Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Username: dhaas
- Password:
- Please choose the role you would like to assume:
- [ 1 ]: arn:aws:iam::488777652958:role/Sandbox-Admin
- [ 2 ]: arn:aws:iam::488777652958:role/Primary-Admin
- Selection: 1
- 09:07:28 [main] DEBUG com.okta.tools.awscli - Cross-account role is Sandbox-Admin
- 09:07:29 [main] DEBUG com.okta.tools.awscli - Creating the AWS Identity Management client
- 09:07:29 [main] DEBUG com.okta.tools.awscli - Getting role: Sandbox-Admin
- Exception in thread "main" com.amazonaws.services.identitymanagement.model.AmazonIdentityManagementException: User: arn:aws:iam::488777652958:user/OktaSSO is not authorized to perform: iam:GetRole on resource: role Sandbox-Admin (Service: AmazonIdentityManagement; Status Code: 403; Error Code: AccessDenied; Request ID: 52c3fda5-408a-11e7-9f3e-3fb8959eef88)
- at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1588)
- at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1258)
- at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1030)
- at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:742)
- at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716)
- at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
- at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
- at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
- at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
- at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.doInvoke(AmazonIdentityManagementClient.java:8111)
- at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.invoke(AmazonIdentityManagementClient.java:8087)
- at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.executeGetRole(AmazonIdentityManagementClient.java:4295)
- at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.getRole(AmazonIdentityManagementClient.java:4272)
- at com.okta.tools.awscli.GetRoleToAssume(awscli.java:437)
- at com.okta.tools.awscli.main(awscli.java:119)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement