AMI Permissions not working when using AWS CLI VM import/export

0

I am having some problems with AWS permissions, I am trying to use the VM Import/export to export an instance to a local device. I followed the AWS notes at https://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html, created a policy with the json file that is there and added it to my user, the json is:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListAllMyBuckets"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:CreateBucket",
        "s3:DeleteBucket",
        "s3:DeleteObject",
        "s3:GetBucketLocation",
        "s3:GetObject",
        "s3:ListBucket",
        "s3:PutObject"
      ],
      "Resource": "*"
    }, 
    {
      "Effect": "Allow",
      "Action": [
        "iam:CreateRole",
        "iam:PutRolePolicy"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ec2:CancelConversionTask",
        "ec2:CancelExportTask",
        "ec2:CreateImage",
        "ec2:CreateInstanceExportTask",
        "ec2:CreateTags",
        "ec2:DeleteTags",
        "ec2:DescribeConversionTasks",
        "ec2:DescribeExportTasks",
        "ec2:DescribeInstanceAttribute",
        "ec2:DescribeInstanceStatus",
        "ec2:DescribeInstances",
        "ec2:DescribeTags",
        "ec2:ImportInstance",
        "ec2:ImportVolume",
        "ec2:StartInstances",
        "ec2:StopInstances",
        "ec2:TerminateInstances",
        "ec2:ImportImage",
        "ec2:ImportSnapshot",
        "ec2:DescribeImportImageTasks",
        "ec2:DescribeImportSnapshotTasks",
        "ec2:CancelImportTask"
      ],
      "Resource": "*"
    }
  ]
}

In the summary of permissions it says that the used has full access to S3, IAM and EC2; however, when using the AWS CLI I get an "AccessDenied" for S3 operations and "UnauthorizedOperation" for EC2 operations error, for example after running:

 $ aws s3 ls

I get the next output:

An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied

The same happens when I run:

$aws ec2 create-instance-export-task --instance-id id --target-environment wmware \
--export-to-s3-task DiskImageFormat=VMDK,ContainerFormat=ova,S3Bucket=bucket,S3Prefix=prefix

Output:

An error occurred (UnauthorizedOperation) when calling the CreateInstanceExportTask operation: You are not authorized to perform this operation.

I have checked my user's permissions multiple times and everything looks fine, is there anything else that needs to be done before?

Thank you

ezze5

Posted 2019-04-09T13:44:31.020

Reputation: 1

No answers

Asked: 2019-04-09T13:44:31.020

Viewed: 290 times

Active: 2019-04-09T13:44:31.020