Troubleshooting AWS Well-Architected Tool Identity and Access - AWS Well-Architected Tool

Troubleshooting AWS Well-Architected Tool Identity and Access

Use the following information to help you diagnose and fix common issues that you might encounter when working with AWS WA Tool and IAM.

I'm Not Authorized to Perform an Action in AWS WA Tool

If the AWS Management Console tells you that you're not authorized to perform an action, then you must contact your administrator for assistance. Your administrator is the person that provided you with your user name and password.

The following example error occurs when the mateojackson user tries to use the console to perform the DeleteWorkload action, but does not have permissions.

User: arn:aws:iam::123456789012:user/mateojackson is not authorized to perform: wellarchitected:DeleteWorkload on resource: 11112222333344445555666677778888

For this example, ask your administrator to update your policies to allow you to access the 11112222333344445555666677778888 resource using the wellarchitected:DeleteWorkload action.

I'm an Administrator and Want to Allow Others to Access AWS WA Tool

To allow others to access AWS WA Tool, you must create an IAM entity (user or role) for the person or application that needs access. They will use the credentials for that entity to access AWS. You must then attach a policy to the entity that grants them the correct permissions in AWS WA Tool.

To get started right away, see Creating Your First IAM Delegated User and Group in the IAM User Guide.