How to View the Encoded Authorization Failure Message in AWS


You may come across a message that reads similar to the following:

<meta charset="utf-8">Encoded authorization failure message

A full message, will look something like:

API: ec2:CreateSecurityGroup You are not authorized to perform this operation. Encoded authorization failure message: B2UTpuAS30_naB5rE3Dw5v2ENy-V5w3H0wmt6rfE8hrpUz2dCIiA5XcBCtzo4cipk_JiGxAKCvlZQy0Rr2Xi3Fg2pKdkvojgn5LOZJzVroFPqMbyJguCJWxxxxxxxDNOZGGGlT2PIxTnqLQ561_piXzApfRL2kv-cYhxnuNwJWEeX8-N15mDcswhUyoV5pYtehdupp5umWZt8mcAiatlf7JIo0Q6tobs7Iw22tWTofMIZW-qkPtrTg7YrrY2--kTF3Q9qQBJw6gjr_QGznd9Fh0OMF_dCLC70bLRg5Jtxn5HyLxZWu9sC-y6x1tebYRokj32NVqr4h8pklocEKe6iqM88xV1cHJXcstP_gvoFf22yFmIll7DcE5Llsn-lD6bsB0QWWgy81m6_X0JW6s5ea4BD2nE1GM511BS20x-gGM65fm5z2SrjU09G-kmXngugnra135eY28qqjdvIl1Knb-KnEXzrtAj_DaAehx5HizwtIdi3_Yxxxxxxx_AmwgLBDZuqEL1BLZjClw7TtVjysGeO6WJyL2NMXN7Gtvzg2AL4q_z-ROH1xxxxxxxxxxx

How to view the Encoded Message from AWS

In your terminal/commandline, you need to paste the encoded message from above (your own one) into the following aws sts tool:

aws sts decode-authorization-message --encoded-message <past_encoded_string_here> --query DecodedMessage --output text | jq '.'

If it complains about jq; perhaps you don’t have it installed; then you can exclude the last section and rather use the following:

aws sts decode-authorization-message --encoded-message <past_encoded_string_here> --query DecodedMessage --output text

This will print out a JSON string to your terminal that will help you examine the specific things that may need adjustment/focus.