when calling the UploadServerCertificate

Time:10-22

I ran into a problem with AWS instance when I was trying to import self signed SSL certificate to IAM console following this tutorial -> https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-ssl.html

Basically tutorial is made to self sign a certificate and upload it to IAM user to have HTTPS application for testing purposes.

I SSH to my instance and ran all those commands, but in the end when I need to import it I get the error that my account is not authorized...

An error occurred (AccessDenied) when calling the UploadServerCertificate operation: User: arn:aws:sts::xxxxxxxxx:assumed-role/aws-elasticbeanstalk-ec2-role/xxxxxxx is not authorized to perform: iam:UploadServerCertificate on resource: arn:aws:iam::xxxxxxxxx:server-certificate/elastic-beanstalk-x509

I'm logged in as a ec2-user into the instance because I didn't find a way to log in with any other user... I tried running command as sudo and nothing changes. On a similar post I have seen that I need to create a specific IAM user to which I need to append specific group policy to have "IAMFullAccess" policy. But I don't understand how can I specify that I want to run this command as this user since I am logged in as ec2-user on SSH...

CodePudding user response:

You need to do some reading: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html

  • Create an IAM role with Upload permission
  • Add a trust policy to the role that it will allow it to be assumed by your EC2 instance
  • Attach the role to the EC2 instance

From your error it seems that you are using Elastic Beanstalk. This means that you already have a role that is assumed by your EC2. Find this role (xxxxx in the error message) and add the appropriate permissions.

CodePudding user response:

Okay I have managed to add the certificate to the instance...

aws iam list-server-certificates { "ServerCertificateMetadataList": [ { "ServerCertificateId": "id", "ServerCertificateName": "elastic-beanstalk-x509", "Expiration": "2022-10-21T13:07:11Z", "Path": "/", "Arn": "arn", "UploadDate": "2021-10-21T13:42:39Z" } ] }

I also added Listener and proces on "Modify Application Load Balancer" but the site is still not responding to HTTPS requests... Any idea?

Page link:https//www.codepudding.com/Softwaredesign/162110.html

Prev:aws cloudformation template for spot request in ec2 instance
Next:Can't create AWS EBS multi-attach volume
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding