Univention Bugzilla – Bug 37099
EC2 Connection: make error message more understandable
Last modified: 2015-03-11 15:07:18 CET
When trying to establish an EC2 connection when the connecting user doesn't have the correct AWS rights/policies, the following error message occurs: Fehler: UnauthorizedOperation: You are not authorized to perfom this operation. The error message should clarify that this is not a UCS problem but that a misconfiguration in AWS is the cause.
The API error codes are documented at http://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html
Make error message more understandable if the cloud endpoint returns an error because of a blocked account, wrong server time or missing IAM policies to interact with EC2. Also fixed EC2Cloud and OpenStackCloud using now CloudConnectionError instead of TranslatableException. Package: univention-virtual-machine-manager-daemon Version: 4.0.23-7.589.201503021336 Branch: ucs_4.0-0 Scope: errata4.0-1 r58560: fix r58564: yaml
The error messages are much more understandable right now. As discussed, i reopen the bug to improve the following: - Make clear who provides the error message: UCS or EC2 API - Recheck if we can omit parts of the ec2 error messages such as "check the online documentation", as is it not clear where to look. I tested creating an EC2 connection with an invalid access key ID, and with a valid access key id but an invalid secret.
Currently, the following messages indicates an EC2 region specific error at AWS: 1) The provided AWS access credentials could not be validated. Please ensure that you are using the correct access keys. Consult the AWS service documentation for details. 2) The provided AWS access credentials are not authorized to perform this operation. Check your IAM policies, and ensure that you are using the correct access keys. Also, the IAM user must have appropriate access rights to interact with EC2, e.g. AmazonEC2FullAccess. 3) Your AWS account is currently blocked. If you have questions, please contact AWS Support. 4) Please check your system time to interact with AWS. Tested with: (message 1) invalid access key id and invalid secret (message 1) valid access key id and invalid secret (message 2) valid access key id and valid secret, but no access rights (message 4) wrong system time (success) valid access key id and valid secret, and AmazonEC2FullAccess r58800: update EC2 error messages r58809: yaml
Tests: OK - error messages are more clearly defined and understandable - yaml Verified
http://errata.univention.de/ucs/4.0/105.html