AWS debugging toolkit
Click a tool to see a quick debugging hint below.
Select a tool above.
IAM troubleshooting flow
explicit deny? → yes → stop (SCP or boundary)
↓ no
policy simulator / CLI dry-run → missing action or resource ARN?
↓
session tags / condition keys mismatch? → adjust sts:TagSession or policy
↓
credential age / wrong role? → refresh STS chain
CodePipeline debugging checklist
- Stage error in CodeBuild? Open build logs + IAM pass role.
- Artifact KMS error? Key policy + grants + service role in same account/region.
- Cross-account deploy? Trust policy + role chaining path.
- Stale commit? Verify webhook and branch filter.
Security group misconfiguration
Before
Inbound: 0.0.0.0/0 TCP 22
Inbound: 0.0.0.0/0 TCP 3389
After
Inbound: 10.0.0.0/8 TCP 22 from bastion SG
Outbound: restrict to required endpoints
Prefer Systems Manager Session Manager to avoid open SSH from the internet.