https://pulumi.com logo
Join Slack
Powered by
I am running into an error for `aws` `vpc` with `A...
# general
c
I am running into an error for 
aws
vpc
with 
AccessDenied
. https://asciinema.org/a/XDK4ZRawRIDXYUEW8aNDGj5fZ and here is the sample code
Copy code
import * as awsx from '@pulumi/awsx';

const vpc = new awsx.ec2.Vpc('custom', {
  cidrBlock: '10.0.0.0/16',
  numberOfAvailabilityZones: 3,
  subnets: [
    { type: 'public' },
    { type: 'private' },
    { type: 'isolated', name: 'db' },
    { type: 'isolated', name: 'redis' }
  ]
});
It is failing with this error 
invocation of aws:index/getAvailabilityZones:getAvailabilityZones returned an error: invoking aws:index/getAvailabilityZones:getAvailabilityZones: Error fetching Availability Zones: UnauthorizedOperation: You are not authorized to perform this operation.
I am able to get the
Copy code
aws ec2 describe-availability-zones
{
    "AvailabilityZones": [
        {
            "State": "available",
            "Messages": [],
            "RegionName": "us-east-1",
            "ZoneName": "us-east-1a",
            "ZoneId": "use1-az1"
        },
        {
            "State": "available",
            "Messages": [],
            "RegionName": "us-east-1",
            "ZoneName": "us-east-1b",
            "ZoneId": "use1-az2"
        },
        {
            "State": "available",
            "Messages": [],
            "RegionName": "us-east-1",
            "ZoneName": "us-east-1c",
            "ZoneId": "use1-az4"
        },
        {
            "State": "available",
            "Messages": [],
            "RegionName": "us-east-1",
            "ZoneName": "us-east-1d",
            "ZoneId": "use1-az6"
        },
        {
            "State": "available",
            "Messages": [],
            "RegionName": "us-east-1",
            "ZoneName": "us-east-1e",
            "ZoneId": "use1-az3"
        },
        {
            "State": "available",
            "Messages": [],
            "RegionName": "us-east-1",
            "ZoneName": "us-east-1f",
            "ZoneId": "use1-az5"
        }
    ]
}
Which permissions am I missing? Thanks
s
Hi! Are you sure you’re using the same principal here?
Ultimately, an 
aws.getAvailabilityZones
ends up calling this code: https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/data_source_aws_availability_zones.go#L72 which only uses the 
DescribeAvailabilityZones
call.
c
The issue was I didn’t set this in the config 
aws:profile: dev
Thanks
Open in Slack
PreviousNext
Powered by