C3W2 Lab 1 Cannot apply terraform configuration

Course Q&A Data Engineering Data Storage and Queries
1

Hi

I faced a error when I try to apply the configuration without the edition to the .tf file.

Error message:

aws_iam_role_policy.task_role_policy: Creating…

│ Error: putting IAM Role (Cloud9-de-c3w2lab1-glue-role) Policy (de-c3w2lab1-glue-role-policy): operation error IAM: PutRolePolicy, https response error StatusCode: 403, RequestID: 89ed211a-a0da-451a-9951-80b09977749f, api error AccessDenied: User: arn:aws:sts::480311557402:assumed-role/Cloud9InstanceRole/i-012487e0a56d1cf8d is not authorized to perform: iam:PutRolePolicy on resource: role Cloud9-de-c3w2lab1-glue-role because no identity-based policy allows the iam:PutRolePolicy action

│ with aws_iam_role_policy.task_role_policy,
│ on iam_roles.tf line 6, in resource “aws_iam_role_policy” “task_role_policy”:
│ 6: resource “aws_iam_role_policy” “task_role_policy” {

2

Thank you @HO_TA_WEI for reporting this issue! The team is aware of it and will update the lab soon. We’ll let you know when it’s fixed so you can try the lab again.

3

@HO_TA_WEI To resolve the AccessDenied error when trying to attach a policy to an IAM role from your Cloud9 environment, follow these detailed steps:

Step 1: Identify the Current Role

  1. Log in to AWS Console:
  • Sign in to your AWS account.
  1. Go to IAM Roles:
  • Navigate to the IAM service from the AWS Management Console.
  • Click on Roles in the left sidebar.
  1. Locate the Cloud9 Role:
  • Search for Cloud9InstanceRole. This is the role that your Cloud9 environment is using.

Step 2: Review Attached Policies

  1. Select the Role:
  • Click on Cloud9InstanceRole to view its details.
  1. Check Permissions:
  • Click on the Permissions tab.
  • Review the policies currently attached to this role. Look for any policies that may allow IAM actions.

Step 3: Create a New Policy for IAM Permissions

  1. Create a New Policy:
  • Click on Policies in the left sidebar.
  • Click Create policy.
  • Select the JSON tab and enter the following policy:

json

Copy code

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iam:PutRolePolicy",
                "iam:AttachRolePolicy",
                "iam:DetachRolePolicy",
                "iam:DeleteRolePolicy",
                "iam:CreateRole",
                "iam:GetRole"
            ],
            "Resource": "*"
        }
    ]
}
  • Click Next: Tags (optional, skip if not needed).
  • Click Next: Review.
  • Provide a name (e.g., Cloud9ManageIAMRolesPolicy) and a description.
  • Click Create policy.

Step 4: Attach the Policy to Cloud9InstanceRole

  1. Return to Roles:
  • Go back to the Roles section in the IAM console.
  1. Select Cloud9InstanceRole:
  • Click on Cloud9InstanceRole.
  1. Attach the Policy:
  • Click on the Permissions tab.
  • Click Add permissions and then select Attach policies.
  • Search for Cloud9ManageIAMRolesPolicy.
  • Check the box next to the policy and click Attach policy.

Step 5: Validate Permissions

  1. Check Attached Policies:
  • Ensure that the new policy is now listed under the Permissions tab for Cloud9InstanceRole.

Step 6: Re-run Your Terraform Code

  1. Open Your Terminal or IDE:
  • Navigate to the directory where your Terraform configuration is located.
  1. Run Terraform:
  • Execute terraform apply to apply your configuration again.
4

Thank you!