Error 403 Displayed During Application Deployment That Requires CCE Resources, Indicating Insufficient Permission
Symptoms
- When the CCE API is called during application deployment or pipeline deployment, error 403 and the message Policy doesn't allow cce:cluster:get tb performed are displayed.
- The error message The IAM user is not authorized to access the API is displayed when the pipeline runs a Kubernetes application.
Cause Analysis
You do not have permissions to view and execute CCE deployment.
Solution
Use an account with the required CCE permissions and delegate your AK/SK to the account used for application deployment. The following uses the Kubernetes application as an example.
- Edit the application, select Authorized User, and create an authorized IAM user.
- In the displayed Create Service Endpoint: IAM dialog box, enter the AK/SK of the account authorized to deploy CCE. (For details about how to create a service endpoint, see "Creating an IAM User Service Endpoint".)
- Use the new service endpoint and save the task.
- Choose Permissions tab page. of the current project, find the created service endpoint, and switch to the
- Enable the View permission for the role to which the account that conducts application deployment belongs.
Creating an Application FAQs
- Draft Applications Cannot Be Deployed
- Error Messages Displayed During Application Deployment
- How Do I Find the Cause of an Application Deployment Error in Logs?
- Error 403 Displayed During Application Deployment That Requires CCE Resources, Indicating Insufficient Permission
- How Do I Roll Back a Deployed Version?
- Why Do I Fail to Obtain an Endpoint?
- Application Deployment Timed Out
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
more