[Bug]: rds.aws.upbound.io Cluster created failed

[philipphomberger]

Is there an existing issue for this?

• I have searched the existing issues

Affected Resource(s)

I get this error always than I try to create a RDS Cluster.
I have no problems to create GlobalCluster Ressourcen.

apiVersion: rds.aws.upbound.io/v1beta2
kind: Cluster

Message: async create failed: failed to create the resource: [{0 creating RDS Cluster (example3): operation error RDS: CreateDBCluster, https response error StatusCode: 403, RequestID: xxxxxxxxxxxxxxx, api error AccessDenied: User: arn:aws:iam::xxxxxxxxxxxxxx:user/crossplane-demo is not authorized to perform: rds:CreateDBCluster on resource: arn:aws:rds:us-west-1:xxxxxxxxx:cluster:example3 with an explicit deny in a service control policy []}]

The User have Admin Access.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}

To be save that I have no Access Issues.

Other Resources Like Buckets, VPC, GlobalCluster working well.

Thank you.

Resource MRs required to reproduce the bug

Create a Cluster:

apiVersion: rds.aws.upbound.io/v1beta1
kind: Cluster
metadata:
  annotations:
    meta.upbound.io/example-id: rds/v1beta1/cluster
  name: example-kms-cluster
spec:
  forProvider:
    autoGeneratePassword: true
    engine: aurora-postgresql
    masterPasswordSecretRef:
      key: password
      name: sample-cluster-password
      namespace: crossplane-system
    masterUsername: cpadmin
    region: eu-west-1
    skipFinalSnapshot: true
  writeConnectionSecretToRef:
    name: sample-rds-cluster-secret
    namespace: crossplane-system

apiVersion: rds.aws.upbound.io/v1beta2
kind: Cluster
metadata:
  annotations:
    meta.upbound.io/example-id: rds/v1beta2/cluster
  name: example3
spec:
  forProvider:
    autoGeneratePassword: true
    engine: aurora-postgresql
    masterPasswordSecretRef:
      key: password
      name: sample-cluster-password
      namespace: crossplane-system
    masterUsername: cpadmin
    region: eu-west-1
    skipFinalSnapshot: true
  writeConnectionSecretToRef:
    name: sample-rds-cluster-secret
    namespace: crossplane-system

Steps to Reproduce

Install actual Version of Crossplane and try to create RDS Cluster Ressource.

What happened?

Message: async create failed: failed to create the resource: [{0 creating RDS Cluster (example3): operation error RDS: CreateDBCluster, https response error StatusCode: 403, RequestID: xxxxxxxxxxxxxxx, api error AccessDenied: User: arn:aws:iam::xxxxxxxxxxxxxx:user/crossplane-demo is not authorized to perform: rds:CreateDBCluster on resource: arn:aws:rds:us-west-1:xxxxxxxxx:cluster:example3 with an explicit deny in a service control policy []}]

Relevant Error Output Snippet

Message:               async create failed: failed to create the resource: [{0 creating RDS Cluster (example3): operation error RDS: CreateDBCluster, https response error StatusCode: 403, RequestID: xxxxxxxxxxxxxxx, api error AccessDenied: User: arn:aws:iam::xxxxxxxxxxxxxx:user/crossplane-demo is not authorized to perform: rds:CreateDBCluster on resource: arn:aws:rds:us-west-1:xxxxxxxxx:cluster:example3 with an explicit deny in a service control policy  []}]

Crossplane Version

1.18.2

Provider Version

v1

Kubernetes Version

1.31.2

Kubernetes Distribution

Gardener Cluster in AWS

Additional Info

No response