* Your AWS organization is using [SCPs policy](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html) that disallow policy simulation. In that case, you could do a simple test to confirm the issue by using [the AWS PolicySim on AWS console](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html). If policy simulation is disallowed, you can configure managed.hopsworks.ai to skip the policy simulation step by removing the `iam:SimulatePrincipalPolicy` permission from [your cross account role](../getting_started/#step-1-connecting-your-aws-account), by navigating to the [AWS Roles console](https://us-east-1.console.aws.amazon.com/iamv2/home#/roles), search for your cross account role name and click on it, on the permissions tab click edit on hopsworks inline policy, choose JSON tab, remove `iam:SimulatePrincipalPolicy`, click *Review Policy*, and then click *Save Changes*, and finally navigate back to managed.hopsworks.ai and click *Retry* to retry the cluster creation.
0 commit comments