AWS Certified Developer - Associate
Get started today
Ultimate access to all questions.
As a manager overseeing a newly-hired team of developers tasked with managing your company's AWS infrastructure, you encounter a problem where all developers report the same issue when using the AWS CLI to execute commands. They receive the following exception message: "You are not authorized to perform this operation. Encoded authorization failure message: 6h34GtpmGjJJUm946eDVBfzWQJk6z5GePbbGDs9Z2T8xZj9EZtEduSnTbmrR7pMqpJrVYJCew2m8YBZQf4HRWEtrpncANrZMsnzk."
Given this context, which of the following actions will assist your developers in decoding the message?
As a manager overseeing a newly-hired team of developers tasked with managing your company's AWS infrastructure, you encounter a problem where all developers report the same issue when using the AWS CLI to execute commands. They receive the following exception message: "You are not authorized to perform this operation. Encoded authorization failure message: 6h34GtpmGjJJUm946eDVBfzWQJk6z5GePbbGDs9Z2T8xZj9EZtEduSnTbmrR7pMqpJrVYJCew2m8YBZQf4HRWEtrpncANrZMsnzk."
Given this context, which of the following actions will assist your developers in decoding the message?
Explanation:
AWS STS decode-authorization-message
Use decode-authorization-message to decode additional information about the authorization status of a request from an encoded message returned in response to an AWS request. If a user is not authorized to perform an action that was requested, the request returns a Client.UnauthorizedOperation response (an HTTP 403 response). The message is encoded because the details of the authorization status can constitute privileged information that the user who requested the operation should not see. To decode an authorization status message, a user must be granted permissions via an IAM policy to request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage) action.
Incorrect options:
AWS IAM decode-authorization-message - The IAM service does not have this command, as it's a made-up option.
Use KMS decode-authorization-message - The KMS service does not have this command, as it's a made-up option.
AWS Cognito Decoder - The Cognito service does not have this command, as it's a made-up option.