Unable to update or create MCS Machine Catalog in AWS with error “Connection credentials do not have sufficient permission to DeleteTags.”

Please update the IAM policy json to include ec2:DeleteTags permissions.

Example Policy:

{

“Version”: “2012-10-17”,

“Statement”: [

{

“Action”: [

“ec2:AttachVolume”,

“ec2:AuthorizeSecurityGroupEgress”,

“ec2:AuthorizeSecurityGroupIngress”,

“ec2:CreateImage”,

“ec2:CreateNetworkInterface”,

“ec2:CreateSecurityGroup”,

“ec2:CreateTags”,

“ec2:CreateVolume”,

“ec2:DeleteNetworkInterface”,

“ec2:DeleteSecurityGroup”,

“ec2:DeleteSnapshot”,

“ec2:DeleteVolume”,

“ec2:DeregisterImage”,

“ec2:DescribeAccountAttributes”,

“ec2:DescribeAvailabilityZones”,

“ec2:DescribeImages”,

“ec2:DescribeInstances”,

“ec2:DescribeNetworkInterfaces”,

“ec2:DescribeRegions”,

“ec2:DescribeSecurityGroups”,

“ec2:DescribeSubnets”,

“ec2:DescribeVolumes”,

“ec2:DescribeVpcs”,

“ec2:Describetags”,

“ec2:DetachVolume”,

“ec2:RebootInstances”,

“ec2:RevokeSecurityGroupEgress”,

“ec2:RevokeSecurityGroupIngress”,

“ec2:RunInstances”,

“ec2:StartInstances”,

“ec2:StopInstances”,

“ec2:TerminateInstances”

],

“Effect”: “Allow”,

“Resource”: “*”

},

{

“Action”: [

“s3:CreateBucket”,

“s3:DeleteBucket”,

“s3:DeleteObject”,

“s3:GetObject”,

“s3:PutObject”

],

“Effect”: “Allow”,

“Resource”: “arn:aws:s3:::citrix*”

},

{

“Action”: [

“ec2:CreateTags”,

“ec2:DeleteTags”,

“ec2:DescribeTags”,

“ec2:PutBucketTagging”,

“ec2:PutObjectTagging”

],

“Effect”: “Allow”,

“Resource”: “*”

},

{

“Effect”: “Allow”,

“Action”: “iam:PassRole”,

“Resource”: “arn:aws:iam::*:role/*”

}

]

}

Related:

Leave a Reply