Skip to main content
hamburger menu
+ Create a topic
Question

Unable to Diagram Imported AWS Accounts

  • February 2, 2026
  • 1 reply
  • 21 views
J
Forum|alt.badge.img+1

Hello,

 

I am attempting to create new diagrams for a customer whose accounts we manage. They are in their own Org, and I am adding the Lucid role to the accounts as instructed. I am able to get credentials to take and it seems to read all of the resources fine, but when I attempt to create a new document with the role it gives me one of two things:

  1. An error saying something went wrong and couldn’t complete (no further details)
  2. It creates a document but the document is empty

I have deleted the accounts and roles, recreated the roles and performed the import of the accounts, but no dice when creating a diagram.

 

Thanks for any support!

Comments

J
Forum|alt.badge.img+1
  • jbowlin
  • Author
  • February 3, 2026

Okay I resolved the issue myself, but think that the LucidScale policy needs to be updated. I kept on getting an implicitDeny error for managedblockchain:ListAccessors, so I updated the policy as follows:

 

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "apigateway:GET",
        "appsync:ListDataSources",
        "appsync:ListGraphqlApis",
        "autoscaling:DescribeAutoScalingGroups",
        "autoscaling:DescribeLaunchConfigurations",
        "cloudfront:ListDistributions",
        "cloudfront:ListTagsForResource",
        "cloudtrail:DescribeTrails",
        "cloudtrail:ListTags",
        "cloudtrail:ListTrails",
        "cognito-idp:DescribeUserPool",
        "cognito-idp:ListUserPools",
        "dynamodb:DescribeTable",
        "dynamodb:ListTables",
        "dynamodb:ListTagsOfResource",
        "ec2:DescribeCustomerGateways",
        "ec2:DescribeInstances",
        "ec2:DescribeInternetGateways",
        "ec2:DescribeNatGateways",
        "ec2:DescribeNetworkAcls",
        "ec2:DescribeNetworkInterfaces",
        "ec2:DescribeRouteTables",
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeSubnets",
        "ec2:DescribeTransitGateways",
        "ec2:DescribeTransitGatewayAttachments",
        "ec2:DescribeTransitGatewayRouteTables",
        "ec2:DescribeVolumes",
        "ec2:DescribeVpcs",
        "ec2:DescribeVpcEndpoints",
        "ec2:DescribeVpcEndpointConnections",
        "ec2:DescribeVpnConnections",
        "ec2:DescribeVpnGateways",
        "ec2:DescribeVpcPeeringConnections",
        "ec2:SearchTransitGatewayRoutes",
        "ecs:DescribeClusters",
        "ecs:DescribeServices",
        "ecs:DescribeTasks",
        "ecs:ListClusters",
        "ecs:ListServices",
        "ecs:ListTasks",
        "eks:DescribeCluster",
        "eks:ListClusters",
        "elasticfilesystem:DescribeFileSystems",
        "elasticfilesystem:DescribeMountTargets",
        "elasticache:DescribeCacheClusters",
        "elasticache:DescribeCacheSubnetGroups",
        "elasticloadbalancing:DescribeLoadBalancers",
        "elasticloadbalancing:DescribeTags",
        "elasticloadbalancing:DescribeTargetGroups",
        "elasticloadbalancing:DescribeTargetHealth",
        "elasticmapreduce:DescribeCluster",
        "elasticmapreduce:ListClusters",
        "es:DescribeElasticsearchDomains",
        "es:ListDomainNames",
        "es:ListTags",
        "events:DescribeEventBus",
        "events:ListEventBuses",
        "events:DescribeRule",
        "events:ListRules",
        "events:ListTagsForResource",
        "firehose:DescribeDeliveryStream",
        "firehose:ListDeliveryStreams",
        "firehose:ListTagsForDeliveryStream",
        "glacier:DescribeVault",
        "glacier:ListVaults",
        "iam:ListAccountAliases",
        "kafka:ListClustersV2",
        "kinesis:DescribeStream",
        "kinesis:ListShards",
        "kinesis:ListStreams",
        "kinesis:ListTagsForStream",
        "lambda:ListEventSourceMappings",
        "lambda:ListFunctions",
        "lambda:ListTags",
        "network-firewall:ListFirewalls",
        "network-firewall:DescribeFirewall",
        "redshift:DescribeClusters",
        "rds:DescribeDBClusters",
        "rds:DescribeDBInstances",
        "rds:DescribeDBProxies",
        "rds:ListTagsForResource",
        "route53:ListHostedZones",
        "route53:ListResourceRecordSets",
        "route53:ListTagsForResource",
        "s3:GetBucketLocation",
        "s3:GetBucketNotification",
        "s3:GetBucketPolicyStatus",
        "s3:GetBucketTagging",
        "s3:GetEncryptionConfiguration",
        "s3:ListAllMyBuckets",
        "sns:GetSubscriptionAttributes",
        "sns:GetTopicAttributes",
        "sns:ListSubscriptions",
        "sns:ListTopics",
        "sns:ListTagsForResource",
        "sqs:GetQueueAttributes",
        "sqs:ListQueues",
        "sqs:ListQueueTags",
        "states:DescribeActivity",
        "states:ListActivities",
        "states:DescribeStateMachine",
        "states:ListStateMachines",
        "states:ListTagsForResource",
        "sts:GetCallerIdentity",

        // ✅ Added to fix LucidScale failure
        "managedblockchain:ListAccessors"
      ],
      "Resource": "*"
    }
  ]
}

 

And that then worked.

Level up your skills & unlock exclusive perks!

Join Lucid Legends
Lucid Software Inc. Supplemental Community TermsAccessibility statement

Get Started

Products

Solutions

Resources

Company

Privacy Legal Cookie privacy choices Cookie policy
© 2025  Lucid Software Inc.