cloudmapper auditor cdk deploy fails with multiple You are not authorized to perform this operation errors

Question

cloudmapper auditor cdk deploy fails with multiple You are not authorized to perform this operation errors

Opened this issue 3 years ago · 0 comments

Hi. When trying to deploy cloudmapper auditor application to aws according to https://github.com/duo-labs/cloudmapper/blob/main/auditor/README.md the cdk deploy command fails with multiple CREATE_FAILED You are not authorized to perform this operation error messages followed by a summary looking like this:

CloudmapperauditorStack The following resource(s) failed to create: [alarmforwarderServiceRoleB9026B1B, taskDefinitioncloudmappercontainerLogGroup7F93E70E, CloudMapperVpcIGW7E937F7B, ClusterEB0123A7, taskDefinitionExecutionRoleA4CD45BC, taskDefinitionEventsRole377A8C74, cloudmapperalarm0DFD3BAB, LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9116ECFB, taskDefinitionTaskRole3DEF31E0, CloudMapperVpcAF815FDA, CDKMetadata].

Apparently the user which the application is being deployed with (cloudmapper) misses permissions/requires specific role(s) to be assigned to him.

Question: is there a list of roles the user cloudmapper has to be assigned before running the cdk deploy command? I've gone through the instructions a few times, this point doesn't seem to be covered there.

Thanks in advance.