I joined a class on AWS Educate. While I can create and run an EC2 instance from the AWS Console, I cannot do the same from the AWS CLI (v2). I set ~/.aws/credentials as requested.
$ aws ssm get-parameters-by-path --path "/aws/service/ami-amazon-linux-latest" --region us-east-1 # works ok
$ aws ec2 create-key-pair --key-name mykey --output text > mykey.pem # works ok
$ aws ec2 run-instances
--image-id resolve:ssm:/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
--instance-type t2.micro
--key-name mykey
The last command returns the following error.
An error occurred (SsmAccessDenied) when calling the RunInstances operation:
User: arn:.../user=my.email@here is not authorized to perform:
ssm:GetParameters on resource: arn:.../aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
with an explicit deny
While I can stick to the AWS Console, I would like to make things as automatic as possible. Any hints?
question from:
https://stackoverflow.com/questions/65850040/aws-educate-cannot-run-ec2-instance-from-aws-cli 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
