Error upon deploying: AccessDeniedException: Cross-account pass role is not allowed.
dabrazhe opened this issue · 0 comments
dabrazhe commented
Our accounts are setup via an organisational accounts, with no users directly in development accounts. This is a common practice. Users switch role to desired accounts.
Perhaps this is the reason when deploying in a development account.
chaos-lambda deploy -r arn:aws:iam::50000000:role/ChaosLambda-Accessrole
AWS_REGION not set, defaulting to eu-west-1
Something went wrong:
{ AccessDeniedException: Cross-account pass role is not allowed.
at Object.extractError (/usr/local/lib/node_modules/chaos-lambda/node_modules/aws-sdk/lib/protocol/json.js:43:27)
at Request.extractError (/usr/local/lib/node_modules/chaos-lambda/node_modules/aws-sdk/lib/protocol/rest_json.js:37:8)
at Request.callListeners (/usr/local/lib/node_modules/chaos-lambda/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
at Request.emit (/usr/local/lib/node_modules/chaos-lambda/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
at Request.emit (/usr/local/lib/node_modules/chaos-lambda/node_modules/aws-sdk/lib/request.js:596:14)
at Request.transition (/usr/local/lib/node_modules/chaos-lambda/node_modules/aws-sdk/lib/request.js:21:10)
at AcceptorStateMachine.runTo (/usr/local/lib/node_modules/chaos-lambda/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /usr/local/lib/node_modules/chaos-lambda/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/usr/local/lib/node_modules/chaos-lambda/node_modules/aws-sdk/lib/request.js:37:9)
at Request.<anonymous> (/usr/local/lib/node_modules/chaos-lambda/node_modules/aws-sdk/lib/request.js:598:12)
message: 'Cross-account pass role is not allowed.',
code: 'AccessDeniedException',
time: 2019-06-21T13:53:13.545Z,
requestId: 'e992148c-942b-11e9-9727-097a78ea9fd9',
statusCode: 403,
retryable: false,