Guide Area

AWS – “This action does not have an applicable resource”

Even AWS – being one of the most professional cloud platforms globally – can sometimes produce an error that tells you nothing. Have you ever been in a situation where you need your IAM permissions to be as strict as possible? If yes, you sure know that it can be very painful sometimes to get the permissions right. IAM can be very helpful. It will tell you what’s wrong with your permissions. But there is one case where it fails.

AWS - This action does not have an applicable resource

This error does not tell you much, especially when you do not have extensive experience with IAM (and AWS in general). The problem is that the resource, which you want to grant access to, does not exist. For instance, let’s say that you want to grant access to elasticloadbalancing resource targetgroup:

{
    "Effect": "Allow",
    "Action": [
        "elasticloadbalancing:*"
    ],
    "Resource": [
        "arn:aws:elasticloadbalancing:::targetgroup/my_targetgroup"
    ]
}

You will not succeed, because targetgroup resources have a unique name after the resource type.

arn:aws:elasticloadbalancing:::targetgroup/my_targetgroup/random_id

So if you’re seeing the This action does not have an applicable resource error, you should search AWS documentation for correct resource names and then replace them in your code. For instance, to allow all actions on all targetgroups, we can use the example from above, together with a correct resource string:

{
    "Effect": "Allow",
    "Action": [
        "elasticloadbalancing:*"
    ],
    "Resource": [
        "arn:aws:elasticloadbalancing:::targetgroup/*/*"
    ]
}

Head to AWS console and check if the error disappeared. You can apply this fix to all resources, not only elasticloadbalancing. All you have to do is to find the correct syntax for that specific resource, and you’re good to go.

Vladimir Marton

DevOps Engineer focused on cloud infrastructure, automation, CI/CD and programming in Javascript, Python, PHP and SQL. Guidearea is my oldest project where I write articles about programming, marketing, SEO and others.

Add comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.