I am trying to set a JWT secret in AWS's "parameter store" but appear to be unauthorized to do so. I am using a lab account so there would be no way for me to get authorization, but I have been assured that extra authorization isn't needed.
When I enter this command:
matthewbailin@matthewbailin FSND-Deploy-Flask-App-to-Kubernetes-Using-EKS % aws ssm put-parameter --name JWT_SECRET --overwrite --value "YourJWTSecret" --type SecureString
I receive the following error:
An error occurred (AccessDeniedException) when calling the PutParameter operation: User: arn:aws:sts::582046681201:assumed-role/voclabs/user1870121=8576a980-51b8-11ec-b4ca-5f837f5e11ac is not authorized to perform: ssm:PutParameter on resource: arn:aws:ssm:us-east-2:582046681201:parameter/JWT_SECRET with an explicit deny in an identity-based policy
I believe I have set the permissions on the AWS role with this command:
aws iam put-role-policy --role-name UdacityFlaskDeployCBKubectlRole --policy-name eks-describe --policy-document file://./iam-role-policy
and also sent the permissions to Kubernetes with this command:
kubectl get -n kube-system configmap/aws-auth -o yaml > ./aws-auth-patch.yml
Please let me know what additional information you may need. Again, I appear to be unauthorized to perform the "PutParameter" command but have no idea why.
