I was using the Windows Web Application Migration Assistant for AWS Elastic Beanstalk last night and on a new machine I kept getting an error that my user didn’t have the policy IAMReadOnlyAccess attached.

[AWS Migration] [FATAL] ERROR: Please make sure that your AWS credentials are correct, and the AWS managed policy IAMReadOnlyAccess is attached to the current user

After an hour of thinking I had a security issue, I dug into the tools code and explored the following few lines:

On line 2076 I noticed that it called the PowerShell Cmdlet Get-STSCallerIdentity. When I opened up PowerShell on the instance where I was having issues I got the following error:

I noticed when I called Get-STSCallerIdentity that it would error saying No region specified or obtained from persisted/shell defaults.

So I thought maybe I should se the default region, so I ran the command:

Set-DefaultAWSRegion -Region eu-north-1

I then tried the Get-STSCallerIdentity command again. It worked.

Now when I run the tool again. It works!

When I get a chance I will create a pull request to fix this bug.

I hope this has saved you some time and frustration. Let me know in the comments if it did.

Happy Migrating.