Error Codes
If an API fails to be called, an error code, instead of the service data, is returned. The returned error code can be used to identify the failure cause. In the HTTP protocol, a 4xx or 5xx response will be returned when an error occurs. The response contains the specific error code and information. If you are unable to identify the cause of an error, contact customer service and provide the error code so that we can help you solve the problem as soon as possible.
Error Response Body Format
{
"error_msg": "attached policies per agency limit exceeded",
"error_code": "PAP5.0003",
"request_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
In the response body, error_code is an error code, error_msg provides information about the error, and request_id indicates the request ID.
In particular, if an error occurs due to lack of permissions, the error response body is as follows:
{
"error_msg": "access denied: xxx...xxx",
"error_code": "PAP5.0001",
"request_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"encoded_authorization_message": "xxx...xxx"
}
In the response body, encoded_authorization_message is an additional field provided in this scenario, and indicates the encrypted authentication failure information. It can be decrypted using the STS5 decryption API.
Error Code Description
|
Status Code |
Error Code |
Error Message |
Description |
Measure |
|---|---|---|---|---|
|
400 |
PAP5.0010 |
invalid marker |
Invalid marker. |
Check the value of the marker field. |
|
400 |
PAP5.0011 |
malformed policy document |
Incorrect identity policy or trust policy. |
Check the value of the policy document field. |
|
400 |
PAP5.0029 |
invalid agency name |
Invalid trust agency name. |
Check the value of the agency name field. |
|
400 |
PAP5.0030 |
invalid path |
Invalid path. |
Check the value of the path field. |
|
400 |
PAP5.0033 |
duplicate key |
Duplicate key value. |
Check the request or contact technical support. |
|
400 |
PAP5.0036 |
tag non-compliant |
The tag value conflicts with preset tag policies. |
Check the request or contact technical support. |
|
400 |
PAP5.0038 |
This operation is only supported by v5 agencies |
This operation is only supported by trust agencies. |
Check the request or contact technical support. |
|
400 |
PAP5.0040 |
invalid caller |
Invalid caller. |
Check whether the caller is the IAM user. |
|
400 |
PAP5.0041 |
invalid serial number |
Invalid serial number. |
Check the value of the serial number field. |
|
400 |
PAP5.0046 |
missing header `x-user-profile` |
The x-user-profile is missing in the request header. |
Check the request or contact technical support. |
|
403 |
PAP5.0001 |
access denied: %s |
Access denied. |
Check whether this operation is allowed. |
|
404 |
PAP5.0012 |
no such agency |
Agency or trust agency not found. |
Check the request or contact technical support. |
|
404 |
PAP5.0014 |
no such authorization schema |
Authorization summary not found. |
Check the request or contact technical support. |
|
404 |
PAP5.0015 |
no such deletion task |
Deletion task not found. |
Check the request or contact technical support. |
|
404 |
PAP5.0016 |
no such group |
User group not found. |
Check the request or contact technical support. |
|
404 |
PAP5.0018 |
no such policy |
Identity policy not found. |
Check the request or contact technical support. |
|
404 |
PAP5.0019 |
no such policy attachment |
Identity policy attachment record not found. |
Check the request or contact technical support. |
|
404 |
PAP5.0020 |
no such policy version |
Identity policy version not found. |
Check the request or contact technical support. |
|
404 |
PAP5.0021 |
no such user |
IAM user not found. |
Check the request or contact technical support. |
|
404 |
PAP5.0022 |
no such service linked agency |
Service-linked agency not found. |
Check the request or contact technical support. |
|
404 |
PAP5.0023 |
no such service principal |
Service principal not found. |
Check the request or contact technical support. |
|
404 |
PAP5.0034 |
no such domain |
Tenant not found. |
Check the request or contact technical support. |
|
404 |
PAP5.0037 |
Resource tag not found |
Resource tag not found. |
Check the request or contact technical support. |
|
409 |
PAP5.0003 |
attached policies per agency limit exceeded |
