CJE operations fail with authorization error

Issue

  • On CJE (AWS installations) worker creation or removal fails with an error that includes you are not authorized to perform this operation. For example:

denied2
or
denied1
 

Environment

  • CloudBees Jenkins Enterprise (AWS installations)

 

Resolution

Something in the AWS policy is restricting the operation. A quick, though not exhaustive, check is to download the AWS CLI tool so that you can verify AWS permissions completely outside of CJE. Try these simple operations to validate access:

aws ec2 describe-instances

and

aws s3 ls

Note: Do not modify or remove any objects here. This is just to validate access.

Additionally if you are using AWS profiles (and have multiple ones defined) you can add the flag for --profile so that you can explictly test with it. For example

aws ec2 describe-instances --profile my-developer-profile

If these commands return access errors, please refer back to the policy for the minimum set of AWS operations needed for CJE operations.

Finally, when troubleshooting, remember that even if an AWS policy is created appropriately for CJE, you may still face restrictions due to other security group policies that take precedence over it. You may need the help of your organization’s security or AWS engineer to investigate fully.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.