ConfigService / Client / exceptions / InsufficientPermissionsException

InsufficientPermissionsException#

class ConfigService.Client.exceptions.InsufficientPermissionsException#

Indicates one of the following errors:

  • For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions to perform the config:Put* action.

  • For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the function’s permissions.

  • For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have permissions to call IAM GetRole action or create a service-linked role.

  • For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because you do not have the following permissions:

    • You do not have permission to call IAM GetRole action or create a service-linked role.

    • You do not have permission to read Amazon S3 bucket or call SSM:GetDocument.

Example

try:
  ...
except client.exceptions.InsufficientPermissionsException as e:
  print(e.response)
response#

The parsed error response. All exceptions have a top level Error key that provides normalized access to common exception atrributes. All other keys are specific to this service or exception class.

Syntax

{}

Structure

  • (dict) –

    Indicates one of the following errors:

    • For PutConfigRule, the rule cannot be created because the IAM role assigned to Config lacks permissions to perform the config:Put* action.

    • For PutConfigRule, the Lambda function cannot be invoked. Check the function ARN, and check the function’s permissions.

    • For PutOrganizationConfigRule, organization Config rule cannot be created because you do not have permissions to call IAM GetRole action or create a service-linked role.

    • For PutConformancePack and PutOrganizationConformancePack, a conformance pack cannot be created because you do not have the following permissions:

      • You do not have permission to call IAM GetRole action or create a service-linked role.

      • You do not have permission to read Amazon S3 bucket or call SSM:GetDocument.

    • Error (dict) – Normalized access to common exception attributes.

      • Code (string) – An identifier specifying the exception type.

      • Message (string) – A descriptive message explaining why the exception occured.