Credential creation errors on AWS
The following section lists common issues related to creating a credential on AWS and steps to resolve them.
User: arn:aws:iam:::user/assume-only-user is not authorized to perform: sts:AssumeRole
Error: The following error occurs when creating a role-based AWS credential:
User: arn:aws:iam:::user/assume-only-user is not authorized to perform: sts:AssumeRole
Solution: The error occurs when Cloudera is not authorized to use the role that you are trying to register as part of cloud credential creation. The most common reason for this error is that when creating the cross-account IAM role you did not provide the AWS account ID. Refer to the documentation for creating a role-based credential on AWS for correct steps to create a cross-account IAM role.
Internal error when creating an AWS credential from CDP CLI
An error occurred: An internal error has occurred. Retry your request, but if the problem persists, contact us with details by posting a message on the Cloudera Community forums. (Status Code: 500; Error Code: UNKNOWN; Service: environments; Operation: createAWSCredential; Request ID: dbf1fb6f-3161-46e1-80e9-a894461ceec3;)
Solution: A common reason for this error is that the external ID that you used for your cross-account IAM role is associated with another user. The external ID is tied to the Cloudera user who obtained it; Therefore, only the user who obtained the external ID is able to complete the credential creation flow in Cloudera with a given external ID. If a Cloudera user tries using an IAM role with an external ID obtained by another Cloudera user, Cloudera will return this error message. To resolve the issue, log in to CDP CLI, obtain a new external ID, create a new cross-account IAM role, and then try creating the credential again.