Error creating VPC: UnauthorizedOperation

Question

I am trying to create VPC by using terraform, I am using IAM user's secrate and access key for authentication. But when trying to create VPC it is throwing "Error creating VPC: UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message: <encode_message>" When I decode this message then I got it's don't have permission to ec2:createVpc. But I have assign Administrator Access, ec2 full access and vpc full access to this user. I am able to create any other resources by using this credentials.

Really appreciate your help. Thanks in advance.

Is this is your own account, or part some AWS Organization? – Marcin Apr 08 '21 at 10:44 — Marcin, Apr 08 '21 at 10:44
Could you share your terraform code? – Juan Medina Apr 08 '21 at 12:32 — Juan Medina, Apr 08 '21 at 12:32

score 1 · Answer 1 · answered Apr 08 '21 at 15:34

First, make sure that you have properly setup your AWS credential on your local development environment either with environment variables like AWS_* or the shared credential file ~/.aws/credentials (I am assuming that you're on Linux).

If not, see the official documentation from AWS: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html

(I assume you have aws-cli installed, if not then see: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html)

Then, to check if your credential is properly configured, you can try with this command:

aws sts get-caller-identity

You should see something like:

{
    "UserId": "<REDACTED>",
    "Account": "<REDACTED>",
    "Arn": "arn:aws:iam::<REDACTED>:<REDACTED>"
}

Remember not to share the output above!

score 0 · Answer 2 · answered Feb 06 '22 at 07:38

Your user may not have the necessary permissions to perform the action.

Try adding something like the following to your permissions:

{
    "Sid": "VisualEditor1",
    "Effect": "Allow",
    "Action": "ec2:DescribeVpcs",
    "Resource": "*"
},
{
    "Sid": "foo",
    "Effect": "Allow",
    "Action": [
        "ec2:CreateVpc",
        "ec2:DeleteVpc"
    ],
    "Resource": "*"
}

score 0 · Answer 3 · answered Jun 02 '23 at 03:07

These can be 1 possible cause:

After making sure its not ~/.aws/credentials one possible cause is check if you have a MFA policy set which can be the blocker as well.

For me , I temporarily removed the permission related to MFA and worked.

I figure out the issue by decoding the error message from the response with following command and knew it was MFA:

aws sts decode-authorization-message --encoded-message <code-here>

Now you get to see the cause of the problem

Error creating VPC: UnauthorizedOperation

3 Answers3