While running the terraform apply command, the following error occurred:
module.extract_job.aws_iam_role_policy.task_role_policy: Creating…
Error: putting IAM Role (Cloud9-de-c4w4a1-glue-role) Policy (de-c4w4a1-glue-role-policy): operation error IAM: PutRolePolicy, https response error StatusCode: 403, RequestID: a39b904c-916d-4743-ab83-986c07d37d44, api error AccessDenied: User: arn:aws:sts::023153730192:assumed-role/VSCodeInstanceRole/i-0b3eee0c1c135efc5 is not authorized to perform: iam:PutRolePolicy on resource: role Cloud9-de-c4w4a1-glue-role because no identity-based policy allows the iam:PutRolePolicy action. The VSCodeInstanceRole is denied the iam:PutRolePolicy permission.
Solution:
To resolve this issue, you’ll need to grant the necessary permissions. You can either:
Add the iam:PutRolePolicy permission to the VSCodeInstanceRole.
Provide access for editing the VSCodeInstanceRole.
In either case, you currently have restrictions preventing these changes. I feel it’s cheating that you plan to not solve this silly bug until the end of the trial period. I’m sure about this; otherwise, you could fix it in a single day when we reported it. Please advise on how to proceed.
Hi @muhammed.arshid, we had an issue regarding the policy for VSCodeInstanceRole that came up recently, we are working on solving this issue quickly in all labs. We deployed the updated C4W4 Capstone Part 1 lab recently, we believe the bug shouldn’t happen again.
I encountered the same problem with the VSCodeEC2 instance not having the authorization for the iam:PutRolePolicy. In order to complete the lab, I worked around this issue by running the glue jobs manually in the AWS Glue Console.