You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 10, 2021. It is now read-only.
Fantastic work on the project. I just followed the Spinnaker quick start on AWS (https://s3.amazonaws.com/quickstart-reference/spinnaker/latest/doc/spinnaker-on-the-aws-cloud.pdf) and after cloud formation finished I began surfing through the Spinnaker UI. After some unexpected behavior in the UI, I decided to look over the spinnaker logs and I found the error SpinnakerUser is not authorized to perform: iam:ListServerCertificates. I manually gave permission to the user in the AWS IAM and the spinnaker behavior got corrected.
/var/log/spinnaker/clouddriver/clouddriver.log
2017-08-30 22:37:28.507 WARN 46014 --- [ecutionAction-4] c.n.s.c.cache.LoggingInstrumentation : com.netflix.spinnaker.clouddriver.aws.provider.AwsInfrastructureProvider:default/us-west-2/AmazonCertificateCachingAgent completed
com.amazonaws.services.identitymanagement.model.AmazonIdentityManagementException: User: arn:aws:iam::317085423413:user/Spinnaker-SpinnakerUser-5Z0ZXXV7BRKH is not authorized to perform: iam:ListServerCertificates on resource: arn:aws:iam::317085423413:server-certificate/ (Service: AmazonIdentityManagement; Status Code: 403; Error Code: AccessDenied; Request ID: cd8faada-8dd3-11e7-a132-ad6c0570cad9)
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1587) ~[aws-java-sdk-core-1.11.173.jar:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1257) ~[aws-java-sdk-core-1.11.173.jar:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1029) ~[aws-java-sdk-core-1.11.173.jar:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:741) ~[aws-java-sdk-core-1.11.173.jar:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:715) ~[aws-java-sdk-core-1.11.173.jar:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:697) ~[aws-java-sdk-core-1.11.173.jar:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:665) ~[aws-java-sdk-core-1.11.173.jar:na]
at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:647) ~[aws-java-sdk-core-1.11.173.jar:na]
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:511) ~[aws-java-sdk-core-1.11.173.jar:na]
at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.doInvoke(AmazonIdentityManagementClient.java:8275) ~[aws-java-sdk-iam-1.11.173.jar:na]
at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.invoke(AmazonIdentityManagementClient.java:8251) ~[aws-java-sdk-iam-1.11.173.jar:na]
at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.executeListServerCertificates(AmazonIdentityManagementClient.java:6023) ~[aws-java-sdk-iam-1.11.173.jar:na]
at com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient.listServerCertificates(AmazonIdentityManagementClient.java:5999) ~[aws-java-sdk-iam-1.11.173.jar:na]
at com.amazonaws.services.identitymanagement.AmazonIdentityManagement$listServerCertificates.call(Unknown Source) ~[na:na]
at com.netflix.spinnaker.clouddriver.aws.provider.agent.AmazonCertificateCachingAgent.loadData(AmazonCertificateCachingAgent.groovy:86) ~[clouddriver-aws-1.674.2.jar:1.674.2]
at com.netflix.spinnaker.cats.agent.CachingAgent$CacheExecution.executeAgentWithoutStore(CachingAgent.java:66) ~[cats-core-1.674.2.jar:1.674.2]
at com.netflix.spinnaker.cats.agent.CachingAgent$CacheExecution.executeAgent(CachingAgent.java:59) ~[cats-core-1.674.2.jar:1.674.2]
at com.netflix.spinnaker.cats.redis.cluster.ClusteredAgentScheduler$AgentExecutionAction.execute(ClusteredAgentScheduler.java:205) ~[cats-redis-1.674.2.jar:1.674.2]
at com.netflix.spinnaker.cats.redis.cluster.ClusteredAgentScheduler$AgentJob.run(ClusteredAgentScheduler.java:179) ~[cats-redis-1.674.2.jar:1.674.2]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) ~[na:1.8.0_141]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[na:1.8.0_141]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [na:1.8.0_141]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [na:1.8.0_141]
at java.lang.Thread.run(Thread.java:748) [na:1.8.0_141]
The text was updated successfully, but these errors were encountered:
This issue is tagged as 'stale' and hasn't been updated in 89 days, so we are tagging it as 'to-be-closed'. It will be closed in 45 days unless updates are made. If you want to remove this label, comment:
Hey guys!
Fantastic work on the project. I just followed the Spinnaker quick start on AWS (https://s3.amazonaws.com/quickstart-reference/spinnaker/latest/doc/spinnaker-on-the-aws-cloud.pdf) and after cloud formation finished I began surfing through the Spinnaker UI. After some unexpected behavior in the UI, I decided to look over the spinnaker logs and I found the error
SpinnakerUser is not authorized to perform: iam:ListServerCertificates
. I manually gave permission to the user in the AWS IAM and the spinnaker behavior got corrected.The text was updated successfully, but these errors were encountered: