Article number
000003286
Affected Versions
7.5
8.0
8.5
Source Hypervisor
AWS
Target Hypervisor
AWS

Error: “There Was an Error Getting The AWS IAM Role Permissions” when Installing or Upgrading AWS ZCA

Viewed 592 times

Summary

An administrator when attempting install or upgrade of an AWS ZCA at 7.5 or higher may come across a validation failure.

Root Cause

The IAM Role attached to the ZCA is missing a policy or the Role has a policy but the following 3 permissions are missing:

iam:GetPolicyVersion
iam:ListAttachedRolePolicies
iam:ListPolicyVersions

These 3 permissions are required for the ZCA to validate all of the other minimum required permissions so if any one is not included in the IAM Role, the error is presented.

Symptoms

When attempting to upgrade or install a ZCA in AWS running 7.5 or higher, the following error is presented:

User-added image

Solution

To resolve the issue, follow the steps below:

  1. Add the following permissions to the ZCA's IAM Role and try again:

    1. iam:GetPolicyVersion

    2. iam:ListAttachedRolePolicies

    3. iam:ListPolicyVersions

  2. Ensure the Policy is a Managed Policy, not Inline Policy.

  3. Re-try the install/upgrade.