I’m trying to setup a new AWS batch compute environment under my personal workspace in Seqera Platform, but am running into a permissions error:
User: arn:aws:iam::199740310158:user/jhamilton is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::199740310158:role/TowerForge-5kRfuwsPErlueAi88A8ePT-ServiceRole because no identity-based policy allows the iam:CreateRole action (Service: AmazonIdentityManagement; Status Code: 403; Error Code: AccessDenied; Request ID: 62d5c1b1-fd67-4017-9e93-3ea25440fdc5; Proxy: null)
In addition to the permissions error, the indicated resource arn:aws:iam::199740310158:role/TowerForge-5kRfuwsPErlueAi88A8ePT-ServiceRole
doesn’t exist in our AWS account.
I added my AWS credentials. Other users at my organization are able to create compute environments, and we have the same IAM permissions. The Seqera Launch and Forge permissions are attached directly to our user accounts.
Any ideas?