Maximum identity policy attachments reached for a single agency or trust agency. |
Detach unnecessary identity policies from the agency or trust agency. |
|
409 |
PAP5.0004 |
attached policies per group limit exceeded |
Maximum identity policy attachments reached for a user group. |
Detach unnecessary identity policies from the user group. |
|
409 |
PAP5.0005 |
attached policies per user limit exceeded |
Maximum identity policy attachments reached for an IAM user. |
Detach unnecessary identity policies from the IAM user. |
|
409 |
PAP5.0006 |
concurrent modification |
Concurrent modifications. |
Try again later. |
|
409 |
PAP5.0007 |
delete conflict: %s |
Conflict exists and deletion failed. |
Resolve the conflict. |
|
409 |
PAP5.0024 |
policies limit exceeded |
Maximum custom identity policies reached. |
Delete unnecessary custom identity policies. |
|
409 |
PAP5.0025 |
policy already exists |
Identity policy already exists. |
Check the request or contact technical support. |
|
409 |
PAP5.0026 |
policy attachment already exists |
Identity policy already attached. |
Check the request or contact technical support. |
|
409 |
PAP5.0027 |
policy size limit exceeded |
Maximum number of bytes %d of an identity policy or trust policy reached (excluding blank characters). |
Simplify the identity policy or trust policy. |
|
409 |
PAP5.0028 |
versions per policy limit exceeded |
Maximum versions reached for an identity policy. |
Delete unnecessary identity policy versions. |
|
409 |
PAP5.0031 |
agency already exists |
The agency or trust agency already exists. |
Check the request or contact technical support. |
|
409 |
PAP5.0035 |
tags limit exceeded |
Maximum tags reached. |
Check the request or contact technical support. |
|
409 |
PAP5.0039 |
mfa device already exists |
The virtual MFA device already exists. |
Check the request or contact technical support. |
|
409 |
PAP5.0042 |
user already exists |
The IAM user already exists. |
Check the request or contact technical support. |
|
409 |
PAP5.0043 |
group already exists |
The user group already exists. |
Check the request or contact technical support. |
|
409 |
PAP5.0044 |
user already in group |
The IAM user already exists in the user group. |
Check the request. |
|
409 |
PAP5.0045 |
login profile already exists |
The login information already exists. |
Check the request or contact technical support. |
|
403 |
STS5.1001 |
you are not authorized to perform this operation |
The request is rejected due to insufficient permissions. |
Check whether you have required permissions. |
|
400 |
STS5.1102 |
the duration seconds exceed the max session duration |
The session duration in the request exceeds the maximum session duration. |
Set the request session duration less than 3600 seconds. |
|
400 |
STS5.1301 |
the encoded message is malformed or invalid |
The encoding format is incorrect or invalid. |
Specify the correct encoding format information. |
|
404 |
AccessAnalyzer.1001 |
Analyzer with id %s cannot be found. |
Analyzer with ID "%s" not found. |
Check whether the analyzer ID is correct. |
|
400 |
AccessAnalyzer.1002 |
The marker is invalid. |
Invalid pagination marker. |
Check whether the pagination marker is correct. |
|
400 |
AccessAnalyzer.1003 |
The number of tags attached to a resource has exceeded the maximum limit. |
The maximum number of tags attached to resources has been reached. |
Check the number of tags according to the returned error message. |
|
404 |
AccessAnalyzer.1004 |
Finding with id %s cannot be found. |
Analysis findings with ID "%s" not found. |
Contact technical support for specific causes. |
|
409 |
AccessAnalyzer.1005 |
The target of the operation is currently being modified by a different request, try again later. |
The object is being modified by another request. Try again later. |
Try again later. |
|
404 |
AccessAnalyzer.1006 |
Archive rule with id %s cannot be found. |
Archive rule with ID "%s" not found. |
Contact technical support for specific causes. |
|
400 |
AccessAnalyzer.1007 |
The finding filter with key %s is invalid. |
Invalid search criterion "%s" for the findings. |
Enter valid search criteria. |
|
400 |
AccessAnalyzer.1008 |
The request of the update findings operation is invalid. |
Invalid request for updating the findings. |
Contact technical support for specific causes. |
