EC2 AccessDenied / 403 / Auth Failure Diagnostic Troubleshooter
Use the interactive troubleshooter below to identify your EC2 AccessDenied or 403 auth failure symptom, review the raw evidence, understand the root cause, and apply the recommended fix.
🚨 Step 1: What specific error symptom are you experiencing?
Please click the most accurate description:
Quick Reference Table
| # | Scenario | Key Error Signal | Root Cause | The Fix |
|---|---|---|---|---|
| 1 | 403 — ERROR 403: Forbidden (S3 object download via wget) | ERROR 403: Forbidden | The requested S3 object is not public, and the standard wget command does not provide the required AWS authentication headers to access restricted items. | Use the Amazon S3 console, AWS CLI (aws s3 cp), AWS API, or AWS SDKs with the appropriate IAM permissions to authenticate and download the object instead of wget. |
| 2 | AccessDenied — AccessDeniedException (CloudFormation key pair deletion) | AccessDeniedException | The IAM role or user assumed by AWS CloudFormation lacks the ssm:DeleteParameter permission required to clean up the private key material stored in Systems Manager Parameter Store. | Attach an IAM policy to the AWS CloudFormation execution role or user granting the ssm:DeleteParameter permission. |