Description
Describe the bug
I'm exploring geocoding feature in Amazon Location Service
I learn that we have this API aws geo-places geocode
So I'd like to play around. However, I constantly got AccessDeniedException errors
Regression Issue
- Select this option if this issue appears to be a regression.
Expected Behavior
To learn why my IAM user attached with managed policy "arn:aws:iam::aws:policy/AdministratorAccess" is access denied when it comes to aws geo-places geocode API
Current Behavior
Steps to reproduce:
- Retrieve API Key to be used for Location Service
MAP_KEY=$(aws location describe-key --key-name "Geocoding" --region ap-southeast-1 | jq -r '.Key')
- Execute
geocodeAPI:
aws geo-places geocode --query-text "Lorem Ipsum" --key $MAP_KEY
An error occurred (AccessDeniedException) when calling the Geocode operation: User is not authorized to access this resource with an explicit deny
Reproduction Steps
Steps to investigate issue:
1.
# Check managed policies
GROUP=Administrators
aws iam list-attached-group-policies --group-name $GROUP
Output:
{
"AttachedPolicies": [
{
"PolicyName": "AdministratorAccess",
"PolicyArn": "arn:aws:iam::aws:policy/AdministratorAccess"
}
]
}
- See if my IAM user belongs to the $GROUP:
aws iam list-groups-for-user --user-name $USER_NAME | jq -r '.Groups[].GroupName'
Administrators
Possible Solution
No response
Additional Information/Context
Context: My IAM settings:
I have a group "Administrators" and attach AWS managed policy AdministratorAccess to it. I also add user "hungadmin" to the group.
And I execute aws cli using hungadmin
I believe "arn:aws:iam::aws:policy/AdministratorAccess" has ultimate access to the Location Service but it turned out AccessDeniedException for me
CLI version used
aws-cli/2.24.3 Python/3.12.9 Darwin/22.6.0 source/arm64
Environment details (OS name and version, etc.)
macOS 13.7.3