|
403 |
AccessAnalyzer.1009 |
The request is forbidden: %s. |
Access denied "%s". |
Contact technical support for specific causes. |
|
400 |
AccessAnalyzer.1010 |
The resource urn %s is invalid. |
Invalid resource URN "%s". |
Enter a correct resource URN. |
|
400 |
AccessAnalyzer.1011 |
The resource owner account %s is invalid. |
Invalid resource owner account "%s". |
Enter a correct account. |
|
400 |
AccessAnalyzer.1012 |
The number of analyzers for account has exceeded the maximum limit. |
The maximum number of account-level analyzers has been reached. |
Check the number of analyzers according to the returned error message. |
|
400 |
AccessAnalyzer.1013 |
Missing %s parameter in the request. |
Parameter "%s" is missing in the request. |
Check the request parameter according to the returned error message. |
|
400 |
AccessAnalyzer.1014 |
The number of archive rules of an analyzer has exceeded the maximum limit. |
The maximum number of archive rules for the analyzer has been reached. |
Check the number of archive rules according to the returned error message. |
|
400 |
AccessAnalyzer.1015 |
Invalid resource type in the request. |
Invalid resource type of the policy in the request parameters. |
Enter a correct resource type for the policy. |
|
400 |
AccessAnalyzer.1016 |
Existing an archive rule with same name. |
An archive rule with the same name already exists. |
Check the archive rule according to the returned error message. |
|
400 |
AccessAnalyzer.1017 |
Existing an analyzer tag with same key. |
The key of the tag attached to the resource already exists. |
Check the tag key according to the returned error message. |
|
404 |
AccessAnalyzer.1018 |
Preview with id s% cannot be found. |
Preview with ID "%s" not found. |
Check the preview ID according to the returned error message. |
|
409 |
AccessAnalyzer.1019 |
Preview with id %s does not have a completed status. |
Preview with ID "%s" is not completed. |
Check the preview ID according to the returned error message. |
|
400 |
AccessAnalyzer.1020 |
Only support one resource configuration. |
Only one resource configuration item is supported. |
Check the resource configuration item according to the returned error message. |
|
400 |
AccessAnalyzer.1021 |
The resource type %s is not supported yet. |
Resource type "%s" is not supported. |
Check the resource type according to the returned error message. |
|
400 |
AccessAnalyzer.1022 |
The number of analyzers for organization has exceeded the maximum limit. |
The maximum number of organization-level analyzers has been reached. |
Check the number of organization-level analyzers according to the returned error message. |
|
400 |
AccessAnalyzer.1023 |
Only management account or delegated administrator can create organization analyzer. |
Only the organization administrator and delegated administrator can create organization-level analyzers. |
Check the required permissions according to the returned error message. |
|
409 |
AccessAnalyzer.1024 |
Analyzer is %s. |
The analyzer status is %s. |
Check the analyzer status according to the returned error message. |
|
400 |
AccessAnalyzer.1025 |
The analyzer type %s is invalid. |
Analyzer "%s" does not support this operation. |
Check the access analysis preview function according to the returned error message. |
|
400 |
AccessAnalyzer.1026 |
Missing %s parameter in the request. |
Parameter "%s" is missing in the request. |
Check the request parameter according to the returned error message. |
|
400 |
AccessAnalyzer.1027 |
The account has been suspended %s. |
The account "%s" has been frozen. |
Check the account status according to the returned error message. |
|
400 |
AccessAnalyzer.1028 |
The account has been restricted %s. |
The account "%s" has been restricted. |
Check the account status according to the returned error message. |
|
400 |
AccessAnalyzer.1031 |
Please check no new access error: %s. |
Check whether there is new access error "%s". |
Check the policy according to the returned error message. |
|
400 |
AccessAnalyzer.1032 |
Please don't check no new access error on the deny statement. |
A policy with only deny statements cannot be used to check for new access. |
Check the policy according to the returned error message. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
