Want higher error messages when KMS entry is restricted on AWS
I’m operating a CloudFormation script to deploy some IAM credentials. I already had this working, however I’ve refactored my code a bit. Now I’m getting this error once more.
I’m wanting on the coverage of the position that needs to be executing this code and it seems to have the suitable permissions.
![](https://miro.medium.com/max/1400/1*-RKie8IMW6a-frKXTC7VGg.png)
When getting this error it will be extra useful if the error message included the person or position ARN was that was not allowed and whether or not it’s as a result of KMS key useful resource coverage or the IAM person coverage.
This error message appears to point it’s an IAM coverage but it surely’s not likely clear.
Then once I assessment the important thing coverage I don’t see any issues there both.
A extra helpful error message on this case would actually save me a while.
The issue is that in some way (and I don’t know the way) the ARN I handed right into a key coverage is getting modified to a price I don’t acknowledge in some unspecified time in the future after I run my CloudFormation template:
![](https://miro.medium.com/max/1400/1*GrcmHTr1TL6mQ9qUp6Wzeg.png)
I don’t suppose I’m doing that. If I run the CloudFormation template once more it fixes the issue.
Right here’s one other one:
![](https://miro.medium.com/max/1400/1*UQeXBLrgLSDO99Pj-0sfzw.png)
I occur to know this person doesn’t have permission but when I didn’t that error message can be very irritating as a result of it doesn’t say why you can not delete the alias.
This error is useful, however I’ve a query. Why does the above display not embody “alias/” within the identify and why do I even have to put “/alias” in any command, identify or CloudFormation. Can’t you simply add that behind the scenes if required and never current? Could be a bit extra user-friendly.
![](https://miro.medium.com/max/1400/1*r7Wm9RG2t3x8gHDjWL7ZqQ.png)
Teri Radichel
In case you appreciated this story please clap and observe:
Medium: Teri Radichel or Electronic mail Listing: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests providers by way of LinkedIn: Teri Radichel or IANS Analysis
© 2nd Sight Lab 2022
____________________________________________
Creator:
Cybersecurity for Executives within the Age of Cloud on Amazon
![](https://miro.medium.com/max/500/0*H9Ew1KCl-29nZiPR.jpeg)
Want Cloud Safety Coaching? 2nd Sight Lab Cloud Safety Coaching
Is your cloud safe? Rent 2nd Sight Lab for a penetration check or safety evaluation.
Have a Cybersecurity or Cloud Safety Query? Ask Teri Radichel by scheduling a name with IANS Analysis.
Cybersecurity & Cloud Safety Assets by Teri Radichel: Cybersecurity and Cloud safety lessons, articles, white papers, displays, and podcasts
![](https://miro.medium.com/max/800/1*4oxP4LXk8l8c3mpRvO7ejg.png)