Red Hat OpenShift Container Platform Machine Failed with error launching instance: You are not authorized to perform this operation

Solution In Progress - Updated -

Issue

  • The Machine creation is stuck in Failed phase with Error Message: error launching instance: You are not authorized to perform this operation (without an encoded error message when running the cluster using service endpoints)
$ oc describe machines -n openshift-machine-api ${MACHINE_NAME} |grep 'Error Message:'
  Error Message:           error launching instance: You are not authorized to perform this operation.
  • The Machine creation is stuck in Failed phase with Error Message: error launching instance: You are not authorized to perform this operation (with an encoded error message)
$ ENCODED_ERROR_MESSAGE=$(oc describe machines -n openshift-machine-api ${MACHINE_NAME} |grep 'Error Message:' | awk -F'failure message: ' '{print$2}')
$ oc describe machines -n openshift-machine-api ${MACHINE_NAME} |grep 'Error Message:'
  Error Message:           error launching instance: You are not authorized to perform this operation. Encoded authorization failure message: ${ENCODED_ERROR_MESSAGE}
  • The decoded error message shows that the permissions used by Machine API are not allowed to run the action ec2:RunInstances

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4.x
  • Amazon Web Services (AWS)
    • IAM service
  • Authentication Mode: manual with STS

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content