CJE operations fail with authorization error

Article ID:115000633311
1 minute readKnowledge base


  • When running CloudBees Jenkins Enterprise (CJE) on AWS installations, worker creation or removal fails with an error that includes you are not authorized to perform this operation. For example:

    or image::common-kb::denied1.png[denied1]



Something in the AWS policy is restricting the operation. A quick, though not exhaustive, check is to download the AWS CLI tool so that you can verify AWS permissions completely outside of CJE. Try these simple operations to validate access:

aws ec2 describe-instances


aws s3 ls
Do not modify or remove any objects here. This is just to validate access.

Additionally if you are using AWS profiles (and have multiple ones defined) you can add the flag for --profile so that you can explicitly test with it. For example

aws ec2 describe-instances --profile my-developer-profile

If these commands return access errors, please refer back to the policy for the minimum set of AWS operations needed for CJE operations.

Finally, when troubleshooting, remember that even if an AWS policy is created appropriately for CJE, you may still face restrictions due to other security group policies that take precedence over it. You may need the help of your organization’s security or AWS engineer to investigate fully.