We use the tagging API to tag our resources, but we lack permissions to do so:
$ aws --profile fedora resourcegroupstaggingapi tag-resources --resource-arn-list arn:aws:ec2:us-east-2:125523088429:instance/i-00fc51fb514bdd974 --tags Name=172.31.28.129::Fedora-Cloud-Base-Rawhide-20201012.n.0.x86_64-hvm-us-east-2-gp2-0 An error occurred (AccessDeniedException) when calling the TagResources operation: User: arn:aws:iam::125523088429:user/fedora-ci-testing-farm is not authorized to perform: tag:TagResources
Metadata Update from @zlopez: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: medium-gain, medium-trouble, ops
Adjusted policy, please try again now.
Metadata Update from @pingou: - Issue tagged with: aws
@kevin does not seems to work still:
$ aws resourcegroupstaggingapi tag-resources --resource-arn-list arn:aws:ec2:us-east-2:125523088429:instance/i-0631b385f33e11fb5 --tags Name=172.31.28.129::Fedora-Cloud-Base-Rawhide-20201012.n.0.x86_64-hvm-us-east-2-gp2-0 An error occurred (AccessDeniedException) when calling the TagResources operation: User: arn:aws:iam::125523088429:user/fedora-ci-testing-farm is not authorized to perform: tag:TagResources
@mobrien hi, would you have time to look at this one also? Could we I am missing something?
@mobrien @kevin sorry for pinging this again, but absence of tagging makes investigation of some failures in Fedora CI very hard, as we link the instances to jobs by tags :/ Would you have time to look what could be the problem pls?
Try again now? I had added 'ec2:TagResources' but perhaps it should be 'tag:TagResources'? so I changed it to that...
@mvadkert any news here? Is it working now?
sorry it works now!
Metadata Update from @mvadkert: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.