Skip to main content

I have been trying for a few days to get the Sandbox up and happy. Various issues have blocked me. I tore down everything from my AWS account down and started with a new email/AWS account. A slow step by step thru the Aviatrix Cloud Sandbox Starter - Spin up Cloud Networks in Minutes doc has not yielded success. In the Controller License field is used the license key from the email: gmail.com-abu--blah. Given that this document is four years old am I using the correct doc? This last run thru resulted in this: 

Initializing provider plugins... - Finding latest version of hashicorp/tls... - Finding latest version of hashicorp/http... - Finding latest version of hashicorp/null... - Finding hashicorp/aws versions matching "~> 3.42.0"... - Installing hashicorp/aws v3.42.0... - Installed hashicorp/aws v3.42.0 (signed by HashiCorp) - Installing hashicorp/tls v4.0.5... - Installed hashicorp/tls v4.0.5 (signed by HashiCorp) - Installing hashicorp/http v3.4.4... - Installed hashicorp/http v3.4.4 (signed by HashiCorp) - Installing hashicorp/null v3.2.2... - Installed hashicorp/null v3.2.2 (signed by HashiCorp) Terraform has created a lock file .terraform.lock.hcl to record the provider selections it made above. Include this file in your version control repository so that Terraform can guarantee to make the same selections by default when you run "terraform init" in the future. Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. --> Controller launch failed, aborting.
An error occurred (AccessDenied) when calling the GetRole operation: User: arn:aws:iam::014498652592:user/aviatrixcert23 is not authorized to perform: iam:GetRole on resource: role aviatrix-role-ec2 because no identity-based policy allows the iam:GetRole action ╷ │
Error fetching Availability Zones: UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws:iam::014498652592:user/aviatrixcert23 is not authorized to perform: ec2:DescribeAvailabilityZones because no identity-based policy allows the ec2:DescribeAvailabilityZones action │ status code: 403, request id: 39988ad2-aa75-4a78-8800-68b02e15bba7 │ │ with module.aviatrix_controller_aws.module.aviatrix_controller_build.data.aws_availability_zones.all, │ on .terraform/modules/aviatrix_controller_aws/modules/aviatrix-controller-build/variables.tf line 115, in data "aws_availability_zones" "all": │ 115: data "aws_availability_zones" "all" {} │ ╵ --> Controller launch failed, aborting.

check on   onboarding account   if you added your access/secret keys 

check on if your user at aws account has minimum permission that can be used with sandbox

check if your security group of sandbox allow to reach to internet

 

Yes. Yes. Checking. I also found a statement in another string that the SST was deprecated last July in favor of the Self Service Launch Tool. Is this my issue? Or does the OG SST still work?

have   you  deploed aviatrix sandbox starter tool from aws  ami public commuinity

Aviatrix Cloud Sandbox Starter - Spin up Cloud Networks in Minutes | Community  

its may help you

@jontaylor23 I can confirm the SST is still the correct tool to use to launch an IaC course compatible controller. The self-service launch tool has been deprecated. I’ll echo @MohammedBanabila ‘s comments that it looks like the AWS user you have doesn’t have the IAM permissions needed. This article defines the minimum permissions that your user requires.

Reply


Terms & Conditions