the admin added me as IAM user. I created self signed certificates (private key+certificate) and I tried to upload them through creating a new classic load balancer.
I've been trying since yesterday to fix this problem ..
At first, the admin assigned these permissions to me:
and then, he tried himself adding the certifs to the load balancer and again :
Failed to create load balancer: Server Certificate not found for the key:
arn:aws:iam::845477561111:server-certificate/mycertificate
And finally, he gave me the admin role in order to be able to add certifs on my own and again, i couldn't upload them because of access denial.
I can't understand in what part i did wrong. Aren't IAM users able to create certificates and add them to a load balancer no matter what permissions do they have?
I'll be grateful for any help
Best Answer
Uploading a self-signed certificate is an IAM function. If your IAM user is being denied permission to execute
iam:UploadServerCertificateoriam:*(all IAM functions), then you won't be able to upload your certificate.The
AWSCertificateManagerFullAccessIAM Policy will not help you with this. This policy (and all "CertificateManager" policies) are for ACM functions only.Since your administrator uploaded the certificate for you, you are probably still encountering IAM permission issues trying to create your load balancer. This is because you do not have permissions to "list" the available certificates, thus AWS gives you the new error:
To resolve your issue, your administrator needs to give you permission for the IAM functions. Applying this policy to your user will (hopefully) allow you to assign your certificate to the load balancer:
If your administrator thinks you should already have these permissions, double check that there isn't another policy that is explicitly denying you IAM permissions.
Also:
Absolutely not! You cannot do anything that you have not been granted permissions for.