AWS - You are not authorized to perform this operation on accessing describeInstanceStatus from ec2 client object

Question

I have created an ec2 client using the method mentioned in the AWS docs. I am using the aws.phar file for the SDK. The ec2 client is created properly because when I var_dump the client, it returns the Ec2Client object. But when I attempt to access the describeInstanceStatus from the ec2 client it throws a You are not authorized to perform this operation. exception. This is my code.

use Aws\Ec2\Ec2Client;
require 'aws.phar';

$ec2Client = Ec2Client::factory(array(
'key'    => '<aws access key>',
'secret' => '<aws secret key>',
'region' => 'us-east-1'
));

try{
$ec2Client->describeInstanceStatus(array(
    'DryRun' => false,
    'InstanceIds' => array('InstanceId'),
    'Filters' => array(
        array(
            'Name' => 'availability-zone',
            'Values' => array('us-east-1'),
        ),
    ),
    'MaxResults' => 10,
    'IncludeAllInstances' => false,
));}
catch(Exception $e){
echo $e->getMessage();
}

Please tell me where am I getting this wrong. I've tried googling it, looked in the AWS forums but to no result. Thank you.

Answer 1

The error is coming from the Access that you have been granted/denied via AWS IAM.

The user, whose access/secret keys you are using in the code, does not have privilege to describe instances. This privilege is configured in the IAM policy which is applied to this user.

There is nothing wrong with your code. You need to look into the IAM policy about what all privileges are granted/denied to this user.