Hey there, let's break down why you're hitting this "You don't have permissions to perform this action" error when trying to create IAM resources in AWS Educate, and what you can do to resolve it:

Why This Happens #

AWS Educate is a restricted, learning-focused environment—unlike a standard AWS account, it locks down many powerful actions (including most IAM operations) by default. This is intentional: it prevents accidental misconfiguration that could impact shared resources or violate AWS's educational platform policies. Your assigned role (usually a "Student" or limited-access role) doesn't include the required iam:CreateUser, iam:CreateRole, or other IAM-related permissions out of the box.

Steps to Resolve #

• First, confirm your assigned permissions: If you can access the IAM console (even read-only), navigate to your user/role and check the attached policies. You'll likely see that IAM write actions are explicitly denied or not included. You can also run this CLI command (if you have CLI access) to check your effective permissions:

  aws iam simulate-principal-policy --policy-source-arn arn:aws:iam::YOUR_ACCOUNT_ID:user/YOUR_USERNAME --action-names iam:CreateRole
  

  (Replace YOUR_ACCOUNT_ID and YOUR_USERNAME with your AWS Educate account details.)

• Reach out to your AWS Educate administrator: This is the most direct fix. Your administrator is typically your course instructor, school's AWS Educate coordinator, or whoever set up your AWS Educate account. Explain exactly what IAM resources you need to create and why (e.g., for a specific lab or project)—they can adjust your role's permissions or assign a custom policy that grants the necessary access without opening up too many privileges.

• Use pre-configured AWS Educate resources: If you're working on a structured lab, check if AWS Educate has already provisioned the IAM resources you need in your sandbox environment. Many educational labs skip manual IAM creation to avoid permission issues.

• Consider an AWS Free Tier account (if allowed): If your learning goals require full IAM access, you can sign up for a separate AWS Free Tier account. It offers limited free access to most AWS services, including IAM, and gives you full control over resource creation without the restrictions of AWS Educate.

Important Note #

Don't attempt to bypass AWS Educate's permission restrictions (e.g., looking for policy loopholes)—this violates the AWS Educate Terms of Service and could result in your account being suspended. Stick to the legitimate paths above.

内容的提问来源于stack exchange，提问作者Sachin Shakya