Bug 37099 - EC2 Connection: make error message more understandable
EC2 Connection: make error message more understandable
Product: UCS
Classification: Unclassified
Component: UMC - Virtual machines (UVMM)
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-1-errata
Assigned To: Andreas Peichert
Erik Damrose
Depends on:
  Show dependency treegraph
Reported: 2014-11-28 10:56 CET by Timo Denissen
Modified: 2015-03-11 15:07 CET (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): External feedback, Usability
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Timo Denissen univentionstaff 2014-11-28 10:56:05 CET
When trying to establish an EC2 connection when the connecting user doesn't have the correct AWS rights/policies, the following error message occurs:

Fehler: UnauthorizedOperation: You are not authorized to perfom this operation.

The error message should clarify that this is not a UCS problem but that a misconfiguration in AWS is the cause.
Comment 1 Erik Damrose univentionstaff 2015-02-27 10:00:53 CET
The API error codes are documented at
Comment 2 Andreas Peichert univentionstaff 2015-03-02 13:50:52 CET
Make error message more understandable if the cloud endpoint returns an error because of a blocked account, wrong server time or missing IAM policies to interact with EC2.

Also fixed EC2Cloud and OpenStackCloud using now CloudConnectionError instead of TranslatableException.

Package: univention-virtual-machine-manager-daemon
Version: 4.0.23-7.589.201503021336
Branch: ucs_4.0-0
Scope: errata4.0-1

r58560: fix
r58564: yaml
Comment 3 Erik Damrose univentionstaff 2015-03-09 14:20:28 CET
The error messages are much more understandable right now.

As discussed, i reopen the bug to improve the following:
- Make clear who provides the error message: UCS or EC2 API
- Recheck if we can omit parts of the ec2 error messages such as "check the online documentation", as is it not clear where to look.

I tested creating an EC2 connection with an invalid access key ID, and with a valid access key id but an invalid secret.
Comment 4 Andreas Peichert univentionstaff 2015-03-10 12:11:07 CET
Currently, the following messages indicates an EC2 region specific error at AWS:

1) The provided AWS access credentials could not be validated. Please ensure that you are using the correct access keys. Consult the AWS service documentation for details.

2) The provided AWS access credentials are not authorized to perform this operation. Check your IAM policies, and ensure that you are using the correct access keys. Also, the IAM user must have appropriate access rights to interact with EC2, e.g. AmazonEC2FullAccess.

3) Your AWS account is currently blocked. If you have questions, please contact AWS Support.

4) Please check your system time to interact with AWS.

Tested with:
(message 1) invalid access key id and invalid secret
(message 1) valid access key id and invalid secret
(message 2) valid access key id and valid secret, but no access rights
(message 4) wrong system time
(success) valid access key id and valid secret, and AmazonEC2FullAccess

r58800: update EC2 error messages
r58809: yaml
Comment 5 Erik Damrose univentionstaff 2015-03-10 16:48:02 CET
Tests: OK
- error messages are more clearly defined and understandable
- yaml
Comment 6 Moritz Muehlenhoff univentionstaff 2015-03-11 15:07:18 CET