Erik Robertson
03/17/2022, 11:28 AMcurrent credentials could not be used to assume 'arn:aws:iam::055101007100:role/cdk-hnb659fds-deploy-role-XXX-us-west-2', but are for the right account. Proceeding anyway.
❌ DEV-ERIK-dwam-back-debug-stack failed: Error: DEV-ERIK-dwam-back-debug-stack: User: arn:aws:iam::XXX:user/dev_admin is not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:us-west-2:XXX:parameter/cdk-bootstrap/hnb659fds/version because no identity-based policy allows the ssm:GetParameter action
I am already passing a --role-arn parameter to sst start which has that ssm permission and it worked well using that role to build the debug stack but it's apparently not using it for deploying.
Based on the first line I have also tried to give the iam:passRole also to that CDK role but that didn't change anything either...
Any help is appreciated.Frank
Erik Robertson
03/17/2022, 8:41 PMFrank
Frank
sst start
with role arn?Erik Robertson
03/17/2022, 10:27 PMFrank
Frank
Frank
ssm:GetParameter
permission to the IAM user arn:aws:iam::XXX:user/dev_admin
?Erik Robertson
03/18/2022, 12:30 AMErik Robertson
03/18/2022, 10:47 AM