I have picked up a piece of work started by a contractor who has since left, and I was told the pipeline was working, but when I run it I get this error:
╷
│ Error: updating Auto Scaling Group (XXX): AccessDenied: You are not authorized to use launch template: XXX
│ status code: 403, request id: f7f48427-6c5a-4154-ab70-5a5226929e9f
│
│ with aws_autoscaling_group.autoscale_group,
│ on main.tf line 243, in resource "aws_autoscaling_group" "autoscale_group":
│ 243: resource "aws_autoscaling_group" "autoscale_group" {
│
I cannot track down where the permissions issue is, the role that runs terraform has a policy that allows everything:
{
"Statement": [
{
"Action": [
"*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowAllPermissions"
}
],
"Version": "2012-10-17"
}
It also seems like the AMI ID is ok and I am able to launch an instance myself using my admin role, from the console using the launch template.
Has anyone had this issue and can maybe point me in the direction of where to look for the permissions error?
In my case it was because unknown to anyone was the fact that an SCP was very recently deployed restricting the creation of instances without an encrypted root device, which led to this error.
I fixed by updating the terraform launch template resource to include the following:
block_device_mappings {
device_name = "/dev/sda1"
ebs {
encrypted = true
}
}
I will leave this question here and answered because it might be helpful to somebody in future.