Wcf – How to fix ‘Access Denied’ error with a .Net WCF service running on Amazon EC2

I am new to the AWC/EC2 environment and created a .Net WCF service on my EC2 instance of Windows Server and IIS.

Navigating to http://www.websiteservice.com/MyWebsiteFeederService.svc?wsdl brings up the WSDL.

Now, in www.mywebsite.com, that is also sitting on the same machine, I have consumed the web service. Unfortunately whenever I try to access the service through the site, I continue to receive the "Access is Denied" error message:

Exception Details:
System.ServiceModel.Security.SecurityAccessDeniedException: Access is
denied.

I don't believe this is related to the AWS-S3 error – Access is Denied error, as I am not using buckets.

In the site's Web.config, I turned on the trace listener and took a look at the Service Trace Viewer.

The information doesn't seem to be useful, as this is what I get:

[TraceRecord] Severity Warning
TraceIdentifier http://msdn.microsoft.com/en-US/library/System.ServiceModel.Diagnostics.ThrowingException.aspx
Description Throwing an exception.
AppDomain /LM/W3SVC/4/ROOT-2-129966419874659765

Here is the full XML of Warning level:

<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>131075</EventID>
<Type>3</Type>
<SubType Name="Warning">0</SubType>
<Level>4</Level>
<TimeCreated SystemTime="2012-11-06T02:19:47.8029428Z" />
<Source Name="System.ServiceModel" />
<Correlation ActivityID="{b6efab70-63ad-4bdd-85c6-5c49a907c210}" />
<Execution ProcessName="w3wp" ProcessID="3472" ThreadID="1" />
<Channel />
<Computer>AMAZONA-xxxxxFFR</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning">
<TraceIdentifier>http://msdn.microsoft.com/en-US/library/System.ServiceModel.Diagnostics.ThrowingException.aspx</TraceIdentifier>
<Description>Throwing an exception.</Description>
<AppDomain>/LM/W3SVC/4/ROOT-2-129966419874659765</AppDomain>
<Exception>
<ExceptionType>System.ServiceModel.Security.SecurityAccessDeniedException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>
<Message>Access is denied.</Message>
<StackTrace>
at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc&amp; rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&amp; msgData, Int32 type)
at MyWebsiteFeederService.IFeederService.GetWebsiteConfiguration(String websiteGuid, String websitePW)
at MyWebsiteFeederService.FeederServiceClient.GetWebsiteConfiguration(String websiteGuid, String websitePW)
at Inquiro.Models4.ModelsBaseClass.GetWebsiteConfiguration(String websiteGuid, String websitePW)
at Inquiro.Websites.MvcApplication.LoadWebsiteConfiguration()
at Inquiro.Websites.MvcApplication.Application_Start()
at System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct&amp; sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
at System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters)
at System.Web.HttpApplication.InvokeMethodWithAssert(MethodInfo method, Int32 paramCount, Object eventSource, EventArgs eventArgs)
at System.Web.HttpApplication.ProcessSpecialRequest(HttpContext context, MethodInfo method, Int32 paramCount, Object eventSource, EventArgs eventArgs, HttpSessionState session)
at System.Web.HttpApplicationFactory.EnsureAppStartCalledForIntegratedMode(HttpContext context, HttpApplication app)
at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers)
at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context)
at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)
</StackTrace>
<ExceptionString>System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.</ExceptionString>
</Exception>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>

I have the exact same service running on another, non-Amazon server and it is working fine. I don't recall setting up any special permissions, or "run as [user]" – have no additional users setup in IIS Manager Permissions.

I have also confirmed from the command prompt on that server, using sqlcmd, that I can connect to the RDS database server.

I'm basically going in circles at this point and would appreciate some assistance.

Thanks.