Error 403 Displayed During Application Deployment That Requires CCE Resources, Indicating Insufficient Permission
Symptoms
- When the CCE API is called during application deployment or pipeline deployment, error 403 and the message Policy doesn't allow cce:cluster:get tb performed are displayed.
- The error message The IAM user is not authorized to access the API is displayed when the pipeline runs a Kubernetes application.
Cause Analysis
You do not have permissions to view and execute CCE deployment.
Solution
Use an account with the required CCE permissions and delegate your AK ID/SK to the account used for application deployment. The following uses the Kubernetes application as an example.
- Edit the application, select Authorized User, and create an authorized IAM user.
- In the displayed Create Service Endpoint: IAM dialog box, enter the AK ID/SK of the account authorized to deploy CCE. For details about how to create a service endpoint, see "Creating an IAM Account Service Endpoint".
- Use the new service endpoint and save the task.
- Choose Permissions tab page. of the current project, find the created service endpoint, and switch to the
- Enable the View permission for the role to which the account that conducts application deployment belongs.
Creating an Application FAQs
- Draft Applications Cannot Be Deployed
- Error Messages Displayed During Application Deployment
- How Do I Find the Cause of an Application Deployment Error in Logs?
- Error 403 Displayed During Application Deployment That Requires CCE Resources, Indicating Insufficient Permission
- How Do I Roll Back a Deployed Version?
- Why Do I Fail to Obtain an Endpoint?
- Application Deployment Timed Out
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore