I have an EC2 Image Builder lifecycle policy that should keep on the most recent images, but I see that it constantly fails with an error when triggered:
Unable to describe attributes of ami-01efe7b0d3f5e27c1 by ec2:DescribeImageAttribute. Error: You are not authorized to perform this operation. User: arn:aws:sts::XXXX:assumed-role/AWSServiceRoleForImageBuilder/ImageBuilder is not authorized to perform: ec2:DescribeImageAttribute on resource: arn:aws:ec2:eu-central-1::image/ami-01efe7b0d3f5e27c1 because no identity-based policy allows the ec2:DescribeImageAttribute action.
Please advice, have no clue what might be wrong, I do have the managed AWSServiceRoleForImageBuilder role and it has all necessary permissions and is used in the lifecycle policy.