What Should I Do If Error 403 Displayed During Application Deployment That Requires CCE Resources, Indicating Insufficient Permission?

Symptoms

1. When the CCE API is called during application deployment or pipeline deployment, error 403 and the message Policy doesn't allow cce:cluster:get tb performed are displayed.
2. The error message The IAM user is not authorized to access the API is displayed when the pipeline runs a Kubernetes application.

Cause Analysis

You do not have permissions to view and execute CCE deployment.

Solution

Use an account with the required CCE permissions and delegate your AK ID/SK to the account used for application deployment. The following uses the Kubernetes application as an example.

1. Edit the application, select Authorized User, and create an authorized IAM user.
2. In the displayed Create Service Endpoint: IAM dialog box, enter the AK ID/SK of the account authorized to deploy CCE. For details about how to create a service endpoint, see "Creating an IAM Account Service Endpoint".
3. Use the new service endpoint and save the task.
4. Choose Settings > General > Service Permissions of the current project, and switch to the Permissions tab page.
5. Select the role to which the account for deploying the application belongs, expand DevMarket, click Edit and enable the read permission.