Improve error handling for missing IAM policy action for assumed IAM role

Question

Improve error handling for missing IAM policy action for assumed IAM role

DjangoFett opened this issue 6 years ago · 0 comments

Would be nice to throw an error when an action is missing from an IAM policy instead of failing to run.
Even better would be to have some sort of error displayed on the UI to save the trouble of logging into the container for find that it failed to run.

Added the error in question below that I found while installing this the first time.

  File "/opt/staging/limits.py", line 68, in <module>
    dms_limits = dms.describe_account_attributes()
  File "/usr/local/lib/python3.4/site-packages/botocore/client.py", line 314, in
 _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/usr/local/lib/python3.4/site-packages/botocore/client.py", line 612, in
 _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when
calling the DescribeAccountAttributes operation: User: arn:aws:sts::[ACCOUNT]
:assumed-role/[ROLENAME]/limit_dashboard is not authorized to perform: dms:Des
cribeAccountAttributes