Hello Ice users,
I am trying to bring up Ice on my local VM and i am now stuck at this error for long time
2015-05-26 09:52:29,095 [com.netflix.ice.processor.BillingFileProcessor] INFO processor.BillingFileProcessor - trying to list objects in billing bucket
billing.xyz.com using assume role, and external id ice
2015-05-26 09:52:29,158 [localhost-startStop-1] INFO basic.BasicManagers - trying to find new tag group and data managers...
| Error com.amazonaws.services.s3.model.AmazonS3Exception: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: 03DD5B281C6BDB08), S3 Extended Request ID: 783bADv0XUhU8/oqZFoJv2VhGOdKGOdKntVBmBnE4J0bdEFpOUerUwoMUK824QmFFoHEznquIQs=
| Error at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1077)
| Error 2015-05-26 09:52:29,442 [com.netflix.ice.processor.BillingFileProcessor] ERROR processor.BillingFileProcessor - Error polling
Message: User: arn:aws:iam::<account1-num>:user/ice is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::<account1-num>role/ice (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: ebd33489-038c-11e5-b7de-59633403bd65)
I have a user with name Ice created in our consolidated billing account and a cross account role with name "ice" created in the same billing account. I have a prod account where i have purchased reserved instances and i have created a cross account role adding billing account role/ice to trusted list.
I am using below command to start the ice instance on my local vm
./grailsw -Dice.s3AccessKeyId=<keyid> -Dice.s3SecretKey=<secret> -Dice.role=ice run-app
Any help is much appreciated. Thank you !