Instance recovery may fail with the error "You are not authorized to perform this operation"

Instance recovery may fail with the error "You are not authorized to perform this operation" :

ERROR: recover_ebs_based_instance(.\cpmserver\cpm\recovery.py:749) Run_instance failed. Exception: EC2ResponseError: 403 Forbidden

<?xml version="1.0" encoding="UTF-8"?>

<Response><Errors><Error><Code>UnauthorizedOperation</Code><Message>You are not authorized to perform this operation. Encoded authorization failure message: r27JjPiMt721ZOQTYL-7xJPDo5MPYrIbr2Y7w5Cjd0lNuZe8Yg4u_fWruQRjMZj6w1EgSOx20iOp9_Jgxkb3cBLJw-6iuSRMJD0nhpe9sxBN4LwPoNDiwquXAmUQZb-55S5fvRaBG-gpe1OR6jDmOSjFahfytvQbP_jGIcDjcF91lmxLL5NN8gR73s2VJPjGWEJpwtaCBvjPugX7KKETn3TeNiihzWWXotsybPWNLfllF5aiYIAO8Fiu2DljShhFTJ-q9NWXWyuWLQ_2V0MILdwj0qnR-px6Q11Pd1mn2py2uJC_tgOq-7r51x6NA3nUJoIgj1TM2lmncdGqE-NAszMXpHj7_tgY1kvHM-0j9fXewNG5Z_GBLiGTWzvFBq3XfCHz</Message></Error></Errors><RequestID>8205645a-59c0-483d-886b-1612456e2a95</RequestID></Response>

It appears that you are missing some permissions, most likely "ec2:RunInstances" and/or "ec2:StartInstances".

For the full list of required permissions, please see this article: https://support.n2ws.com/portal/kb/articles/what-are-the-required-minimal-aws-permissions-roles-for-cpm-operation

If the instance you are trying to restore has an instance profile (IAM role) applied to it, the failure may be caused by lack of "iam:PassRole" permission in your user's policies - but only if it's not a cross-account restore.

If this is a cross-account restore, you need either to remove the instance profile in the "Advanced Settings", or replace it with an iAM role that belongs to the target account.

If the permissions don't help, you need to decode the "Encoded authorization failure message" above using this documentation from AWS: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/decode-authorization-message.html

Related Articles
Error on Instance recovery - Instance recovery failed: Failed checking snapshot availability
Issue: Error - Instance recovery failed: Failed checking snapshot availability When running a recovery, first CPM downloads the data from the bucket, then it creates a temporary snapshot and then creates the instance. This error occurs when a timeout ...
Recovery of an encrypted volume may fail: "Not authorized to use key"
Issue: Performing a cross account recovery of an encrypted volume, or of an instance containing an encrypted volume may not work if the target account cannot access the encryption key from the source account. Error may appear in the CPM Server log as ...
DR of an encrypted snapshot may fail with the “Not Authorized to use key” error
Problem: DR copy may fail with errors like “Not authorized to perform” or “not authorized to use key” Example in CPM backup log: 10-24-18 10:11:04 - Error - Volume DR copy snapshot failed for region US East (N. Virginia), snapshot ...
Instance recovery may fail with the "Address xxx.xx.xx.xx is in use" error
Issue: When attempting instance recovery, it may fail with the following error in the recovery log: Error - First step (launching instance) failed. Reason: Address xxx.xx.xx.xx is in use. Solution: This usually happens because you are trying to ...
Recovery fails with "Enhanced networking with the Elastic Network Adapter (ENA) is required for the 'xxxx.XXXXX' instance type. Ensure that you are using an AMI that is enabled for ENA."
When attempting a windows instance recovery with ENA enabled, it may fail with the following error: "Enhanced networking with the Elastic Network Adapter (ENA) is required for the 'xxxx.XXXXX' instance type. Ensure that you are using an AMI that is ...

Instance recovery may fail with the error "You are not authorized to perform this operation"

Instance recovery may fail with the error "You are not authorized to perform this operation"

Related Articles

Error on Instance recovery - Instance recovery failed: Failed checking snapshot availability

Recovery of an encrypted volume may fail: "Not authorized to use key"

DR of an encrypted snapshot may fail with the “Not Authorized to use key” error

Instance recovery may fail with the "Address xxx.xx.xx.xx is in use" error

Recovery fails with "Enhanced networking with the Elastic Network Adapter (ENA) is required for the 'xxxx.XXXXX' instance type. Ensure that you are using an AMI that is enabled for ENA."