EC2 AccessDenied / Auth Failure Diagnostic Troubleshooter (Part 1)
Use the interactive troubleshooter below to identify your EC2 AccessDenied or auth failure symptom, review the raw evidence, understand the root cause, and apply the recommended fix.
🚨 Step 1: What specific error symptom are you experiencing?
Please click the most accurate description:
Quick Reference Table
| # | Scenario | Key Error Signal | Root Cause | The Fix |
|---|---|---|---|---|
| 1 | permission denied — Writing to /var/www/html after group assignment | If you get a "Permission denied" error when trying to run this command... | The active user session has not yet picked up the newly assigned apache group permissions for the /var/www/html directory. | Log out and log back in again to pick up the proper group permissions. |
| 2 | permission denied — dscl passwd on M1 Mac aws-managed-user | Permission denied. Please enter user's old password: | Changing the password using dscl triggers a prompt for the previous password, which is initially blank for aws-managed-user. | Press Enter. If you receive the error passwd: DS error: eDSAuthFailed, run sudo passwd aws-managed-user instead. |
| 3 | 401 / unauthorized — IMDSv2 query without valid session token | 401 - Unauthorized | An IMDSv2 GET request was made without a valid session token or with an expired token while token usage was set to required. | Create a new session token using a PUT request to http://169.254.169.254/latest/api/token. |
| 4 | 403 — Forbidden when querying Instance Metadata Service | 403 - Forbidden / 403 Forbidden | The request is not allowed because the IMDS is turned off, or a request was incorrectly routed to a specific metadata path (e.g., /2021-03-23/api/token). | N/A |